Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Help with System Check Virus

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Thu Mar 15, 2012 4:07 am    Post subject: Help with System Check Virus Reply with quote

Hello everyone, The other day I noticed my wife's laptop's firewall was off so I quickly turned it back on (She uses McAfee, which I hate) a day later while on the web Mozilla crashes on me and out comes System Check and just starts running no stop. I went on the bleeping computer site and followed the directions for removal of this in Safe Mode. It has allowed me to get Exploer back running out of Safe Mode but I noticed the Start Menu is not back to normal and that System Check is still on my program list. I've used you guys once before about 7 yrs ago on an old computer and you guys were great. So now I am returning and I really could use your help again.

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Denise at 7:46:21 on 2012-03-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3765.2527 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509173853.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Denise\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{6474D4A0-17AE-4E2E-B7D0-2F27F136FC90} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{92856AD8-2C03-40C1-B575-F4E3326F7ABB} : DhcpNameServer = 192.168.1.1 68.237.161.12
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO-X64: vshare.tv Bar - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509173853.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\eacdqf6a.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe [2010-2-3 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-15 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-9 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-9 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-9 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-9 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-3 656624]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-20 136176]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-9 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-9 355440]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-3 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-20 136176]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-2-3 79360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-15 04:26:55 -------- d-----w- C:\Users\Denise\AppData\Roaming\Malwarebytes
2012-03-15 04:26:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-15 04:26:38 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-15 04:26:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-15 02:14:20 337920 ----a-w- C:\ProgramData\KzxSzMiOirj6U9.exe
2012-03-14 03:01:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 03:01:03 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 03:01:03 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-08 21:12:17 -------- d-----w- C:\Users\Denise\AppData\Local\{EDF0E4AE-B5FE-4006-9513-3BB034FD1D20}
2012-02-15 15:06:09 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 15:06:08 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 15:06:07 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 15:06:07 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 15:06:04 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 15:05:57 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 15:05:57 634368 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-02-01 15:56:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 7:47:18.62 ===============

Attach Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2010 4:53:01 PM
System Uptime: 3/15/2012 7:28:59 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 029DYC
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | U2E1 | 2400/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 368.442 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP163: 1/26/2012 3:00:26 AM - Windows Update
RP164: 2/12/2012 12:00:30 PM - Scheduled Checkpoint
RP165: 2/15/2012 10:45:17 AM - Windows Update
RP166: 2/16/2012 3:00:24 AM - Windows Update
RP167: 2/17/2012 1:04:23 PM - Windows Update
RP168: 2/21/2012 3:00:27 AM - Windows Update
RP169: 2/29/2012 7:45:17 AM - Windows Update
RP170: 3/8/2012 5:21:42 PM - Scheduled Checkpoint
RP171: 3/13/2012 10:57:06 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Banctec Service Agreement
Big Fish Games: Game Manager
Bing Bar
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DirectXInstallService
EMC 10 Content
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Slingo Deluxe
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi MB
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
vshare.tv Bar Toolbar
vShare.tv plugin 1.3
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/15/2012 7:31:57 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 2 time(s).
3/15/2012 7:31:57 AM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).
3/15/2012 7:31:57 AM, Error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s).
3/15/2012 7:31:57 AM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s).
3/15/2012 7:31:57 AM, Error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s).
3/15/2012 7:31:57 AM, Error: Service Control Manager [7034] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 3 time(s).
3/15/2012 7:31:57 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:31:46 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error: An instance of the service is already running.
3/15/2012 7:31:46 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Personal Firewall Service service, but this action failed with the following error: An instance of the service is already running.
3/15/2012 7:31:46 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Network Agent service, but this action failed with the following error: An instance of the service is already running.
3/15/2012 7:30:46 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:30:46 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:30:46 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:30:46 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:30:46 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:29:42 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2012 7:29:42 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:29:42 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:29:42 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:29:42 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:29:42 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2012 7:29:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
3/15/2012 7:27:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 2:28:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
3/15/2012 2:24:58 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 2:24:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
3/15/2012 2:24:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/15/2012 2:24:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/15/2012 2:24:49 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
3/15/2012 2:24:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/15/2012 2:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/15/2012 2:24:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter spldr Wanarpv6
3/15/2012 2:24:29 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 12:01:10 AM, Error: Service Control Manager [7038] - The mfevtp service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/15/2012 12:01:10 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 12:01:10 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not start due to a logon failure.
3/15/2012 12:01:10 AM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not start due to a logon failure.
3/15/2012 12:01:10 AM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The pipe has been ended.
3/15/2012 12:01:09 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 12:01:09 AM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 12:01:09 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/15/2012 12:00:16 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
3/14/2012 9:34:16 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The pipe has been ended.
3/14/2012 9:34:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
3/14/2012 7:29:42 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/14/2012 2:42:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee VirusScan Announcer service, but this action failed with the following error: An instance of the service is already running.
3/14/2012 10:18:32 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
3/14/2012 10:18:19 PM, Error: Service Control Manager [7022] - The McShield service hung on starting.
3/11/2012 2:26:00 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 3 time(s).
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Sat Mar 17, 2012 8:54 am    Post subject: Reply with quote

Hi and welcome back to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Quote:
Java(TM) 6 Update 22
vshare.tv Bar Toolbar

Next.

Malwarebytes Anti-Malware
  • Launch the application, Check for Updates >> Perform Full Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply
  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Sun Mar 18, 2012 2:27 pm    Post subject: Reply with quote

Thank u for any and all help u can give me in advance. Sorry for the delay, the uninstall of the Java file was giving me a hard time until i realized i had to closeout IE for the uninstall to work.

Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Denise :: DENISE-PC [administrator]

Protection: Disabled

3/18/2012 4:52:41 PM
mbam-log-2012-03-18 (16-52-41).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 448698
Time elapsed: 1 hour(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL:

OTL logfile created on: 3/18/2012 5:59:53 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Denise\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 52.58% Memory free
7.35 Gb Paging File | 5.64 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 370.02 Gb Free Space | 82.03% Space Free | Partition Type: NTFS

Computer Name: DENISE-PC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/03/18 17:57:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
PRC - [2012/01/31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/19 18:10:45 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2009/09/18 02:10:26 | 000,335,600 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/09/11 14:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 04:03:24 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/15 12:15:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 12:14:19 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll
MOD - [2012/02/15 12:14:01 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/02/15 12:13:47 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 12:13:39 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/02/15 12:13:36 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/02/15 12:13:23 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/02/15 12:13:16 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/15 12:13:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/15 12:13:09 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/13 12:37:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/17 15:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2009/09/17 15:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2009/09/17 15:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2009/09/17 15:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2009/09/17 15:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2009/09/17 15:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2009/09/17 15:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2009/09/17 15:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2009/09/17 15:05:00 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
MOD - [2009/09/17 15:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/09/11 14:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 14:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 14:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 14:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 14:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 12:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/06/18 23:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/15 15:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/17 23:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/13 12:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012/01/31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/03 11:22:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/03 11:21:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/03 11:19:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/02/03 11:05:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/17 15:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/09/15 15:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\STacSV64.exe -- (STacSV)
SRV - [2009/07/05 17:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/26 13:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_a66e062aeb2ba1cd\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/04 18:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 18:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/11/03 13:21:18 | 000,074,016 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/10/12 07:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/25 19:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/17 14:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/09/15 15:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/21 08:10:00 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/01 00:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 00:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 00:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 03:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 12:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{22598412-64EF-4CE6-98ED-AA94F77208A0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKLM\..\SearchScopes\{ED5FD853-5874-4EB3-8C36-A81321B5256B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\SearchScopes,DefaultScope = {81686A76-7C1D-48A7-939C-C66D5E933C7C}
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\SearchScopes\{81686A76-7C1D-48A7-939C-C66D5E933C7C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS396
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\SearchScopes\{E957D42C-A123-4D9B-9F70-E45B33CA8708}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 20:31:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/21 17:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Extensions
[2012/02/01 02:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/18 20:31:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\Toolbar\WebBrowser: (no name) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6474D4A0-17AE-4E2E-B7D0-2F27F136FC90}: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92856AD8-2C03-40C1-B575-F4E3326F7ABB}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 17:57:24 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/03/18 16:43:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/15 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{AEFC2E40-A750-443C-9F29-898C93AC4392}
[2012/03/15 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{5083B560-79BC-47CE-AF6F-D8F84940D692}
[2012/03/15 07:46:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Denise\Desktop\dds.scr
[2012/03/15 02:26:54 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Denise\Desktop\unhide.exe
[2012/03/15 00:26:55 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Malwarebytes
[2012/03/15 00:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 00:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/15 00:26:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/15 00:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/15 00:25:31 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Denise\Desktop\mbam-setup.exe
[2012/03/15 00:18:07 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Denise\Desktop\suck.com.exe
[2012/03/14 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/03/13 23:01:04 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/13 23:01:03 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 23:01:03 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 17:03:57 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 17:03:56 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/13 17:03:56 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/13 17:03:56 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/13 17:03:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/13 17:03:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 17:03:44 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 17:03:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 17:03:30 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 17:03:30 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/08 17:12:17 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{EDF0E4AE-B5FE-4006-9513-3BB034FD1D20}
[2012/02/21 04:08:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/21 04:08:17 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/21 04:08:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/21 04:08:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/21 04:08:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/21 04:08:17 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/21 04:08:17 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/21 04:08:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/21 04:08:17 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/21 04:08:17 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/21 04:08:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/21 04:08:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/21 04:08:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/21 04:08:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/21 04:08:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/21 04:08:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/21 04:08:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/21 04:08:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/21 04:08:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/21 04:08:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/21 04:08:17 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/21 04:08:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/21 04:08:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/21 04:08:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/21 04:08:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/21 04:08:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/21 04:08:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/21 04:08:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/21 04:08:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/21 04:08:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/21 04:08:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/21 04:08:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/21 04:08:17 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/21 04:08:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/21 04:08:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/21 04:08:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/21 04:08:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/21 04:08:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/21 04:08:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/21 04:08:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/21 04:08:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/21 04:08:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/21 04:08:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/21 04:08:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/21 04:08:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/21 04:08:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/21 04:08:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/21 04:08:17 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/21 04:08:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/21 04:08:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/21 04:08:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/21 04:08:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/21 04:08:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/21 04:08:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/21 04:08:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/21 04:08:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/21 04:08:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/21 04:08:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/21 04:08:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/21 04:08:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/21 04:08:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/21 04:08:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/21 04:08:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/21 04:08:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/21 04:08:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/21 04:08:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/21 04:08:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/21 04:08:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/21 04:08:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/21 04:08:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/21 04:08:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/21 04:08:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

========== Files - Modified Within 30 Days ==========

[2012/03/18 17:57:24 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/03/18 17:56:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/18 16:04:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/18 16:03:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/18 12:26:01 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 12:26:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 12:23:32 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/18 12:23:32 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/18 12:23:32 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/18 12:16:29 | 2960,556,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 07:46:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Denise\Desktop\dds.scr
[2012/03/15 07:27:54 | 000,000,448 | ---- | M] () -- C:\ProgramData\KzxSzMiOirj6U9
[2012/03/15 02:26:54 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Denise\Desktop\unhide.exe
[2012/03/15 00:26:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 00:25:31 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Denise\Desktop\mbam-setup.exe
[2012/03/15 00:18:12 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Denise\Desktop\suck.com.exe
[2012/03/15 00:13:03 | 001,008,141 | ---- | M] () -- C:\Users\Denise\Desktop\iExplore.exe
[2012/03/14 22:14:28 | 000,000,679 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/14 22:14:28 | 000,000,655 | ---- | M] () -- C:\Users\Denise\Desktop\System Check.lnk
[2012/03/14 22:14:20 | 000,337,920 | ---- | M] () -- C:\ProgramData\KzxSzMiOirj6U9.exe
[2012/03/14 22:13:48 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/03/14 07:28:52 | 000,353,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/03 00:06:49 | 435,023,377 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/21 21:59:52 | 000,001,443 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/21 04:08:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/21 04:08:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/21 04:08:17 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/21 04:08:17 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/21 04:08:17 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/21 04:08:17 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/21 04:08:17 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/21 04:08:17 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/21 04:08:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/21 04:08:17 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/21 04:08:17 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/21 04:08:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/21 04:08:17 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/21 04:08:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/21 04:08:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/21 04:08:17 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/21 04:08:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/21 04:08:17 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/21 04:08:17 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/21 04:08:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/21 04:08:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/21 04:08:17 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/21 04:08:17 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/21 04:08:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/21 04:08:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/21 04:08:17 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/21 04:08:17 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/21 04:08:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/21 04:08:17 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/21 04:08:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/21 04:08:17 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/21 04:08:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/21 04:08:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/21 04:08:17 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/21 04:08:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/21 04:08:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/21 04:08:17 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/21 04:08:17 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/21 04:08:17 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/21 04:08:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/21 04:08:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/21 04:08:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/21 04:08:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/21 04:08:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/21 04:08:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/21 04:08:17 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/21 04:08:17 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/21 04:08:17 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/21 04:08:17 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/21 04:08:17 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/21 04:08:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/21 04:08:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/21 04:08:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/21 04:08:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/21 04:08:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/21 04:08:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/21 04:08:17 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/21 04:08:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/21 04:08:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/21 04:08:16 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/21 04:08:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/21 04:08:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/21 04:08:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/21 04:08:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/21 04:08:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/21 04:08:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/21 04:08:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/21 04:08:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/21 04:08:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/21 04:08:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/21 04:08:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/21 04:08:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/21 04:08:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/21 04:08:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

========== Files Created - No Company Name ==========

[2012/03/15 02:37:50 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/03/15 02:37:50 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/15 02:37:50 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2012/03/15 02:37:50 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/03/15 02:37:50 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/03/15 02:37:50 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/15 02:37:50 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/03/15 02:37:50 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/03/15 02:37:50 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/03/15 02:37:50 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/03/15 02:37:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/15 02:37:50 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/03/15 02:37:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/15 02:37:50 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/03/15 02:37:50 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/03/15 02:37:50 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/03/15 02:37:50 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/03/15 02:37:50 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/15 02:37:50 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/03/15 02:37:49 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/15 02:37:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/15 02:37:49 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/03/15 02:37:49 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/03/15 00:26:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 00:12:56 | 001,008,141 | ---- | C] () -- C:\Users\Denise\Desktop\iExplore.exe
[2012/03/14 22:14:28 | 000,000,679 | ---- | C] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/14 22:14:28 | 000,000,655 | ---- | C] () -- C:\Users\Denise\Desktop\System Check.lnk
[2012/03/14 22:14:24 | 000,000,448 | ---- | C] () -- C:\ProgramData\KzxSzMiOirj6U9
[2012/03/14 22:14:20 | 000,337,920 | ---- | C] () -- C:\ProgramData\KzxSzMiOirj6U9.exe
[2012/02/21 04:08:17 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/21 04:08:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/05 19:03:08 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{55916B0A-16BD-45CA-8592-2718AC7724E2}
[2011/09/29 08:01:11 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{8571F484-6190-4C1A-B033-C32823BCA56C}
[2011/09/29 07:58:01 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{0BDAEF4B-F986-4ECF-B20A-498DC7263054}
[2011/08/16 07:51:34 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{4D16AC2E-4D7A-4A85-90A7-54350B5CA007}
[2011/08/16 07:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{3FBCD4F7-422F-43CC-BA9A-31DA139EA473}
[2010/08/25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/25 13:11:51 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:ED221572

< End of report >

Extra:

OTL Extras logfile created on: 3/18/2012 5:59:53 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Denise\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 52.58% Memory free
7.35 Gb Paging File | 5.64 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 370.02 Gb Free Space | 82.03% Space Free | Partition Type: NTFS

Computer Name: DENISE-PC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:f7e
Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Sun Mar 18, 2012 2:31 pm    Post subject: Reply with quote

looks like the extra file got cut off here it is:

OTL Extras logfile created on: 3/18/2012 5:59:53 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Denise\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 52.58% Memory free
7.35 Gb Paging File | 5.64 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 370.02 Gb Free Space | 82.03% Space Free | Partition Type: NTFS

Computer Name: DENISE-PC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BFGC" = Big Fish Games: Game Manager
"BFG-Slingo Deluxe" = Slingo Deluxe
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2012 12:06:47 PM | Computer Name = Denise-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 12:07:19 PM | Computer Name = Denise-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1270 Start
Time: 01cd0517eabd8386 Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 60c9cb72-7114-11e1-b690-0026b9a650fc

Error - 3/18/2012 12:10:21 PM | Computer Name = Denise-PC | Source = McLogEvent | ID = 5004
Description =

Error - 3/18/2012 12:10:21 PM | Computer Name = Denise-PC | Source = McLogEvent | ID = 5022
Description =

Error - 3/18/2012 12:10:21 PM | Computer Name = Denise-PC | Source = McLogEvent | ID = 5004
Description =

Error - 3/18/2012 12:10:21 PM | Computer Name = Denise-PC | Source = McLogEvent | ID = 5022
Description =

Error - 3/18/2012 12:14:17 PM | Computer Name = Denise-PC | Source = EventSystem | ID = 4622
Description =

Error - 3/18/2012 1:10:13 PM | Computer Name = Denise-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 4:06:54 PM | Computer Name = Denise-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 3/18/2012 5:04:11 PM | Computer Name = Denise-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 3 time(s).

Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 3 time(s).

Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Services service terminated unexpectedly. It has done
this 3 time(s).

Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 3 time(s).

Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 3 time(s).

Error - 3/18/2012 11:02:24 AM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 3 time(s).

Error - 3/18/2012 12:17:10 PM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SeaPort
service to connect.

Error - 3/18/2012 12:17:10 PM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7000
Description = The SeaPort service failed to start due to the following error: %%1053

Error - 3/18/2012 12:18:56 PM | Computer Name = Denise-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter


< End of report >
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Mon Mar 19, 2012 2:45 am    Post subject: Reply with quote

Hi soccerboy016,
Quote:
Thank u for any and all help u can give me in advance

You're welcome.
Ok continue with the instructions below.

Create a new System Restore point
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
    IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
    IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\SearchScopes,DefaultScope = {81686A76-7C1D-48A7-939C-C66D5E933C7C}
    IE - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1410750484-3911037699-1705179727-1000\..\Toolbar\WebBrowser: (no name) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    [2012/03/15 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{AEFC2E40-A750-443C-9F29-898C93AC4392}
    [2012/03/15 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{5083B560-79BC-47CE-AF6F-D8F84940D692}
    [2012/03/14 22:14:28 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/03/08 17:12:17 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{EDF0E4AE-B5FE-4006-9513-3BB034FD1D20}
    [2012/03/14 22:14:28 | 000,000,655 | ---- | C] () -- C:\Users\Denise\Desktop\System Check.lnk
    [2012/03/14 22:14:24 | 000,000,448 | ---- | C] () -- C:\ProgramData\KzxSzMiOirj6U9
    [2012/03/14 22:14:20 | 000,337,920 | ---- | M] () -- C:\ProgramData\KzxSzMiOirj6U9.exe
    [2012/03/14 22:14:20 | 000,337,920 | ---- | C] () -- C:\ProgramData\KzxSzMiOirj6U9.exe
    [2011/11/05 19:03:08 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{55916B0A-16BD-45CA-8592-2718AC7724E2}
    [2011/09/29 08:01:11 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{8571F484-6190-4C1A-B033-C32823BCA56C}
    [2011/09/29 07:58:01 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{0BDAEF4B-F986-4ECF-B20A-498DC7263054}
    [2011/08/16 07:51:34 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{4D16AC2E-4D7A-4A85-90A7-54350B5CA007}
    [2011/08/16 07:51:08 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{3FBCD4F7-422F-43CC-BA9A-31DA139EA473}
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:ED221572

    :files
    ipconfig /flushdns /c

    :commands
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [clearallrestorepoints]
    [REBOOT]

  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download Junction.zip and save it to your desktop.
  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk C: > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

    • Click Start and type Run into the Search programs and files box, hit Enter.
    • Copy and paste the contents of the codebox below into the run box (Do Not include Code:).
    • Click OK:
Code:
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt
  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply please.


Logs/Information to Post in your Next Reply
  • OTL log.
  • Junction log.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Mon Mar 19, 2012 2:02 pm    Post subject: Reply with quote

I just ran the otl fix upon reboot I have a jucheck.exe wanting to make a change to the computer. Am I allowing this, Yes or No?
Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Mon Mar 19, 2012 3:11 pm    Post subject: Reply with quote

I am posting the OTL fix notepad file, just in case I lose it. I am not going to proceed with the Junction program until I hear from you about alowing the jucheck.exe wanting to make changes to the computer, Yes or No? (prior post).

OTL Fix notepad:

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
HKEY_USERS\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1410750484-3911037699-1705179727-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Denise\AppData\Local\{AEFC2E40-A750-443C-9F29-898C93AC4392} folder moved successfully.
C:\Users\Denise\AppData\Local\{5083B560-79BC-47CE-AF6F-D8F84940D692} folder moved successfully.
C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\Users\Denise\AppData\Local\{EDF0E4AE-B5FE-4006-9513-3BB034FD1D20} folder moved successfully.
C:\Users\Denise\Desktop\System Check.lnk moved successfully.
C:\ProgramData\KzxSzMiOirj6U9 moved successfully.
C:\ProgramData\KzxSzMiOirj6U9.exe moved successfully.
File C:\ProgramData\KzxSzMiOirj6U9.exe not found.
C:\Users\Denise\AppData\Local\{55916B0A-16BD-45CA-8592-2718AC7724E2} moved successfully.
C:\Users\Denise\AppData\Local\{8571F484-6190-4C1A-B033-C32823BCA56C} moved successfully.
C:\Users\Denise\AppData\Local\{0BDAEF4B-F986-4ECF-B20A-498DC7263054} moved successfully.
C:\Users\Denise\AppData\Local\{4D16AC2E-4D7A-4A85-90A7-54350B5CA007} moved successfully.
C:\Users\Denise\AppData\Local\{3FBCD4F7-422F-43CC-BA9A-31DA139EA473} moved successfully.
ADS C:\ProgramData\TEMP:ED221572 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Denise\Desktop\cmd.bat deleted successfully.
C:\Users\Denise\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.000

User: All Users

User: Default

User: Default User

User: Denise
->Flash cache emptied: 8200682 bytes

User: Public

Total Flash Files Cleaned = 8.00 mb


[EMPTYTEMP]

User: Administrator

User: Administrator.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denise
->Temp folder emptied: 702473890 bytes
->Temporary Internet Files folder emptied: 475975790 bytes
->Java cache emptied: 51370776 bytes
->FireFox cache emptied: 49761362 bytes
->Google Chrome cache emptied: 6473737 bytes
->Apple Safari cache emptied: 2233344 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 561185015 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36052502 bytes
RecycleBin emptied: 4618400054 bytes

Total Files Cleaned = 6,203.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.000

User: All Users

User: Default

User: Default User

User: Denise
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.1 log created on 03192012_174510

Files\Folders moved on Reboot...
C:\Users\Denise\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Mon Mar 19, 2012 4:15 pm    Post subject: Reply with quote

Well I woke up the computer andthe prompt was gone so i decided to proceedwith junction. the only problemis nothinghappens when I plug in the code...no window opens.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Tue Mar 20, 2012 3:05 am    Post subject: Reply with quote

Hi soccerboy016,
Quote:
Well I woke up the computer andthe prompt was gone so i decided to proceedwith junction. the only problemis nothinghappens when I plug in the code...no window opens.

When you extracted Junction did you save it dirtectly to your C: drive, this is important?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Tue Mar 20, 2012 6:35 am    Post subject: Reply with quote

Yes I did. The File name wound up being: C:\Windows.

I followed the following map:

{Click Browse}----Computer----OS(CSmile------Windows-----{click OPEN}
Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Tue Mar 20, 2012 6:38 am    Post subject: Reply with quote

Sorry the smiley shoud read: OS (C: )
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Tue Mar 20, 2012 7:26 am    Post subject: Reply with quote

Hi soccerboy016,
Ok lets try this... Extract junction from the zip file into the root of C:\ drive
So it appears as C:\junction.exe.

Next.

  • Copy all text in the quote box (below)...to Notepad, Do not include the word Quote:
    Quote:
    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0

  • Save it to your desktop as File name: junc.bat.
  • Save as type: All Files.

    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
    A black CMD window will open, and then disappear after the scan is complete...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Tue Mar 20, 2012 9:26 am    Post subject: Reply with quote

OK I think I figured out the problem with junction.

The problem is a get a Destination Folder Access Denied Window.
It states :
You need administrator permission to copy this folder.
It gives me a continue, Skip, and Cancel button.
I'm going to cancel.
Thiscomputer only has one profile it that I know of....so I find this troubling...I going to try to get this profile admin access.
Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Tue Mar 20, 2012 10:00 am    Post subject: Reply with quote

OK got the access to the C drive. Ran junction, here is the log:
(Just reminding you the other log you needed was posted above this somewhere)



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1d84da20-15c3-11df-bcb2-0026b9a650fc}.TM.blf: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1d84da20-15c3-11df-bcb2-0026b9a650fc}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1d84da20-15c3-11df-bcb2-0026b9a650fc}.TMContainer00000000000000000002.regtrans-ms: Access is denied.




...

...

\\?\c:\\Windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\SysWOW64\config\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\SysWOW64\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Tue Mar 20, 2012 10:17 am    Post subject: Reply with quote

Hi soccerboy016,
Good work.
Is that the complete junction log i would expect it to be longer than that?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Tue Mar 20, 2012 10:54 am    Post subject: Reply with quote

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Recovery: Access is denied.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

..
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57d3db6e6bbc0c9cc7b7c0855f4676c4_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\61904106dfdd7b2d55f4b68d19358098_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a794ee4d893a3d30f8295c5f8fb55d7_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e96ce28b006822cc093a5a3f00ffa9eb_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.


.

...

...

...

...

...

...

..\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\Administrator.000\Application Data: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming
Substitute Name: C:\Users\Administrator.000\AppData\Roaming

\\?\c:\\Users\Administrator.000\Cookies: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Administrator.000\Local Settings: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Local
Substitute Name: C:\Users\Administrator.000\AppData\Local

\\?\c:\\Users\Administrator.000\My Documents: JUNCTION
Print Name : C:\Users\Administrator.000\Documents
Substitute Name: C:\Users\Administrator.000\Documents

\\?\c:\\Users\Administrator.000\NetHood: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Administrator.000\PrintHood: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Administrator.000\Recent: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Administrator.000\SendTo: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Administrator.000\Start Menu: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Administrator.000\Templates: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Administrator.000\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Administrator.000\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Local
Substitute Name: C:\Users\Administrator.000\AppData\Local

\\?\c:\\Users\Administrator.000\AppData\Local\History: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Administrator.000\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Administrator.000\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Administrator.000\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Administrator.000\AppData\Local\Microsoft\Windows\Temporary Internet Files

.\\?\c:\\Users\Administrator.000\Documents\My Music: JUNCTION
Print Name : C:\Users\Administrator.000\Music
Substitute Name: C:\Users\Administrator.000\Music

\\?\c:\\Users\Administrator.000\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Administrator.000\Pictures
Substitute Name: C:\Users\Administrator.000\Pictures

\\?\c:\\Users\Administrator.000\Documents\My Videos: JUNCTION
Print Name : C:\Users\Administrator.000\Videos
Substitute Name: C:\Users\Administrator.000\Videos

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates




Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\57d3db6e6bbc0c9cc7b7c0855f4676c4_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\61904106dfdd7b2d55f4b68d19358098_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9a794ee4d893a3d30f8295c5f8fb55d7_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e96ce28b006822cc093a5a3f00ffa9eb_08ad3b18-e3be-478b-a1fa-93389e28c258: Access is denied.


...

...

...

...

...

...

...

.\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Denise\Application Data: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming
Substitute Name: C:\Users\Denise\AppData\Roaming

\\?\c:\\Users\Denise\Cookies: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Denise\Local Settings: JUNCTION
Print Name : C:\Users\Denise\AppData\Local
Substitute Name: C:\Users\Denise\AppData\Local

\\?\c:\\Users\Denise\My Documents: JUNCTION
Print Name : C:\Users\Denise\Documents
Substitute Name: C:\Users\Denise\Documents

\\?\c:\\Users\Denise\NetHood: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Denise\PrintHood: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Denise\Recent: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Denise\SendTo: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Denise\Templates: JUNCTION
Print Name : C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Denise\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Denise\AppData\Local
Substitute Name: C:\Users\Denise\AppData\Local

\\?\c:\\Users\Denise\AppData\Local\History: JUNCTION
Print Name : C:\Users\Denise\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Denise\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Denise\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Denise\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Denise\AppData\Local\Microsoft\Windows\Temporary Internet Files

..

...

...

...

...

...

...

...

...

...

...

...

...

...

.\\?\c:\\Users\Denise\Documents\My Music: JUNCTION
Print Name : C:\Users\Denise\Music
Substitute Name: C:\Users\Denise\Music

\\?\c:\\Users\Denise\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Denise\Pictures
Substitute Name: C:\Users\Denise\Pictures

\\?\c:\\Users\Denise\Documents\My Videos: JUNCTION
Print Name : C:\Users\Denise\Videos
Substitute Name: C:\Users\Denise\Videos

..

...

...

...

...

...

..\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1d84da20-15c3-11df-bcb2-0026b9a650fc}.TM.blf: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1d84da20-15c3-11df-bcb2-0026b9a650fc}.TMContainer00000000000000000001.regtrans-ms: Access is denied.



Failed to open \\?\c:\\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{1d84da20-15c3-11df-bcb2-0026b9a650fc}.TMContainer00000000000000000002.regtrans-ms: Access is denied.




...

...

\\?\c:\\Windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\SysWOW64\config\systemprofile\Cookies: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Windows\SysWOW64\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Tue Mar 20, 2012 11:05 am    Post subject: Reply with quote

Hi soccerboy016,
Apart from the problem with your Start Menu are you experiencing any other problems now?

Please download from HERE
  • Find Java SE 7u3.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.2).

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Tue Mar 20, 2012 2:35 pm    Post subject: Reply with quote

The only other problem I have is I keep getting this jucheck.exe wanting to makea change to the hard drive. I've looked it up and seems to be some sort of Java Update. Do you know anything about this?

ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=38045ee0b0800d499cffa54cb91d757a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-20 10:18:55
# local_time=2012-03-20 06:18:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 83817484 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225895
# found=3
# cleaned=0
# scan_time=7901
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\03192012_174510\C_ProgramData\KzxSzMiOirj6U9.exe a variant of Win32/Kryptik.ACPM trojan (unable to clean) 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Wed Mar 21, 2012 2:28 am    Post subject: Reply with quote

Hi soccerboy016,
Yes jucheck.exe is java related.
OK, let's see if we can get your Start Menu repopulated.
You can restore the defaults for the Start Menu using the instructions in the below link.

Let me know how it goes.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Wed Mar 21, 2012 7:10 am    Post subject: Reply with quote

Everything looks great. Thank you. The system check icon on the desktop is gone and the System check Program is not showing in the program menu. The start menu looks great too.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Wed Mar 21, 2012 8:57 am    Post subject: Reply with quote

Hi soccerboy016,
Quote:
Everything looks great. Thank you. The system check icon on the desktop is gone and the System check Program is not showing in the program menu. The start menu looks great too.

Excellent good work and you're most welcome.
If you are having no further problems you should be good to go.
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
soccerboy016
Junior Member


Joined: 07 Apr 2008
Last Visit: 21 Mar 2012
Posts: 27

PostPosted: Wed Mar 21, 2012 11:36 am    Post subject: Reply with quote

Thank You again Cypher...I appreciate all your help in this matter. You can close this topic. Thank you again and i wish you well.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 22 Apr 2014
Posts: 4560
Location: Land Of The Leprechauns

PostPosted: Thu Mar 22, 2012 2:16 am    Post subject: Reply with quote

Hi soccerboy016,
Quote:
Thank You again Cypher...I appreciate all your help in this matter. You can close this topic. Thank you again and i wish you well.

You're welcome glad we could help, good luck and stay safe Wink
Quote:
As your issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group