Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista Internet Security 2012 Virus

Started by nlmullen , Aug 19 2011 07:32 PM

This topic is locked

#1
nlmullen

Posted 19 August 2011 - 07:32 PM

Member

Member
59 posts

Hi,

Well it looks like we have the virus. You guys helped us out so much a few years ago. Can you please help again?

Thanks!

#2
nlmullen

Posted 19 August 2011 - 07:49 PM

Member

Topic Starter
Member
59 posts

Here's the OTL log:

OTL logfile created on: 8/19/2011 9:33:55 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Mullen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 36.05% Memory free
6.68 Gb Paging File | 4.06 Gb Available in Paging File | 60.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 241.89 Gb Free Space | 53.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KITCHEN | User Name: Mullen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/19 21:33:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mullen\Downloads\OTL.exe
PRC - [2011/08/19 20:57:23 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/08/19 20:57:23 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/08/19 08:26:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
PRC - [2011/08/17 11:30:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/23 01:41:08 | 001,306,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/19 10:05:42 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
PRC - [2011/03/19 10:05:42 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/09 09:40:20 | 003,101,648 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/18 14:14:36 | 001,593,808 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Upgrade.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/06/26 16:05:14 | 000,524,120 | ---- | M] () -- C:\Program Files\Dell\PC TuneUp\SMTrayNotify.exe
PRC - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/29 13:46:06 | 001,787,224 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/04/29 03:08:02 | 000,303,104 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/04/29 03:07:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/04/07 07:17:04 | 001,069,056 | ---- | M] () -- C:\Program Files\TrueSwitchEsaya\TrueWizard.exe
PRC - [2009/02/05 15:54:06 | 001,001,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Verizon\FiOS\smartaccess\FIOS.exe
PRC - [2008/11/13 11:33:46 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/09/07 19:21:14 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/20 10:51:04 | 000,442,499 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/19 16:42:22 | 000,529,744 | ---- | M] (IOGEAR) -- C:\Program Files\IOGEAR\MobileDigitalScribe.exe
PRC - [2007/12/19 16:30:28 | 000,136,440 | ---- | M] (Pegasus Technologies) -- C:\Program Files\IOGEAR\PegRoute.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/02/13 11:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/13 11:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/19 09:42:14 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
MOD - [2011/08/19 09:42:12 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/19 09:42:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/19 09:41:24 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\8c4740f93586a78e4f3af34d47b1c04b\VistaBridgeLibrary.ni.dll
MOD - [2011/08/19 09:41:23 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\a0ac3ed2f92cf7078650063c3efffdc4\DellDock.ni.exe
MOD - [2011/08/19 09:41:22 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\22108b76d6a68c27baad1c27c956fc35\MyDock.Util.ni.dll
MOD - [2011/08/19 09:41:19 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011/08/19 09:41:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/19 09:41:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/19 09:41:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/19 09:40:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/19 08:13:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/19 08:13:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/08/17 11:30:38 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 14:09:36 | 000,077,312 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/07/25 20:33:13 | 005,612,496 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/18 01:04:50 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/26 16:05:14 | 000,524,120 | ---- | M] () -- C:\Program Files\Dell\PC TuneUp\SMTrayNotify.exe
MOD - [2009/06/26 15:59:40 | 000,447,488 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\LMResource.dll
MOD - [2009/06/26 15:59:40 | 000,055,296 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\Carina.dll
MOD - [2009/04/29 03:06:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009/04/07 07:17:04 | 001,069,056 | ---- | M] () -- C:\Program Files\TrueSwitchEsaya\TrueWizard.exe
MOD - [2008/08/28 12:19:30 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/28 12:19:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/28 12:19:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/28 12:19:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/28 12:19:26 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2768.38752__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/28 12:19:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2768.38750__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/28 12:19:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/28 12:19:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/28 12:19:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2768.38751__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/07/24 15:36:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2007/02/13 11:33:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/02/13 11:14:18 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/03/19 10:05:42 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/20 00:30:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/20 18:17:56 | 000,014,336 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Zatisfi\Zatisfi Search Assistant\GPSearchGuard.exe -- (GPSearchAssistant)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/04/29 03:07:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/08/28 12:29:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 17:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 17:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/10 14:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/17 20:06:16 | 000,065,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/06/17 20:06:06 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/06/17 20:05:56 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/06/17 20:05:46 | 000,035,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/06/17 20:05:36 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/04/29 04:31:40 | 004,491,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/04/29 04:31:40 | 004,491,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/31 17:01:00 | 000,268,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Vid.sys -- (OA002Vid)
DRV - [2008/06/03 09:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Ufd.sys -- (OA002Ufd)
DRV - [2008/04/03 08:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/09/20 14:12:34 | 000,012,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/06/07 21:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA002Afx.sys -- (OA002Afx)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2005/02/23 08:13:50 | 000,002,560 | --S- | M] (GatherWorks, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gwmdd.sys -- (gwmdd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6080828
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsea...M3j.e0KkbCjyyA"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19126
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mullen\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mullen\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mullen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mullen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mullen\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mullen\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/07 19:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\5.bin [2011/08/10 08:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 12:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/21 23:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/06/21 23:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 11:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 18:47:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Mullen\AppData\Roaming\Move Networks [2010/01/03 23:27:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/21 23:12:21 | 000,000,000 | ---D | M]

[2009/12/24 04:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Extensions
[2009/12/24 04:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/15 20:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions
[2010/06/28 21:08:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 13:17:26 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011/08/01 11:54:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/23 19:59:39 | 000,000,000 | ---D | M] (History Submenus) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2011/08/15 20:15:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/05/09 16:46:58 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\[email protected]
[2010/08/23 19:50:08 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\[email protected]
[2010/08/05 21:34:08 | 000,000,923 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\searchplugins\conduit.xml
[2010/09/30 18:59:59 | 000,010,017 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\searchplugins\mywebsearch.xml
[2010/06/27 23:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 08:06:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/27 23:05:40 | 000,000,000 | ---D | M] ("Profile Song") -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/08/10 08:21:04 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN
[2011/08/17 11:30:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/06/11 08:06:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/09 18:47:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110603133314.dll (McAfee, Inc.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (ourgvr- Mustard Seeds Soccer BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (ourgvr- Mustard Seeds Soccer BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [1937336403] C:\Users\Mullen\AppData\Local\eoy.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Digital Scribe] C:\Program Files\IOGEAR\MobileDigitalScribe.exe (IOGEAR)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchEsaya\TrueWizard.exe ()
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...163/qboax10.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://escondidotut...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...TrueInstall.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/28 23:26:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/16 22:23:37 | 000,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{94360b84-f3b1-11de-831b-001c26dc37e9}\Shell\AutoRun\command - "" = K:\Setup_FlipShare.exe
O33 - MountPoints2\{94360b84-f3b1-11de-831b-001c26dc37e9}\Shell\Setup FlipShare\command - "" = K:\Setup_FlipShare.exe
O33 - MountPoints2\{c1a3732b-74f8-11dd-975d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c1a3732b-74f8-11dd-975d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\USLaunch.exe -- [2006/08/16 22:23:37 | 000,831,488 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Mullen\AppData\Local\eoy.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Mullen\AppData\Local\eoy.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 21:09:38 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/08/19 21:09:38 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/08/19 21:09:35 | 000,217,032 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/08/19 21:09:34 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/08/19 21:09:23 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/08/19 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/08/19 21:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/08/19 20:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/19 08:26:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
[2011/08/11 08:04:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 08:04:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 08:04:02 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/11 08:04:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 08:04:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 08:32:40 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 08:32:40 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 08:32:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/07 16:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty - United Offensive
[2011/07/27 21:34:55 | 000,000,000 | ---D | C] -- C:\Users\Mullen\AppData\Local\PunkBuster
[2008/11/21 09:23:25 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Mullen\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/08/19 21:44:07 | 000,000,000 | ---- | M] () -- C:\Windows\TLCAPPS.INI
[2011/08/19 21:32:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001UA.job
[2011/08/19 21:18:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000UA.job
[2011/08/19 21:00:45 | 000,009,442 | -HS- | M] () -- C:\Users\Mullen\AppData\Local\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 21:00:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/19 20:57:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/19 20:57:23 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/08/19 20:57:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 20:57:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 20:57:08 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/19 20:57:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 20:57:03 | 3485,663,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/19 20:55:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/19 20:18:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000Core.job
[2011/08/19 19:55:47 | 000,009,442 | -HS- | M] () -- C:\ProgramData\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 15:51:38 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\ZatisfiUpdateTaskMachineCore.job
[2011/08/19 15:51:38 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\TS.job
[2011/08/19 15:47:41 | 000,009,324 | -HS- | M] () -- C:\ProgramData\3027499175
[2011/08/19 15:46:45 | 000,000,000 | ---- | M] () -- C:\Users\Mullen\Desktop\settings.dat
[2011/08/19 15:45:32 | 000,001,356 | ---- | M] () -- C:\Users\Mullen\AppData\Local\d3d9caps.dat
[2011/08/19 15:43:50 | 000,002,281 | ---- | M] () -- C:\Users\Mullen\Desktop\Safari.lnk
[2011/08/19 08:26:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
[2011/08/18 23:10:27 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\ZatisfiUpdateTaskMachineUA.job
[2011/08/16 21:45:36 | 000,112,128 | ---- | M] () -- C:\Users\Mullen\Documents\Chemistry Syllabus.pdf
[2011/08/15 20:12:30 | 000,000,260 | ---- | M] () -- C:\Windows\System32\cmdVBS.vbs
[2011/08/15 20:12:30 | 000,000,256 | ---- | M] () -- C:\Windows\System32\MSIevent.bat
[2011/08/15 20:12:19 | 000,002,008 | ---- | M] () -- C:\Users\Mullen\Desktop\Vz In-Home Agent.lnk
[2011/08/14 16:30:50 | 000,237,568 | ---- | M] () -- C:\Users\Mullen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/14 05:32:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001Core.job
[2011/08/09 07:42:38 | 000,000,632 | RHS- | M] () -- C:\Users\Mullen\ntuser.pol
[2011/08/07 16:39:40 | 000,000,798 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011/08/07 16:39:40 | 000,000,786 | ---- | M] () -- C:\Users\Mullen\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2011/08/07 16:39:40 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011/08/07 16:38:43 | 000,000,397 | ---- | M] () -- C:\Windows\CoDUO.INI
[2011/08/07 12:46:33 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mullen.job
[2011/07/27 17:05:29 | 000,392,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/27 12:35:51 | 000,600,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/27 12:35:51 | 000,102,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/21 22:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/07/21 22:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/07/21 22:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/07/21 22:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/21 22:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2011/08/19 21:09:38 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/08/19 21:09:35 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/08/19 21:09:35 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/08/19 21:09:23 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/08/19 15:51:18 | 3485,663,232 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/19 15:46:45 | 000,000,000 | ---- | C] () -- C:\Users\Mullen\Desktop\settings.dat
[2011/08/19 15:37:41 | 000,009,324 | -HS- | C] () -- C:\ProgramData\3027499175
[2011/08/19 08:27:09 | 000,009,442 | -HS- | C] () -- C:\Users\Mullen\AppData\Local\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 08:27:09 | 000,009,442 | -HS- | C] () -- C:\ProgramData\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/16 21:45:36 | 000,112,128 | ---- | C] () -- C:\Users\Mullen\Documents\Chemistry Syllabus.pdf
[2011/08/15 20:12:30 | 000,000,260 | ---- | C] () -- C:\Windows\System32\cmdVBS.vbs
[2011/08/15 20:12:30 | 000,000,256 | ---- | C] () -- C:\Windows\System32\MSIevent.bat
[2011/08/15 20:12:19 | 000,002,008 | ---- | C] () -- C:\Users\Mullen\Desktop\Vz In-Home Agent.lnk
[2011/08/07 16:39:40 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011/08/07 16:35:02 | 000,000,397 | ---- | C] () -- C:\Windows\CoDUO.INI
[2011/06/22 00:42:01 | 000,237,742 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2011/06/22 00:42:01 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2011/06/21 22:50:15 | 000,237,003 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/06/21 22:50:15 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2011/05/14 01:33:08 | 000,008,048 | -HS- | C] () -- C:\ProgramData\x10e05rp0it3eboqp5
[2011/05/07 18:08:30 | 000,012,056 | -HS- | C] () -- C:\ProgramData\o5252lgnqf33r82ce6f38e706d0504t5
[2010/10/06 02:20:56 | 000,149,434 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/10/06 02:20:08 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/07/27 18:10:47 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/07/27 17:02:20 | 000,000,868 | ---- | C] () -- C:\Windows\CoD.ini
[2010/05/14 23:25:45 | 000,000,289 | ---- | C] () -- C:\Windows\EReg077.dat
[2010/05/14 23:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2010/03/02 13:10:26 | 000,000,582 | ---- | C] () -- C:\Users\Mullen\AppData\Roaming\wklnhst.dat
[2010/01/17 23:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/15 08:09:42 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/09/13 23:07:19 | 000,001,356 | ---- | C] () -- C:\Users\Mullen\AppData\Local\d3d9caps.dat
[2009/09/13 22:23:19 | 000,000,068 | ---- | C] () -- C:\Windows\System32\kbiwkmijctsmuk.dat
[2009/09/13 18:23:16 | 000,004,318 | ---- | C] () -- C:\Windows\System32\kbiwkmitvyeqol.dat
[2009/09/13 18:11:58 | 000,002,723 | ---- | C] () -- C:\Windows\System32\kbiwkmuevcnbrs.dat
[2009/09/10 22:46:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:46:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/03 22:20:21 | 000,000,215 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/08/15 15:55:03 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/08/09 20:53:19 | 000,000,313 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/08/09 20:51:44 | 000,001,319 | ---- | C] () -- C:\Windows\disney.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/03/02 21:55:18 | 000,184,751 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/11/18 07:50:58 | 000,011,112 | ---- | C] () -- C:\Windows\TrueProcess.exe
[2008/09/25 03:00:59 | 000,000,072 | ---- | C] () -- C:\Windows\webica.INI
[2008/09/07 19:22:33 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/08/31 01:41:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/30 20:04:29 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/08/30 20:02:46 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/08/30 19:46:38 | 000,237,568 | ---- | C] () -- C:\Users\Mullen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 17:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/28 15:56:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/28 15:56:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/28 15:56:45 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/08/28 12:34:12 | 000,938,328 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2008/08/28 12:34:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2008/08/28 12:34:12 | 000,008,192 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2008/08/28 12:34:09 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/08/28 08:03:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/02/13 11:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,020 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#3
Essexboy

Posted 20 August 2011 - 07:18 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets clear this rubbish off for you

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2011/03/19 10:05:42 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE -- (MyWebSearchService)
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL (MyWebSearch.com)
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\5.bin [2011/08/10 08:21:04 | 000,000,000 | ---D | M]
[2010/09/30 18:59:59 | 000,010,017 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\searchplugins\mywebsearch.xml
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [1937336403] C:\Users\Mullen\AppData\Local\eoy.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (MyWebSearch.com)
O35 - HKCU\..exefile [open] -- "C:\Users\Mullen\AppData\Local\eoy.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Mullen\AppData\Local\eoy.exe" -a "%1" %* (Microsoft Corporation)
[2011/08/19 08:26:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
[2011/08/19 21:00:45 | 000,009,442 | -HS- | M] () -- C:\Users\Mullen\AppData\Local\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 19:55:47 | 000,009,442 | -HS- | M] () -- C:\ProgramData\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 15:51:38 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\ZatisfiUpdateTaskMachineCore.job
[2011/08/19 15:51:38 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\TS.job
[2011/08/19 15:47:41 | 000,009,324 | -HS- | M] () -- C:\ProgramData\3027499175
[2011/08/19 08:26:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
[2011/08/18 23:10:27 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\ZatisfiUpdateTaskMachineUA.job
[2011/08/19 15:37:41 | 000,009,324 | -HS- | C] () -- C:\ProgramData\3027499175
[2011/08/19 08:27:09 | 000,009,442 | -HS- | C] () -- C:\Users\Mullen\AppData\Local\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 08:27:09 | 000,009,442 | -HS- | C] () -- C:\ProgramData\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/05/14 01:33:08 | 000,008,048 | -HS- | C] () -- C:\ProgramData\x10e05rp0it3eboqp5
[2011/05/07 18:08:30 | 000,012,056 | -HS- | C] () -- C:\ProgramData\o5252lgnqf33r82ce6f38e706d0504t5

:Files
ipconfig /flushdns /c
C:\Program Files\MyWebSearch

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#4
nlmullen

Posted 20 August 2011 - 03:31 PM

Member

Topic Starter
Member
59 posts

OK, here's the OTL log:

OTL logfile created on: 8/20/2011 5:12:13 PM - Run 4
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Mullen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 51.68% Memory free
6.68 Gb Paging File | 4.83 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 241.73 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.26% Space Free | Partition Type: NTFS
Drive E: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KITCHEN | User Name: Mullen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 17:01:16 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2011/08/20 17:01:16 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2011/08/19 21:33:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Mullen\Downloads\OTL.exe
PRC - [2011/08/19 08:26:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
PRC - [2011/08/17 11:30:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/23 01:41:08 | 001,306,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/19 10:05:42 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
PRC - [2011/03/19 10:05:42 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/05/21 11:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/29 13:46:06 | 001,787,224 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/04/29 03:08:02 | 000,303,104 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/04/29 03:07:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/04/07 07:17:04 | 001,069,056 | ---- | M] () -- C:\Program Files\TrueSwitchEsaya\TrueWizard.exe
PRC - [2008/11/13 11:33:46 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/09/07 19:21:14 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/20 10:51:04 | 000,442,499 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/19 16:42:22 | 000,529,744 | ---- | M] (IOGEAR) -- C:\Program Files\IOGEAR\MobileDigitalScribe.exe
PRC - [2007/12/19 16:30:28 | 000,136,440 | ---- | M] (Pegasus Technologies) -- C:\Program Files\IOGEAR\PegRoute.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/02/13 11:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/13 11:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/20 06:09:33 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\5534465ace7f8b214a31a34f56280602\System.Web.Services.ni.dll
MOD - [2011/08/20 06:09:31 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/20 06:09:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/20 06:08:35 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\8c4740f93586a78e4f3af34d47b1c04b\VistaBridgeLibrary.ni.dll
MOD - [2011/08/20 06:08:34 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\a0ac3ed2f92cf7078650063c3efffdc4\DellDock.ni.exe
MOD - [2011/08/20 06:08:33 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\22108b76d6a68c27baad1c27c956fc35\MyDock.Util.ni.dll
MOD - [2011/08/20 06:08:30 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011/08/20 06:08:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/20 06:08:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/20 06:08:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/20 06:08:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/20 03:04:29 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/20 03:04:23 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/08/17 11:30:38 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/15 14:09:36 | 000,077,312 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2010/07/25 20:33:13 | 005,612,496 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/29 03:06:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009/04/07 07:17:04 | 001,069,056 | ---- | M] () -- C:\Program Files\TrueSwitchEsaya\TrueWizard.exe
MOD - [2008/08/28 12:19:30 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/28 12:19:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/28 12:19:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/28 12:19:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/28 12:19:26 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2768.38752__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/28 12:19:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2768.38750__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/28 12:19:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/28 12:19:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/28 12:19:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2768.38751__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/07/24 15:36:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2007/02/13 11:33:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/02/13 11:14:18 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/03/19 10:05:42 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/20 00:30:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/20 18:17:56 | 000,014,336 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Zatisfi\Zatisfi Search Assistant\GPSearchGuard.exe -- (GPSearchAssistant)
SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/04/29 03:07:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/08/28 12:29:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,163,400 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,064,648 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/17 17:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 17:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/10 14:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/17 20:06:16 | 000,065,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/06/17 20:06:06 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/06/17 20:05:56 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/06/17 20:05:46 | 000,035,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/06/17 20:05:36 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/04/29 04:31:40 | 004,491,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/04/29 04:31:40 | 004,491,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/31 17:01:00 | 000,268,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Vid.sys -- (OA002Vid)
DRV - [2008/06/03 09:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA002Ufd.sys -- (OA002Ufd)
DRV - [2008/04/03 08:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/09/20 14:12:34 | 000,012,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/06/07 21:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA002Afx.sys -- (OA002Afx)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2005/02/23 08:13:50 | 000,002,560 | --S- | M] (GatherWorks, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gwmdd.sys -- (gwmdd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6080828
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://home.mywebsea...M3j.e0KkbCjyyA"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.19126
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {3205B348-523A-4fac-9BC4-9939CBF583B0}:2.1.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..keyword.URL: "http://search.mywebs...1c6&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mullen\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mullen\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mullen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mullen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mullen\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mullen\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/07 19:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\5.bin [2011/08/10 08:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/08/10 12:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/21 23:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/06/21 23:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/19 22:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 18:47:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Mullen\AppData\Roaming\Move Networks [2010/01/03 23:27:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/21 23:12:21 | 000,000,000 | ---D | M]

[2009/12/24 04:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Extensions
[2009/12/24 04:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/15 20:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions
[2010/06/28 21:08:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 13:17:26 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2011/08/01 11:54:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/23 19:59:39 | 000,000,000 | ---D | M] (History Submenus) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2011/08/15 20:15:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/05/09 16:46:58 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\[email protected]
[2010/08/23 19:50:08 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\extensions\[email protected]
[2010/08/05 21:34:08 | 000,000,923 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\searchplugins\conduit.xml
[2010/09/30 18:59:59 | 000,010,017 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\searchplugins\mywebsearch.xml
[2010/06/27 23:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 08:06:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/27 23:05:40 | 000,000,000 | ---D | M] ("Profile Song") -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/08/10 08:21:04 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\5.BIN
[2011/08/17 11:30:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/06/11 08:06:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/09 18:47:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110603133314.dll (McAfee, Inc.)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (ourgvr- Mustard Seeds Soccer BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKCU\..\Toolbar\WebBrowser: (ourgvr- Mustard Seeds Soccer BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [1937336403] C:\Users\Mullen\AppData\Local\eoy.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Digital Scribe] C:\Program Files\IOGEAR\MobileDigitalScribe.exe (IOGEAR)
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\5.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchEsaya\TrueWizard.exe ()
O4 - Startup: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...163/qboax10.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://escondidotut...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...TrueInstall.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mullen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/28 23:26:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/08/16 22:23:37 | 000,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{94360b84-f3b1-11de-831b-001c26dc37e9}\Shell\AutoRun\command - "" = K:\Setup_FlipShare.exe
O33 - MountPoints2\{94360b84-f3b1-11de-831b-001c26dc37e9}\Shell\Setup FlipShare\command - "" = K:\Setup_FlipShare.exe
O33 - MountPoints2\{c1a3732b-74f8-11dd-975d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c1a3732b-74f8-11dd-975d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\USLaunch.exe -- [2006/08/16 22:23:37 | 000,831,488 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Mullen\AppData\Local\eoy.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Mullen\AppData\Local\eoy.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 17:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/20 13:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2011/08/19 21:55:10 | 000,000,000 | ---D | C] -- C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/19 08:26:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Mullen\AppData\Local\eoy.exe
[2011/08/07 16:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty - United Offensive
[2011/07/27 21:34:55 | 000,000,000 | ---D | C] -- C:\Users\Mullen\AppData\Local\PunkBuster
[2008/11/21 09:23:25 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Mullen\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/08/20 17:07:30 | 000,009,494 | -HS- | M] () -- C:\Users\Mullen\AppData\Local\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/20 17:07:30 | 000,009,494 | -HS- | M] () -- C:\ProgramData\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/20 17:04:42 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\ZatisfiUpdateTaskMachineCore.job
[2011/08/20 17:04:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 17:04:41 | 000,000,212 | ---- | M] () -- C:\Windows\tasks\TS.job
[2011/08/20 17:01:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/08/20 17:00:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 17:00:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 17:00:58 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/20 17:00:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/20 17:00:52 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/20 16:59:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/20 16:32:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001UA.job
[2011/08/20 16:17:59 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000UA.job
[2011/08/20 16:00:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 09:11:45 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mullen.job
[2011/08/20 05:32:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001Core.job
[2011/08/19 23:10:26 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\ZatisfiUpdateTaskMachineUA.job
[2011/08/19 21:55:10 | 000,001,672 | ---- | M] () -- C:\Users\Mullen\Desktop\CCleaner.lnk
[2011/08/19 21:44:07 | 000,000,000 | ---- | M] () -- C:\Windows\TLCAPPS.INI
[2011/08/19 20:18:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000Core.job
[2011/08/19 15:47:41 | 000,009,324 | -HS- | M] () -- C:\ProgramData\3027499175
[2011/08/19 15:46:45 | 000,000,000 | ---- | M] () -- C:\Users\Mullen\Desktop\settings.dat
[2011/08/19 15:45:32 | 000,001,356 | ---- | M] () -- C:\Users\Mullen\AppData\Local\d3d9caps.dat
[2011/08/19 15:43:50 | 000,002,281 | ---- | M] () -- C:\Users\Mullen\Desktop\Safari.lnk
[2011/08/16 21:45:36 | 000,112,128 | ---- | M] () -- C:\Users\Mullen\Documents\Chemistry Syllabus.pdf
[2011/08/15 20:12:30 | 000,000,260 | ---- | M] () -- C:\Windows\System32\cmdVBS.vbs
[2011/08/15 20:12:30 | 000,000,256 | ---- | M] () -- C:\Windows\System32\MSIevent.bat
[2011/08/15 20:12:19 | 000,002,008 | ---- | M] () -- C:\Users\Mullen\Desktop\Vz In-Home Agent.lnk
[2011/08/14 16:30:50 | 000,237,568 | ---- | M] () -- C:\Users\Mullen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/09 07:42:38 | 000,000,632 | RHS- | M] () -- C:\Users\Mullen\ntuser.pol
[2011/08/07 16:39:40 | 000,000,798 | ---- | M] () -- C:\Users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011/08/07 16:39:40 | 000,000,786 | ---- | M] () -- C:\Users\Mullen\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2011/08/07 16:38:43 | 000,000,397 | ---- | M] () -- C:\Windows\CoDUO.INI
[2011/07/27 17:05:29 | 000,392,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/27 12:35:51 | 000,600,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/27 12:35:51 | 000,102,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/08/19 21:55:10 | 000,001,672 | ---- | C] () -- C:\Users\Mullen\Desktop\CCleaner.lnk
[2011/08/19 15:51:18 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/19 15:46:45 | 000,000,000 | ---- | C] () -- C:\Users\Mullen\Desktop\settings.dat
[2011/08/19 15:37:41 | 000,009,324 | -HS- | C] () -- C:\ProgramData\3027499175
[2011/08/19 08:27:09 | 000,009,494 | -HS- | C] () -- C:\Users\Mullen\AppData\Local\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/19 08:27:09 | 000,009,494 | -HS- | C] () -- C:\ProgramData\fw4dn13xih03663jh3v43u3s850d0k733438i6f2l2ekh
[2011/08/16 21:45:36 | 000,112,128 | ---- | C] () -- C:\Users\Mullen\Documents\Chemistry Syllabus.pdf
[2011/08/15 20:12:30 | 000,000,260 | ---- | C] () -- C:\Windows\System32\cmdVBS.vbs
[2011/08/15 20:12:30 | 000,000,256 | ---- | C] () -- C:\Windows\System32\MSIevent.bat
[2011/08/15 20:12:19 | 000,002,008 | ---- | C] () -- C:\Users\Mullen\Desktop\Vz In-Home Agent.lnk
[2011/08/07 16:35:02 | 000,000,397 | ---- | C] () -- C:\Windows\CoDUO.INI
[2011/06/22 00:42:01 | 000,237,742 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2011/06/22 00:42:01 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2011/06/21 22:50:15 | 000,237,003 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/06/21 22:50:15 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2011/05/14 01:33:08 | 000,008,048 | -HS- | C] () -- C:\ProgramData\x10e05rp0it3eboqp5
[2011/05/07 18:08:30 | 000,012,056 | -HS- | C] () -- C:\ProgramData\o5252lgnqf33r82ce6f38e706d0504t5
[2010/10/06 02:20:56 | 000,149,434 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/10/06 02:20:08 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/07/27 18:10:47 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/07/27 17:02:20 | 000,000,868 | ---- | C] () -- C:\Windows\CoD.ini
[2010/05/14 23:25:45 | 000,000,289 | ---- | C] () -- C:\Windows\EReg077.dat
[2010/05/14 23:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2010/03/02 13:10:26 | 000,000,582 | ---- | C] () -- C:\Users\Mullen\AppData\Roaming\wklnhst.dat
[2010/01/17 23:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/15 08:09:42 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/09/13 23:07:19 | 000,001,356 | ---- | C] () -- C:\Users\Mullen\AppData\Local\d3d9caps.dat
[2009/09/13 22:23:19 | 000,000,068 | ---- | C] () -- C:\Windows\System32\kbiwkmijctsmuk.dat
[2009/09/13 18:23:16 | 000,004,318 | ---- | C] () -- C:\Windows\System32\kbiwkmitvyeqol.dat
[2009/09/13 18:11:58 | 000,002,723 | ---- | C] () -- C:\Windows\System32\kbiwkmuevcnbrs.dat
[2009/09/10 22:46:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:46:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/03 22:20:21 | 000,000,215 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/08/15 15:55:03 | 000,000,149 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/08/09 20:53:19 | 000,000,313 | ---- | C] () -- C:\Windows\EReg515.dat
[2009/08/09 20:51:44 | 000,001,319 | ---- | C] () -- C:\Windows\disney.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/03/02 21:55:18 | 000,184,751 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/11/18 07:50:58 | 000,011,112 | ---- | C] () -- C:\Windows\TrueProcess.exe
[2008/09/25 03:00:59 | 000,000,072 | ---- | C] () -- C:\Windows\webica.INI
[2008/09/07 19:22:33 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/08/31 01:41:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/30 20:04:29 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/08/30 20:02:46 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/08/30 19:46:38 | 000,237,568 | ---- | C] () -- C:\Users\Mullen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 17:28:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/28 15:56:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/28 15:56:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/28 15:56:45 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/08/28 12:34:12 | 000,938,328 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2008/08/28 12:34:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2008/08/28 12:34:12 | 000,008,192 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2008/08/28 12:34:09 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/08/28 08:03:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/02/13 11:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,020 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/07/21 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Amazon
[2011/04/13 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Elluminate
[2011/02/12 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Flip Video
[2011/08/20 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\go
[2008/09/25 03:03:20 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\ICAClient
[2010/10/29 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Image Zone Express
[2009/09/04 10:57:33 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\iolo
[2009/08/31 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Leadertech
[2011/02/21 01:50:13 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\MPEG Streamclip
[2010/10/06 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Printer Info Cache
[2009/08/09 02:06:26 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\SanDisk
[2010/01/17 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\SystemRequirementsLab
[2010/03/02 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\Template
[2009/04/09 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\TrueSwitch
[2010/01/08 10:13:16 | 000,000,000 | ---D | M] -- C:\Users\Mullen\AppData\Roaming\webex
[2011/08/20 16:59:04 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/20 17:04:41 | 000,000,212 | ---- | M] () -- C:\Windows\Tasks\TS.job
[2011/08/20 17:04:42 | 000,000,844 | ---- | M] () -- C:\Windows\Tasks\ZatisfiUpdateTaskMachineCore.job
[2011/08/19 23:10:26 | 000,000,846 | ---- | M] () -- C:\Windows\Tasks\ZatisfiUpdateTaskMachineUA.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Not sure if this asw ran correctly...it asked me to download Avast, but I didn't...should I? Thanks!

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-20 17:26:52
-----------------------------
17:26:52.086 OS Version: Windows 6.0.6002 Service Pack 2
17:26:52.086 Number of processors: 4 586 0xF0B
17:26:52.087 ComputerName: KITCHEN UserName: Mullen
17:26:53.954 Initialze error C000010E - driver not loaded
17:26:54.179 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
17:27:22.796 Scan error: Incorrect function.
17:28:32.697 The log file has been saved successfully to "C:\Users\Mullen\Documents\aswMBR.txt"

#5
Essexboy

Posted 20 August 2011 - 03:44 PM

GeekU Moderator

Retired Staff
69,964 posts

OK none of the lines I wanted gone have left - bigger hammer time

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#6
nlmullen

Posted 20 August 2011 - 07:25 PM

Member

Topic Starter
Member
59 posts

Well, the whole process took about 45 minutes. It went through 50 stages, deleted files, then folders, rebooted, and finally created a log. Here it is:
I don't see any more shield at the bottom for Vista Internet Security 2012...no more pop-ups, etc. I am VERY thankful for your help and am sending a donation through Paypal.
Thanks!

Leisa from New York

ComboFix 11-08-20.01 - Mullen 08/20/2011 20:37:29.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1271 [GMT -4:00]
Running from: c:\users\Mullen\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
c:\program files\Common Files\TSUninstall
c:\program files\Common Files\TSUninstall\Uninstall.lnk
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\5.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\5.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\5.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\5.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\5.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\5.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\5.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\5.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\5.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\5.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\5.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\5.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\5.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\5.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\5.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\5.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\5.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\5.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\5.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\5.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\5.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\5.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\5.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\5.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\5.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Mullen\AppData\Local\eoy.exe
c:\users\Mullen\AppData\Roaming\Adobe\plugs
c:\users\Mullen\AppData\Roaming\Adobe\plugs\mmc127.exe
c:\users\Mullen\AppData\Roaming\Adobe\plugs\mmc1440560.txt
c:\users\Mullen\AppData\Roaming\Adobe\plugs\mmc1489793.txt
c:\users\Mullen\AppData\Roaming\Adobe\shed
c:\users\Mullen\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.tmp
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\Mullen\GoToAssistDownloadHelper.exe
c:\windows\desktop
c:\windows\MailSwitch.ocx
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\kbiwkmijctsmuk.dat
c:\windows\system32\kbiwkmitvyeqol.dat
c:\windows\system32\kbiwkmuevcnbrs.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-20 17:01 . 2011-08-20 17:01 -------- d-----w- c:\programdata\ClubSanDisk
2011-08-20 09:30 . 2011-08-20 09:33 -------- d-----w- c:\users\No Bugs
2011-08-16 00:12 . 2011-08-16 00:12 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-08-16 00:12 . 2011-08-16 00:12 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-08-16 00:12 . 2011-08-16 00:12 65536 ----a-r- c:\users\Mullen\AppData\Roaming\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2011-08-16 00:12 . 2011-08-16 00:12 65536 ----a-r- c:\users\Mullen\AppData\Roaming\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2011-08-16 00:12 . 2011-08-16 00:12 65536 ----a-r- c:\users\Mullen\AppData\Roaming\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe
2011-08-10 12:32 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 12:32 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 12:32 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 12:32 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 12:32 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 12:30 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-31 06:25 . 2011-07-31 06:28 -------- d-----w- c:\users\nr.kitchen.001
2011-07-28 01:34 . 2011-07-28 01:34 -------- d-----w- c:\users\Mullen\AppData\Local\PunkBuster
2011-07-25 22:22 . 2011-07-25 22:25 -------- d-----w- c:\users\Mullen Family\AppData\Roaming\HpUpdate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 13:34 . 2011-07-16 05:20 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 21:23 . 2011-05-25 21:23 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-25 21:23 . 2011-05-25 21:23 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-25 21:23 . 2011-05-25 21:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-25 21:23 . 2011-05-25 21:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-25 21:23 . 2011-05-25 21:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-25 21:23 . 2011-05-25 21:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-25 21:23 . 2011-05-25 21:23 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-25 21:23 . 2011-05-25 21:23 367104 ----a-w- c:\windows\system32\html.iec
2011-05-25 21:23 . 2011-05-25 21:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-25 21:23 . 2011-05-25 21:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-25 21:23 . 2011-05-25 21:23 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-25 21:23 . 2011-05-25 21:23 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-25 21:23 . 2011-05-25 21:23 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-25 21:23 . 2011-05-25 21:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-25 21:23 . 2011-05-25 21:23 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-25 21:23 . 2011-05-25 21:23 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-25 21:22 . 2011-05-25 21:22 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-25 21:22 . 2011-05-25 21:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-17 15:30 . 2011-05-09 22:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-18 05:04 . 2009-11-17 15:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-03-06 10:12 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 68856]
"Digital Scribe"="c:\program files\IOGEAR\MobileDigitalScribe.exe" [2007-12-19 529744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-18 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-03-20 442499]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-08-21 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
.
c:\users\no.kitchen.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\noel.kitchen.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.006\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\nr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\nr.kitchen.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\nr.kitchen.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Roller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\no\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\no.kitchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\no.kitchen.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\no.kitchen.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-13 333088]
TrueAssistant.lnk - c:\program files\TrueSwitchEsaya\TrueWizard.exe [2009-4-7 1069056]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-1-25 1074176]
.
c:\users\No Bugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-28 16:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Mullen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-08-09 06:06 79872 ----a-w- c:\users\Mullen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 xwmsxkiq;xwmsxkiq;c:\windows\system32\drivers\xwmsxkiq.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 GPSearchAssistant;Zatisfi Search Assistant Service;c:\program files\Zatisfi\Zatisfi Search Assistant\GPSearchGuard.exe [2010-05-20 14336]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-18 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-09-10 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 148056]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-29 176128]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 gwmdd;gwmdd;c:\windows\system32\DRIVERS\gwmdd.sys [2005-02-23 2560]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 144672]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-07-31 268672]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-28 19:57]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 14:18]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 14:18]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000Core.job
- c:\users\Mullen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 03:32]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000UA.job
- c:\users\Mullen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 03:32]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001Core.job
- c:\users\Mullen Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 05:23]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001UA.job
- c:\users\Mullen Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 05:23]
.
2011-08-20 c:\windows\Tasks\Norton Security Scan for Mullen.job
- c:\progra~1\NORTON~2\Engine\313~1.6\Nss.exe [2011-06-14 08:19]
.
2011-08-21 c:\windows\Tasks\ZatisfiUpdateTaskMachineCore.job
- c:\program files\Zatisfi\Update\ZatisfiUpdate.exe [2010-06-28 03:05]
.
2011-08-20 c:\windows\Tasks\ZatisfiUpdateTaskMachineUA.job
- c:\program files\Zatisfi\Update\ZatisfiUpdate.exe [2010-06-28 03:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=qK4CtCRPM3j.e0KkbCjyyA
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=qK4CtCRPM3j.e0KkbCjyyA&psa=&ind=2010042822&ptnrS=GRfox000&si=&st=kwd&n=77ced1c6&searchfor=
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-TNTS32.EXE - c:\hgasrapi\ASRAPI32\TNTS\inst_32\Setup_32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 21:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,54,ba,61,7e,ff,21,48,85,6f,0e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,54,ba,61,7e,ff,21,48,85,6f,0e,\
.
[HKEY_USERS\S-1-5-21-3051344353-3087506304-4111451616-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:dc,0f,1d,42,dc,37,e9,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5836)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell\PC TuneUp\SMTrayNotify.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\IOGEAR\PegRoute.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
.
**************************************************************************
.
Completion time: 2011-08-20 21:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 01:21
.
Pre-Run: 258,223,796,224 bytes free
Post-Run: 260,106,702,848 bytes free
.
- - End Of File - - CD59E8A6A84FF3E06542D524F4BD8DF4

#7
Essexboy

Posted 21 August 2011 - 03:24 AM

GeekU Moderator

Retired Staff
69,964 posts

Thank you for the donation. We still have a few elements to remove though to make you squeeky clean

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\xwmsxkiq.sys

DDS::
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=qK4CtCRPM3j.e0KkbCjyyA
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=qK4CtCRPM3j.e0KkbCjyyA&psa=&ind=2010042822&ptnrS=GRfox000&si=&st=kwd&n=77ced1c6&searchfor=

Driver::
xwmsxkiq

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#8
nlmullen

Posted 21 August 2011 - 11:44 AM

Member

Topic Starter
Member
59 posts

OK, now the only problem I should have mentioned before is that I don't see a way to disable my McAffe anti-virus. I DID turn off the firewall both times. Let me know if that's a problem. Here's the log and THANKS again:

ComboFix 11-08-20.01 - Mullen 08/21/2011 12:35:02.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1525 [GMT -4:00]
Running from: c:\users\Mullen\Downloads\ComboFix.exe
Command switches used :: c:\users\Mullen\Downloads\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\system32\drivers\xwmsxkiq.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xwmsxkiq
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-20 17:01 . 2011-08-20 17:01 -------- d-----w- c:\programdata\ClubSanDisk
2011-08-20 09:30 . 2011-08-20 09:33 -------- d-----w- c:\users\No Bugs
2011-08-16 00:12 . 2011-08-16 00:12 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-08-16 00:12 . 2011-08-16 00:12 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-08-16 00:12 . 2011-08-16 00:12 65536 ----a-r- c:\users\Mullen\AppData\Roaming\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2011-08-16 00:12 . 2011-08-16 00:12 65536 ----a-r- c:\users\Mullen\AppData\Roaming\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2011-08-16 00:12 . 2011-08-16 00:12 65536 ----a-r- c:\users\Mullen\AppData\Roaming\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe
2011-08-10 12:32 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 12:32 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 12:32 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 12:32 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 12:32 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 12:30 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-31 06:25 . 2011-07-31 06:28 -------- d-----w- c:\users\nr.kitchen.001
2011-07-28 01:34 . 2011-07-28 01:34 -------- d-----w- c:\users\Mullen\AppData\Local\PunkBuster
2011-07-25 22:22 . 2011-07-25 22:25 -------- d-----w- c:\users\Mullen Family\AppData\Roaming\HpUpdate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 13:34 . 2011-07-16 05:20 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 21:23 . 2011-05-25 21:23 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-25 21:23 . 2011-05-25 21:23 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-25 21:23 . 2011-05-25 21:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-25 21:23 . 2011-05-25 21:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-25 21:23 . 2011-05-25 21:23 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-25 21:23 . 2011-05-25 21:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-25 21:23 . 2011-05-25 21:23 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-25 21:23 . 2011-05-25 21:23 367104 ----a-w- c:\windows\system32\html.iec
2011-05-25 21:23 . 2011-05-25 21:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-25 21:23 . 2011-05-25 21:23 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-25 21:23 . 2011-05-25 21:23 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-25 21:23 . 2011-05-25 21:23 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-25 21:23 . 2011-05-25 21:23 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-25 21:23 . 2011-05-25 21:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-25 21:23 . 2011-05-25 21:23 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-25 21:23 . 2011-05-25 21:23 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-25 21:22 . 2011-05-25 21:22 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-25 21:22 . 2011-05-25 21:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-17 15:30 . 2011-05-09 22:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-18 05:04 . 2009-11-17 15:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-03-06 10:12 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 68856]
"Digital Scribe"="c:\program files\IOGEAR\MobileDigitalScribe.exe" [2007-12-19 529744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-18 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-03-20 442499]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-07 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2011-08-21 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
.
c:\users\no.kitchen.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Noel.kitchen.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.004\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\noel.kitchen.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.006\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.008\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.011\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\noel.kitchen.012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\nr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\nr.kitchen.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\nr.kitchen.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Roller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\no\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\no.kitchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\no.kitchen.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\no.kitchen.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\users\Mullen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-2-13 333088]
TrueAssistant.lnk - c:\program files\TrueSwitchEsaya\TrueWizard.exe [2009-4-7 1069056]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-1-25 1074176]
.
c:\users\No Bugs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-4-29 1787224]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-28 16:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Mullen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-08-09 06:06 79872 ----a-w- c:\users\Mullen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 GPSearchAssistant;Zatisfi Search Assistant Service;c:\program files\Zatisfi\Zatisfi Search Assistant\GPSearchGuard.exe [2010-05-20 14336]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-18 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-09-10 38224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-03-13 85984]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 148056]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-03-13 64648]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-03-13 163400]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-29 176128]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 159832]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-03-13 57432]
S3 gwmdd;gwmdd;c:\windows\system32\DRIVERS\gwmdd.sys [2005-02-23 2560]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-03-13 337912]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 144672]
S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-07-31 268672]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-28 19:57]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 14:18]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 14:18]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000Core.job
- c:\users\Mullen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 03:32]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1000UA.job
- c:\users\Mullen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-04 03:32]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001Core.job
- c:\users\Mullen Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 05:23]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3051344353-3087506304-4111451616-1001UA.job
- c:\users\Mullen Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-26 05:23]
.
2011-08-20 c:\windows\Tasks\Norton Security Scan for Mullen.job
- c:\progra~1\NORTON~2\Engine\313~1.6\Nss.exe [2011-06-14 08:19]
.
2011-08-21 c:\windows\Tasks\ZatisfiUpdateTaskMachineCore.job
- c:\program files\Zatisfi\Update\ZatisfiUpdate.exe [2010-06-28 03:05]
.
2011-08-21 c:\windows\Tasks\ZatisfiUpdateTaskMachineUA.job
- c:\program files\Zatisfi\Update\ZatisfiUpdate.exe [2010-06-28 03:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Mullen\AppData\Roaming\Mozilla\Firefox\Profiles\g1gz47wm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=qK4CtCRPM3j.e0KkbCjyyA
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=qK4CtCRPM3j.e0KkbCjyyA&psa=&ind=2010042822&ptnrS=GRfox000&si=&st=kwd&n=77ced1c6&searchfor=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 13:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,54,ba,61,7e,ff,21,48,85,6f,0e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,54,ba,61,7e,ff,21,48,85,6f,0e,\
.
[HKEY_USERS\S-1-5-21-3051344353-3087506304-4111451616-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:dc,0f,1d,42,dc,37,e9,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7896)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\rundll32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\IOGEAR\PegRoute.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2011-08-21 13:41:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-21 17:40
ComboFix2.txt 2011-08-21 01:21
.
Pre-Run: 259,541,659,648 bytes free
Post-Run: 259,595,399,168 bytes free
.
- - End Of File - - C390B0CBB44627040F0293DA07977494

#9
Essexboy

Posted 21 August 2011 - 03:10 PM

GeekU Moderator

Retired Staff
69,964 posts

With that last one gone it now looks good, are there any further problems that need resolving ?

McAfee is not a problem Combofix can work around that

#10
nlmullen

Posted 21 August 2011 - 05:15 PM

Member

Topic Starter
Member
59 posts

Nope. All good. Thanks so much! Leisa

#11
Essexboy

Posted 22 August 2011 - 03:39 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :unsure:

#12
Essexboy

Posted 25 August 2011 - 12:51 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.