# Lingering effects of FakeAlert virus or something else?



## Trainmaster

Last week I picked up a nasty Fake Alert virus.  Johnb35 helped me get rid of it.  The thread is here http://www.computerforum.com/193048-my-hdd-failing-we-speak-urgent-help-required-3.html  posts #30 through #41.

After going through that I noticed that since that time I have been unable to play flash videos.  I have used the FLV player from Martijn de Visser (available at download.cnet.com) for playback of flash videos saved on my hard drive or on removable media.  Formerly when I clicked on a previously saved .FLV file, the FLV player would launch and begin playback.  But ever since the FakeAlert ordeal this has not worked.  

I tried uninstalling and reinstalling FLV player but received the same result.  Out of curiosity I attempted to uninstall and reinstall Adobe Flash Player but when trying to download AFP I received the following popup message:

Windows No Disk
Exception processing message C0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

The download from adobe will not proceed at that point and the only way to close the popup window for good is to terminate the adobe dowload process in task manager.

I reran malware bytes first found no errors and attempted the download again with the same results.

Questions:

Is this perhaps related to the malware I had last week?  I know that correlation does not necessarily imply causation, but the coincidental timing made me suspicious.

Here is my malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6417

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/25/2011 11:50:10 AM
mbam-log-2011-04-25 (11-50-10).txt

Scan type: Quick scan
Objects scanned: 54526
Time elapsed: 12 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And now here is Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:13 PM, on 4/25/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.remcpapc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6437
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110118075944.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY"
O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" -c Direct -p DOT4_002 -pn "LaserJet 1012 Series" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Seagate 2GET6XM1 Product Registration.lnk = C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GET6XM1 Product Registration.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97B6CB8F-1BEA-4002-B0EE-CF309F13BD95}: NameServer = 69.78.96.14 66.174.95.44
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8504 bytes



Please advise.


----------



## johnb35

First thing to do would be to look in the event viewer for any signs of this error and what program is causing it, look in the application and system heading for errors.

Weird things can happen after an infection and sometimes the only way to get it working correctly is to reinstall windows.  Hopefully this isn't your case. 

You may want to look at this.

http://www.google.com/search?source...=N&bav=on.2,or.r_gc.r_pw.&fp=ab08b906c4821279


----------



## kells

*Recover hdd from malware*

Hey johnb35! I have spent spent most of my day reading downloading and following your detailed instructions. I am not computer savvy by any means, but I must admit you are really good!!! I have 3 sets of logs; the combofix,fresh hijack and mbam. Would you mind taking a look @ them? I'm not sure what I should do @this point. FYI I'm about 90% back to restoration. Thanks again for your previous posts!

http://www.computerforum.com/193048-my-hdd-failing-we-speak-urgent-help-required.html


----------



## johnb35

kells said:


> Hey johnb35! I have spent spent most of my day reading downloading and following your detailed instructions. I am not computer savvy by any means, but I must admit you are really good!!! I have 3 sets of logs; the combofix,fresh hijack and mbam. Would you mind taking a look @ them? I'm not sure what I should do @this point. FYI I'm about 90% back to restoration. Thanks again for your previous posts!
> 
> http://www.computerforum.com/193048-my-hdd-failing-we-speak-urgent-help-required.html



Need you to post the logs for me to go through.  Then I'll move your issue to a new thread.


----------



## kells

ComboFix 11-04-25.01 - ChooseUrDestiny 04/25/2011  14:29:33.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4056.2712 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Downloads\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\1.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\a.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\b.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\c.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\d.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\e.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\f.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\g.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\h.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\i.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\J.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\k.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\l.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\m.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\n.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\o.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\p.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\q.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\r.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\s.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\t.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\u.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\v.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\w.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\x.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\y.xml
c:\users\ChooseUrDestiny\AppData\Roaming\PriceGong\Data\z.xml
c:\users\ChooseUrDestiny\g2mdlhlpx.exe
c:\users\ChooseUrDestiny\videos\Invictus.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Fonts\FontFolderTest.ttf
c:\windows\Fonts\FontFolderTwoTest.ttf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-25 to 2011-04-25  )))))))))))))))))))))))))))))))
.
.
2011-04-25 18:42 . 2011-04-25 18:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-25 18:42 . 2011-04-25 18:42	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-04-25 15:56 . 2011-04-25 15:56	388096	----a-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-04-25 14:02 . 2011-04-25 14:02	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{BA77CBE6-A1D1-469E-A4FE-E39EF61A7BE9}
2011-04-25 01:40 . 2011-04-25 01:41	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{E1FE66EC-BC9C-4753-A685-B756E883C946}
2011-04-24 23:24 . 2011-04-24 23:24	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{9C9EDC7F-84B5-4644-B048-69CA5A3387A3}
2011-04-24 18:54 . 2011-04-24 18:54	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{60CDB359-CB12-430B-8070-E4FDAAB83DD1}
2011-04-23 23:25 . 2011-04-23 23:25	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{9AE78C90-1CA8-4EEB-A1E2-FF2B63BC85C3}
2011-04-23 11:52 . 2011-04-23 11:52	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{E8B75897-FE08-4CE1-9ECC-748970085712}
2011-04-22 14:47 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-22 14:32 . 2011-04-22 14:32	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{0C1C657C-E59E-4D9A-826E-059B826B3F69}
2011-04-21 21:02 . 2011-04-21 21:03	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{8882F5CD-33CF-4DB4-9F2C-8CBBDBE12A09}
2011-04-21 17:38 . 2011-04-21 17:38	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{686453A8-8074-48FA-B09E-A656BB83DA03}
2011-04-20 11:59 . 2011-04-20 11:59	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{581DD802-48FE-41A7-A39F-7D6B461CF152}
2011-04-19 15:36 . 2011-04-19 15:36	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{5DA9CEA3-BC50-45E7-B338-0A7474C3E21D}
2011-04-18 13:49 . 2011-04-18 13:49	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{3050B45E-FBE5-4F3B-8B72-CFB6A11299FC}
2011-04-18 00:49 . 2011-04-18 00:49	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{C74A2A3E-66EE-44E4-B38B-23E594DA4555}
2011-04-17 05:28 . 2011-04-17 05:28	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{0F97C7C8-7741-488D-AD0A-85952B1E3C40}
2011-04-16 19:39 . 2011-04-16 19:39	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{5850E50F-FEAF-4591-AB5D-F9F6671DC518}
2011-04-16 16:38 . 2011-04-16 16:38	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{5DC943B8-63A3-43F5-9925-8616CA39D469}
2011-04-15 12:45 . 2011-04-15 12:46	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{997655D2-F5CB-4378-AB30-A907EA462DFE}
2011-04-14 22:58 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 21:06 . 2011-04-14 21:06	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{210B0870-5549-4033-9FAE-D6A99A7E219A}
2011-04-14 12:06 . 2011-04-14 12:06	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{52D16561-7667-4E4D-9E28-1F14837CFDDB}
2011-04-14 11:58 . 2011-04-14 11:58	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{9A694E21-B26F-41FD-92F3-99F30F5B1EC3}
2011-04-14 04:35 . 2011-04-14 04:35	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\WMA-MP3.com
2011-04-14 04:33 . 2009-05-21 19:24	30736	----a-w-	c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03	--------	d-----w-	c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18	33264	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19	--------	d-----w-	C:\Converted
2011-04-14 02:26 . 2011-04-14 02:26	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{3B344A85-18F4-4D0A-B85B-2FDE44391A54}
2011-04-14 02:10 . 2011-04-14 02:10	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{3503A6A8-9BC4-4652-8262-D8D3ED39B07C}
2011-04-14 00:53 . 2011-04-14 00:53	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{1890F0E2-5693-4788-971A-3A19F66174A5}
2011-04-14 00:35 . 2011-04-14 00:35	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23	--------	d-----w-	c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59	--------	d--h--w-	c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-13 12:48 . 2011-04-13 12:48	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{888519FD-8C11-4B06-A2A1-15BE59693EEF}
2011-04-12 17:34 . 2011-04-12 17:34	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{2E44225A-AB58-417B-931D-88A30646D510}
2011-04-12 12:16 . 2011-04-12 12:18	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{C319AD48-1D5B-4776-8A32-96AC61A9D1B2}
2011-04-11 13:04 . 2011-04-11 13:05	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{1DB63C7E-30F7-4147-AC43-1C9B19037168}
2011-04-10 23:52 . 2011-04-10 23:52	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{5AADF55A-A2CE-420D-971C-16A84846DB26}
2011-04-10 11:28 . 2011-04-10 11:30	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{EE358DC9-6610-46F9-9132-CB4268F784E6}
2011-04-09 02:46 . 2011-04-09 02:46	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{6A94CFD3-06C1-4831-9569-34542DE8D8E8}
2011-04-07 11:56 . 2011-04-07 11:57	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{CA411673-843F-4A0F-A461-AE5A9C3DB8E4}
2011-04-06 02:50 . 2011-04-06 03:26	--------	d-----w-	c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP
2011-04-06 00:31 . 2011-04-06 00:31	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{2F2F8C9A-F026-4F40-A1C2-BE4D35011E9A}
2011-04-05 12:30 . 2011-04-05 12:30	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{BFEA77BD-04E4-4A6C-B77A-2FE3153048A7}
2011-04-05 00:25 . 2011-04-05 00:25	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{21D3DEB0-09A6-4536-92FD-92CDD9EC2994}
2011-04-02 11:15 . 2011-04-02 11:15	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{C65AFEDB-BD58-418D-88B1-AB22BE7F6409}
2011-04-01 19:17 . 2011-04-01 19:17	--------	d-----w-	c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29	--------	d--h--w-	c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29	342016	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16	271872	----a-w-	c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51	193592	----a-w-	c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51	167480	----a-w-	c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57	22016	----a-w-	c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17	384000	----a-w-	c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17	352256	----a-w-	c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17	309760	----a-w-	c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16	218112	----a-w-	c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29	286720	----a-w-	c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24	321536	----a-w-	c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18	507904	----a-w-	c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32	60440	----a-w-	c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09	--------	d-----w-	C:\HP Universal Print Driver
2011-04-01 15:52 . 2011-04-01 15:52	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{A9C75B84-6A24-4E58-B56A-A4B51E38F328}
2011-04-01 14:23 . 2011-04-01 14:23	46112	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2011-04-01 01:40 . 2011-04-01 01:40	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\{5C4C6454-ABCF-4F87-83D7-60871AF21132}
2011-03-29 18:11 . 2011-03-29 18:55	256	----a-w-	c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10	--------	d-----w-	c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11	--------	d-----w-	c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58	--------	d--h--w-	c:\programdata\CA2
2011-03-27 14:32 . 2011-03-27 14:32	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Roaming\MusicNet
2011-03-27 14:29 . 2011-03-29 01:53	--------	d--h--w-	c:\users\ChooseUrDestiny\AppData\Local\iMesh
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 14:13 . 2011-03-14 14:13	61440	---ha-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2011-03-14 14:13 . 2011-03-14 14:13	61440	---ha-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{3F7423FB-8E9A-4EF4-BB8A-EAD6314CCB3D}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2011-03-08 22:23 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16	133632	----a-w-	c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57	551424	----a-w-	c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2010-02-24 05:41	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-10 21:02	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-10 21:02	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-10 21:02	144384	----a-w-	c:\windows\system32\cdd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28723.cfxxe" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: Artem@Demchenkov.Colors - %profile%\extensions\Artem@Demchenkov.Colors
FF - Ext: DeeperWeb for Google: bizdom@wizbites.com - %profile%\extensions\bizdom@wizbites.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{20EFD19B-675C-417B-A498-B0161D72FF88}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{3FAB28FF-A32C-4E97-855A-D9A48A3D71BD}\Service Center Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{14DE4FD2-435F-4B22-9051-1D7F757B82F7}\Traktor Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files (x86)\Common Files\mcafee\mna\mcnasvc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-04-25  14:56:32 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-25 18:56
.
Pre-Run: 281,638,170,624 bytes free
Post-Run: 312,254,595,072 bytes free
.
- - End Of File - - A6FAD655CDDCAD532D8D58A99E436BA4


----------



## kells

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:07:00 PM, on 4/25/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/66.30/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232250D6-43F2-461E-AA14-7B3E3DE16A00}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE72BB85-526E-43A3-A0B9-FDD6215E9678}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15562 bytes


----------



## kells

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6441

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/25/2011 11:40:04 AM
mbam-log-2011-04-25 (11-40-04).txt

Scan type: Quick scan
Objects scanned: 178915
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
c:\programdata\45539080.exe (Trojan.FakeAlert) -> 5004 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfxXnMEdlJbla (Trojan.FakeAlert) -> Value: rfxXnMEdlJbla -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\chooseurdestiny\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\45539080.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\rfxxnmedljbla.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\chooseurdestiny\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\chooseurdestiny\AppData\Local\Temp\ldra9f7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\chooseurdestiny\AppData\Local\Temp\tmpA9C8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\chooseurdestiny\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\chooseurdestiny\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\chooseurdestiny\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.


----------



## johnb35

Please post an uninstall log using hijackthis.

open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it, then copy and paste it back here.

Also when was the last time mcafee was updated?  The combofix log shows its outdated. Is your subscription expired?


----------



## kells

Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Adobe Reader 9.3.4
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ArcSoft DVD SlideShow
ArcSoft MediaImpression
ArcSoft Panorama Maker 4
ArcSoft PhotoMontage VE
Bing Bar
BlackBerry Desktop Software 5.0
BlackBerry Desktop Software 5.0
BlackBerry® Media Sync
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CutePDF Professional 3.6 (Evaluation)
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Encompass NetBranch Installation Manager
Encompass360
FinePixViewer Resource
FinePixViewer Ver.5.5
FinePixViewer YTUPL
FireText VirtualDJ Plugin v2.42
Free YouTube Download version 2.10.33.324
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hercules DJ Products Series drivers
HiJackThis
Internet TV for Windows Media Center
Java(TM) 6 Update 24
Junk Mail filter update
K-Lite Mega Codec Pack 6.3.0
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
MeridianLink Site Security Certificate
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable Package
Mozilla Firefox (3.6.16)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Traktor DJ Studio 3 Demo
PC Attorney
Picasa 3
PowerDVD DX
QuickTime
Roxio Burn
Roxio Burn
Roxio Update Manager
Safari
Scratch Live 2.2.0 (22033)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype™ 4.2
Spyware Doctor 7.0
Tether 1.1.0.2
TweetDeck
TweetDeck
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Outlook Social Connector (KB2441641)
VideoLAN VLC media player 0.8.6d
Virtual DJ - Atomix Productions
Virtual DJ Pro Full - Atomix Productions
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin

Yes It has expired.


----------



## johnb35

Please uninstall the following programs via add/remove programs

µTorrent
Adobe Reader 8
Coupon Printer for Windows

Also please uninstall any nongenuine software installed.  You have utorrent installed, this is p2p program and possibly the way you got infected.  The other possible way would be visiting bad websites.

Download and run the mcafee removal tool

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Then download and install either AVAST or Microsoft Security Essentials to replace mcafee.

Then rerun hijackthis and place checks next to the following entries if they exist.

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"

Then click on fix checked.

Please place the combofix file on the desktop so you can perform the following procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Folder::
c:\users\ChooseUrDestiny\AppData\Local\{BA77CBE6-A1D1-469E-A4FE-E39EF61A7BE9}
c:\users\ChooseUrDestiny\AppData\Local\{E1FE66EC-BC9C-4753-A685-B756E883C946}
c:\users\ChooseUrDestiny\AppData\Local\{9C9EDC7F-84B5-4644-B048-69CA5A3387A3}
c:\users\ChooseUrDestiny\AppData\Local\{60CDB359-CB12-430B-8070-E4FDAAB83DD1}
c:\users\ChooseUrDestiny\AppData\Local\{9AE78C90-1CA8-4EEB-A1E2-FF2B63BC85C3}
c:\users\ChooseUrDestiny\AppData\Local\{E8B75897-FE08-4CE1-9ECC-748970085712}
c:\users\ChooseUrDestiny\AppData\Local\{0C1C657C-E59E-4D9A-826E-059B826B3F69}
c:\users\ChooseUrDestiny\AppData\Local\{8882F5CD-33CF-4DB4-9F2C-8CBBDBE12A09}
c:\users\ChooseUrDestiny\AppData\Local\{686453A8-8074-48FA-B09E-A656BB83DA03}
c:\users\ChooseUrDestiny\AppData\Local\{581DD802-48FE-41A7-A39F-7D6B461CF152}
c:\users\ChooseUrDestiny\AppData\Local\{5DA9CEA3-BC50-45E7-B338-0A7474C3E21D}
c:\users\ChooseUrDestiny\AppData\Local\{3050B45E-FBE5-4F3B-8B72-CFB6A11299FC}
c:\users\ChooseUrDestiny\AppData\Local\{C74A2A3E-66EE-44E4-B38B-23E594DA4555}
c:\users\ChooseUrDestiny\AppData\Local\{0F97C7C8-7741-488D-AD0A-85952B1E3C40}
c:\users\ChooseUrDestiny\AppData\Local\{5850E50F-FEAF-4591-AB5D-F9F6671DC518}
c:\users\ChooseUrDestiny\AppData\Local\{5DC943B8-63A3-43F5-9925-8616CA39D469}
c:\users\ChooseUrDestiny\AppData\Local\{997655D2-F5CB-4378-AB30-A907EA462DFE}
c:\users\ChooseUrDestiny\AppData\Local\{210B0870-5549-4033-9FAE-D6A99A7E219A}
c:\users\ChooseUrDestiny\AppData\Local\{52D16561-7667-4E4D-9E28-1F14837CFDDB}
c:\users\ChooseUrDestiny\AppData\Local\{9A694E21-B26F-41FD-92F3-99F30F5B1EC3}
c:\users\ChooseUrDestiny\AppData\Local\WMA-MP3.com
c:\users\ChooseUrDestiny\AppData\Local\{3B344A85-18F4-4D0A-B85B-2FDE44391A54}
c:\users\ChooseUrDestiny\AppData\Local\{3503A6A8-9BC4-4652-8262-D8D3ED39B07C}
c:\users\ChooseUrDestiny\AppData\Local\{1890F0E2-5693-4788-971A-3A19F66174A5}
c:\users\ChooseUrDestiny\AppData\Local\{888519FD-8C11-4B06-A2A1-15BE59693EEF}
c:\users\ChooseUrDestiny\AppData\Local\{2E44225A-AB58-417B-931D-88A30646D510}
c:\users\ChooseUrDestiny\AppData\Local\{C319AD48-1D5B-4776-8A32-96AC61A9D1B2}
c:\users\ChooseUrDestiny\AppData\Local\{1DB63C7E-30F7-4147-AC43-1C9B19037168}
c:\users\ChooseUrDestiny\AppData\Local\{5AADF55A-A2CE-420D-971C-16A84846DB26}
c:\users\ChooseUrDestiny\AppData\Local\{EE358DC9-6610-46F9-9132-CB4268F784E6}
c:\users\ChooseUrDestiny\AppData\Local\{6A94CFD3-06C1-4831-9569-34542DE8D8E8}
c:\users\ChooseUrDestiny\AppData\Local\{CA411673-843F-4A0F-A461-AE5A9C3DB8E4}
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP
c:\users\ChooseUrDestiny\AppData\Local\{2F2F8C9A-F026-4F40-A1C2-BE4D35011E9A}
c:\users\ChooseUrDestiny\AppData\Local\{BFEA77BD-04E4-4A6C-B77A-2FE3153048A7}
c:\users\ChooseUrDestiny\AppData\Local\{21D3DEB0-09A6-4536-92FD-92CDD9EC2994}
c:\users\ChooseUrDestiny\AppData\Local\{C65AFEDB-BD58-418D-88B1-AB22BE7F6409}
c:\users\ChooseUrDestiny\AppData\Local\{A9C75B84-6A24-4E58-B56A-A4B51E38F328}
c:\users\ChooseUrDestiny\AppData\Local\{5C4C6454-ABCF-4F87-83D7-60871AF21132}



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## kells

Thanks John! I have uninstalled a few programs via add/remove. Unfortunately I have to go now, but I'll be back in a couple of hours. I will post results when all tasks are completed. 
Thanks again!


----------



## kells

Thanks John! I have uninstalled a few programs via add/remove programs. Unfortunately I have to go now, but I'll be back in a couple of hours. I will re post when all tasks are completed.
Thanks again!


----------



## kells

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011   8:07.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4056.2664 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ChooseUrDestiny\AppData\Local\{0C1C657C-E59E-4D9A-826E-059B826B3F69}
c:\users\ChooseUrDestiny\AppData\Local\{0F97C7C8-7741-488D-AD0A-85952B1E3C40}
c:\users\ChooseUrDestiny\AppData\Local\{1890F0E2-5693-4788-971A-3A19F66174A5}
c:\users\ChooseUrDestiny\AppData\Local\{1DB63C7E-30F7-4147-AC43-1C9B19037168}
c:\users\ChooseUrDestiny\AppData\Local\{210B0870-5549-4033-9FAE-D6A99A7E219A}
c:\users\ChooseUrDestiny\AppData\Local\{21D3DEB0-09A6-4536-92FD-92CDD9EC2994}
c:\users\ChooseUrDestiny\AppData\Local\{2E44225A-AB58-417B-931D-88A30646D510}
c:\users\ChooseUrDestiny\AppData\Local\{2F2F8C9A-F026-4F40-A1C2-BE4D35011E9A}
c:\users\ChooseUrDestiny\AppData\Local\{3050B45E-FBE5-4F3B-8B72-CFB6A11299FC}
c:\users\ChooseUrDestiny\AppData\Local\{3503A6A8-9BC4-4652-8262-D8D3ED39B07C}
c:\users\ChooseUrDestiny\AppData\Local\{3B344A85-18F4-4D0A-B85B-2FDE44391A54}
c:\users\ChooseUrDestiny\AppData\Local\{52D16561-7667-4E4D-9E28-1F14837CFDDB}
c:\users\ChooseUrDestiny\AppData\Local\{581DD802-48FE-41A7-A39F-7D6B461CF152}
c:\users\ChooseUrDestiny\AppData\Local\{5850E50F-FEAF-4591-AB5D-F9F6671DC518}
c:\users\ChooseUrDestiny\AppData\Local\{5AADF55A-A2CE-420D-971C-16A84846DB26}
c:\users\ChooseUrDestiny\AppData\Local\{5C4C6454-ABCF-4F87-83D7-60871AF21132}
c:\users\ChooseUrDestiny\AppData\Local\{5DA9CEA3-BC50-45E7-B338-0A7474C3E21D}
c:\users\ChooseUrDestiny\AppData\Local\{5DC943B8-63A3-43F5-9925-8616CA39D469}
c:\users\ChooseUrDestiny\AppData\Local\{60CDB359-CB12-430B-8070-E4FDAAB83DD1}
c:\users\ChooseUrDestiny\AppData\Local\{686453A8-8074-48FA-B09E-A656BB83DA03}
c:\users\ChooseUrDestiny\AppData\Local\{6A94CFD3-06C1-4831-9569-34542DE8D8E8}
c:\users\ChooseUrDestiny\AppData\Local\{8882F5CD-33CF-4DB4-9F2C-8CBBDBE12A09}
c:\users\ChooseUrDestiny\AppData\Local\{888519FD-8C11-4B06-A2A1-15BE59693EEF}
c:\users\ChooseUrDestiny\AppData\Local\{997655D2-F5CB-4378-AB30-A907EA462DFE}
c:\users\ChooseUrDestiny\AppData\Local\{9A694E21-B26F-41FD-92F3-99F30F5B1EC3}
c:\users\ChooseUrDestiny\AppData\Local\{9AE78C90-1CA8-4EEB-A1E2-FF2B63BC85C3}
c:\users\ChooseUrDestiny\AppData\Local\{9C9EDC7F-84B5-4644-B048-69CA5A3387A3}
c:\users\ChooseUrDestiny\AppData\Local\{A9C75B84-6A24-4E58-B56A-A4B51E38F328}
c:\users\ChooseUrDestiny\AppData\Local\{BA77CBE6-A1D1-469E-A4FE-E39EF61A7BE9}
c:\users\ChooseUrDestiny\AppData\Local\{BFEA77BD-04E4-4A6C-B77A-2FE3153048A7}
c:\users\ChooseUrDestiny\AppData\Local\{C319AD48-1D5B-4776-8A32-96AC61A9D1B2}
c:\users\ChooseUrDestiny\AppData\Local\{C65AFEDB-BD58-418D-88B1-AB22BE7F6409}
c:\users\ChooseUrDestiny\AppData\Local\{C74A2A3E-66EE-44E4-B38B-23E594DA4555}
c:\users\ChooseUrDestiny\AppData\Local\{CA411673-843F-4A0F-A461-AE5A9C3DB8E4}
c:\users\ChooseUrDestiny\AppData\Local\{E1FE66EC-BC9C-4753-A685-B756E883C946}
c:\users\ChooseUrDestiny\AppData\Local\{E8B75897-FE08-4CE1-9ECC-748970085712}
c:\users\ChooseUrDestiny\AppData\Local\{EE358DC9-6610-46F9-9132-CB4268F784E6}
c:\users\ChooseUrDestiny\AppData\Local\WMA-MP3.com
c:\users\ChooseUrDestiny\AppData\Local\WMA-MP3.com\Protected Music Converter\CrashLog_remove.bin
c:\users\ChooseUrDestiny\AppData\Local\WMA-MP3.com\Protected Music Converter\LastFiles.bin
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCall.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla1.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla12.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla13.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla17.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla18.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla2.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla2.exe
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla20.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla21.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla22.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla23.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla24.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla24.exe
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla25.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla26.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla27.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla28.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla29.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla3.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla30.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla31.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla32.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla33.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla4.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla4.exe
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseCustomCalla8.dll
c:\windows\611BEF5FEE8D43648D1D0C8B5B924B1B.TMP\WiseData.ini
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-26 to 2011-04-26  )))))))))))))))))))))))))))))))
.
.
2011-04-26 12:26 . 2011-04-26 12:26	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-04-26 12:26 . 2011-04-26 12:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-26 11:26 . 2011-04-26 11:26	601424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:26 . 2011-04-11 05:21	8802128	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC07A783-BBA7-4712-88AE-D3F653016D35}\mpengine.dll
2011-04-26 11:23 . 2011-04-26 11:23	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2011-04-26 11:05 . 2011-04-26 11:05	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\{8F0DBDD7-28C8-415B-94A6-989B2DF65742}
2011-04-26 03:51 . 2011-04-26 03:51	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\{DDAF342D-32B2-486F-871B-8AC7506D3897}
2011-04-25 15:56 . 2011-04-25 15:56	388096	----a-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24	30736	----a-w-	c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03	--------	d-----w-	c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18	33264	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19	--------	d-----w-	C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23	--------	d-----w-	c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59	--------	d-----w-	c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17	--------	d-----w-	c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29	--------	d-----w-	c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29	342016	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16	271872	----a-w-	c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51	193592	----a-w-	c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51	167480	----a-w-	c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57	22016	----a-w-	c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17	384000	----a-w-	c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17	352256	----a-w-	c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17	309760	----a-w-	c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16	218112	----a-w-	c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29	286720	----a-w-	c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24	321536	----a-w-	c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18	507904	----a-w-	c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32	60440	----a-w-	c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09	--------	d-----w-	C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23	46112	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55	256	----a-w-	c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10	--------	d-----w-	c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11	--------	d-----w-	c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58	--------	d-----w-	c:\programdata\CA2
2011-03-27 14:32 . 2011-03-27 14:32	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Roaming\MusicNet
2011-03-27 14:29 . 2011-03-29 01:53	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\iMesh
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16	133632	----a-w-	c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57	551424	----a-w-	c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-25_18.46.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23	82628              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23	47608              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23	16306              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25	72064              c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25	40832              c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 11:22	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 11:22	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:22	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24	78512              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 12:13	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 12:13	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23	404192              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41	481060              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20	634562              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20	132530              c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11	270720              c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51	270720              c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25	188928              c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00	2697216              c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34	1682432              c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: Artem@Demchenkov.Colors - %profile%\extensions\Artem@Demchenkov.Colors
FF - Ext: DeeperWeb for Google: bizdom@wizbites.com - %profile%\extensions\bizdom@wizbites.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26  08:28:41
ComboFix-quarantined-files.txt  2011-04-26 12:28
ComboFix2.txt  2011-04-25 18:56
.
Pre-Run: 316,527,063,040 bytes free
Post-Run: 316,018,794,496 bytes free
.
- - End Of File - - 68759EF230886DCEEFA4E54356DFA494


----------



## johnb35

I still see entries for Adobe reader 8, did you uninstall that yet?  How is the system running now?  

Please download and run Ccleaner and run it.

http://download.cnet.com/ccleaner/

Install the program and then just open it and click on run cleaner.


----------



## kells

I removed it. The only adobe showing in add/remove are
flash player 10 plug in
10 active x
reader 9.3.4
adobe air
Over all everything has been restored and seem to be working better than before. My desk top is fully restored and I can really tell the difference in the boot up!


----------



## johnb35

Can you post a fresh hijackthis log for me?


----------



## kells

Ok! ran ccleaner and hijack update:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:24:59 AM, on 4/26/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/66.30/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232250D6-43F2-461E-AA14-7B3E3DE16A00}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE72BB85-526E-43A3-A0B9-FDD6215E9678}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12378 bytes


----------



## johnb35

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Folder::

C:\Program Files (x86)\Adobe\Reader 8.0
c:\users\ChooseUrDestiny\AppData\Local\{8F0DBDD7-28C8-415B-94A6-989B2DF65742}
c:\users\ChooseUrDestiny\AppData\Local\{DDAF342D-32B2-486F-871B-8AC7506D3897}

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

post a fresh hijackthis log afterwards.


----------



## kells

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:14 AM, on 4/26/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/66.30/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232250D6-43F2-461E-AA14-7B3E3DE16A00}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE72BB85-526E-43A3-A0B9-FDD6215E9678}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12379 bytes


----------



## johnb35

Did you run the second combofix script I gave you?  I need to see the log from it.


----------



## kells

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011   9:52.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4056.2475 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adobe\Reader 8.0
c:\users\ChooseUrDestiny\AppData\Local\{8F0DBDD7-28C8-415B-94A6-989B2DF65742}
c:\users\ChooseUrDestiny\AppData\Local\{DDAF342D-32B2-486F-871B-8AC7506D3897}
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-26 to 2011-04-26  )))))))))))))))))))))))))))))))
.
.
2011-04-26 13:56 . 2011-04-26 13:56	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-04-26 13:56 . 2011-04-26 13:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-26 13:15 . 2011-04-26 13:15	--------	d-----w-	c:\program files\CCleaner
2011-04-26 12:53 . 2011-04-11 05:21	8802128	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8B91A0-B1EC-458E-AEAA-0B6A0AD8AA70}\mpengine.dll
2011-04-26 11:26 . 2011-04-26 11:26	601424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:23 . 2011-04-26 11:23	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2011-04-25 15:56 . 2011-04-25 15:56	388096	----a-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24	30736	----a-w-	c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03	--------	d-----w-	c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18	33264	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19	--------	d-----w-	C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23	--------	d-----w-	c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59	--------	d-----w-	c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17	--------	d-----w-	c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29	--------	d-----w-	c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29	342016	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16	271872	----a-w-	c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51	193592	----a-w-	c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51	167480	----a-w-	c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57	22016	----a-w-	c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17	384000	----a-w-	c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17	352256	----a-w-	c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17	309760	----a-w-	c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16	218112	----a-w-	c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29	286720	----a-w-	c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24	321536	----a-w-	c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18	507904	----a-w-	c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32	60440	----a-w-	c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09	--------	d-----w-	C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23	46112	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55	256	----a-w-	c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10	--------	d-----w-	c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11	--------	d-----w-	c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58	--------	d-----w-	c:\programdata\CA2
2011-03-27 14:32 . 2011-03-27 14:32	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Roaming\MusicNet
2011-03-27 14:29 . 2011-03-29 01:53	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\iMesh
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16	133632	----a-w-	c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57	551424	----a-w-	c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-25_18.46.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23	82628              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23	47608              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23	16306              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25	72064              c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25	40832              c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 13:15	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 13:15	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 13:15	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24	78512              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 13:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 13:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23	404192              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41	481060              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20	634562              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20	132530              c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11	270720              c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51	270720              c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25	188928              c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00	2697216              c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34	1682432              c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: Artem@Demchenkov.Colors - %profile%\extensions\Artem@Demchenkov.Colors
FF - Ext: DeeperWeb for Google: bizdom@wizbites.com - %profile%\extensions\bizdom@wizbites.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26  09:58:42
ComboFix-quarantined-files.txt  2011-04-26 13:58
ComboFix2.txt  2011-04-26 12:28
ComboFix3.txt  2011-04-25 18:56
.
Pre-Run: 317,052,092,416 bytes free
Post-Run: 317,006,970,880 bytes free
.
- - End Of File - - 03705F14F831209BAE192E9DBDE25B1A

Sorry I took so long!


----------



## johnb35

Ok, one more time as those registry keys are still locked, not sure if you copied the script right or not.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then rerun hijactkhis and place checks next to the following entries if they exist.

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Then click on fix checked.


----------



## kells

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011  10:40:23.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4056.2404 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-26 to 2011-04-26  )))))))))))))))))))))))))))))))
.
.
2011-04-26 14:44 . 2011-04-26 14:44	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-04-26 14:44 . 2011-04-26 14:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-26 13:15 . 2011-04-26 13:15	--------	d-----w-	c:\program files\CCleaner
2011-04-26 12:53 . 2011-04-11 05:21	8802128	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8B91A0-B1EC-458E-AEAA-0B6A0AD8AA70}\mpengine.dll
2011-04-26 11:26 . 2011-04-26 11:26	601424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:23 . 2011-04-26 11:23	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2011-04-25 15:56 . 2011-04-25 15:56	388096	----a-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24	30736	----a-w-	c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03	--------	d-----w-	c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18	33264	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19	--------	d-----w-	C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23	--------	d-----w-	c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59	--------	d-----w-	c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17	--------	d-----w-	c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29	--------	d-----w-	c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29	342016	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16	271872	----a-w-	c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51	193592	----a-w-	c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51	167480	----a-w-	c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57	22016	----a-w-	c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17	384000	----a-w-	c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17	352256	----a-w-	c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17	309760	----a-w-	c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16	218112	----a-w-	c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29	286720	----a-w-	c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24	321536	----a-w-	c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18	507904	----a-w-	c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32	60440	----a-w-	c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09	--------	d-----w-	C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23	46112	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55	256	----a-w-	c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10	--------	d-----w-	c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11	--------	d-----w-	c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58	--------	d-----w-	c:\programdata\CA2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16	133632	----a-w-	c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57	551424	----a-w-	c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-25_18.46.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23	82628              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23	47608              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23	16306              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25	72064              c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25	40832              c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 13:15	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 13:15	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 13:15	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24	78512              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 14:06	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 14:06	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23	404192              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41	481060              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20	634562              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20	132530              c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11	270720              c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51	270720              c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25	188928              c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00	2697216              c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34	1682432              c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: Artem@Demchenkov.Colors - %profile%\extensions\Artem@Demchenkov.Colors
FF - Ext: DeeperWeb for Google: bizdom@wizbites.com - %profile%\extensions\bizdom@wizbites.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26  10:46:18
ComboFix-quarantined-files.txt  2011-04-26 14:46
ComboFix2.txt  2011-04-26 13:58
ComboFix3.txt  2011-04-26 12:28
ComboFix4.txt  2011-04-25 18:56
.
Pre-Run: 317,051,162,624 bytes free
Post-Run: 316,775,403,520 bytes free
.
- - End Of File - - 2EE23EF68EA3E8DD80A9B57A267DBDA6


----------



## kells

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:20 AM, on 4/26/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/66.30/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232250D6-43F2-461E-AA14-7B3E3DE16A00}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE72BB85-526E-43A3-A0B9-FDD6215E9678}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12143 bytes


----------



## johnb35

The script didn't work because it was named wrong.



		Code:
	

Command switches used :: c:\users\ChooseUrDestiny\Desktop\[COLOR="Red"]CFScript.txt.txt[/COLOR]


Rerun the same script but this time, when saving it, don't add the .txt.  Save it as cfscript and then press the save button.


----------



## kells

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)


----------



## johnb35

You need to perform the combofix script though.  Follow the same instructions as before.  Drag the file onto combofix icon.


----------



## kells

I copied and paste the reglock to note pad saved to desktop
drag and drop into combofix it ran its course and then copied
the log. Am I missing something?


----------



## johnb35

The last combofix log you gave me, the script you made was named wrong.  See my quote a couple replies back.  

When you saved the script in notepad you must have named it cfscript.txt and then pressed save.  It then added another .txt at the end of the file, which is why the script didn't work.  Lets do it one more time.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## kells

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)

Thank you again for your time and patience.


----------



## kells

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011  11:44:26.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4056.2377 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-26 to 2011-04-26  )))))))))))))))))))))))))))))))
.
.
2011-04-26 15:48 . 2011-04-26 15:48	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-04-26 15:48 . 2011-04-26 15:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-26 13:15 . 2011-04-26 13:15	--------	d-----w-	c:\program files\CCleaner
2011-04-26 12:53 . 2011-04-11 05:21	8802128	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8B91A0-B1EC-458E-AEAA-0B6A0AD8AA70}\mpengine.dll
2011-04-26 11:26 . 2011-04-26 11:26	601424	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:23 . 2011-04-26 11:23	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20	--------	d-----w-	c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2011-04-25 15:56 . 2011-04-25 15:56	388096	----a-r-	c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24	30736	----a-w-	c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03	--------	d-----w-	c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18	33264	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19	--------	d-----w-	C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23	--------	d-----w-	c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59	--------	d-----w-	c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51	29288	----a-w-	c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17	--------	d-----w-	c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29	--------	d-----w-	c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29	342016	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16	271872	----a-w-	c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51	193592	----a-w-	c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51	167480	----a-w-	c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57	22016	----a-w-	c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17	384000	----a-w-	c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17	352256	----a-w-	c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17	309760	----a-w-	c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16	218112	----a-w-	c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29	286720	----a-w-	c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24	321536	----a-w-	c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18	507904	----a-w-	c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32	60440	----a-w-	c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09	--------	d-----w-	C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23	46112	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55	256	----a-w-	c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11	--------	d-----w-	c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10	--------	d-----w-	c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11	--------	d-----w-	c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58	--------	d-----w-	c:\programdata\CA2
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16	133632	----a-w-	c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57	551424	----a-w-	c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-25_18.46.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23	82628              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23	47608              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23	16306              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25	72064              c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25	40832              c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 13:15	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 13:15	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 13:15	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24	78512              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 15:07	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 15:07	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11	262144              c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23	404192              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41	481060              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20	634562              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20	132530              c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11	270720              c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51	270720              c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25	188928              c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38	245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21	405980              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24	3802445              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43	1356432              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00	2697216              c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34	1682432              c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: Artem@Demchenkov.Colors - %profile%\extensions\Artem@Demchenkov.Colors
FF - Ext: DeeperWeb for Google: bizdom@wizbites.com - %profile%\extensions\bizdom@wizbites.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26  11:50:19
ComboFix-quarantined-files.txt  2011-04-26 15:50
ComboFix2.txt  2011-04-26 15:14
ComboFix3.txt  2011-04-26 14:46
ComboFix4.txt  2011-04-26 13:58
ComboFix5.txt  2011-04-26 15:43
.
Pre-Run: 316,814,503,936 bytes free
Post-Run: 316,773,937,152 bytes free
.
- - End Of File - - C34C56ADA6A24233A1EAE5223D913CBD


----------



## johnb35

I'm not sure why its not working right.  I need to get ready to leave for work in a little bit but I will try and remember to reply again tonight when I get home.  

Try this in the meantime.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.

Then also rerun a malwarebytes scan making sure you update it before running it.  Open malwarebytes, click on the update tab, click on check for updates.  Sometimes when opening malwarebytes it will tell you its outdated and will ask if you want to check for updates anyway.  Post the new malwarebytes log as well.


----------



## kells

OK! will do. ComboFix is asking to update version. Should I update? Thanks and have a great day!


----------



## johnb35

Yes, let it update itself.


----------



## kells

ESETlog:

C:\DRAKE10\TEX\TEX089.DLL	probably a variant of Win32/TrojanDropper.Agent.EVDMNMU trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir	Win32/Toolbar.Zugo application
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21a4db8c-4b128e13	a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\39acf28e-29c4cfc8	probably a variant of Win32/Agent.ZVRMM trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\17581695-1a006b30	Win32/Adware.SpywareProtect2009 application
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7bacbd5a-1bb10a2a	multiple threats
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\10c13db4-2d033e2a	probably a variant of Win32/Agent.CDGQEWH trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5e185af5-21a45535	Java/Exploit.CVE-2010-3562.A trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3ace5fb7-76051524	Java/Exploit.CVE-2009-2843.B trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\21d393fe-75d86164	Win32/Adware.SpywareProtect2009 application
C:\Users\ChooseUrDestiny\Downloads\registrybooster.exe	Win32/RegistryBooster application


----------



## kells

Wow! nothing detected. I see how important 
it is to run multiple scans! 

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6448 

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/26/2011 2:22:56 PM
mbam-log-2011-04-26 (14-22-56).txt

Scan type: Quick scan
Objects scanned: 178413
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## johnb35

Ok, first thing is I need you to follow the instructions on this page to clear your java cache.

http://www.java.com/en/download/help/plugin_cache.xml

Then navigate to 

C:\Users\ChooseUrDestiny\Downloads

and delete the file Registry booster.exe.

Do you know what the Drake10 folder is?

C:\DRAKE10\TEX\TEX089.DLL 

Last thing I need you to do is click on start button, in the search box type...

combofix /uninstall   hit enter.  It will act like its running again but it will say combofix has been uninstalled when its done.


----------



## kells

drake is what my wife uses for work. It was installed from the original disk provided by her company.


----------



## johnb35

Ok, thats fine.  You should be good now.  Let me know if you run into any more issues.


----------



## kells

Thanks John, your truly an asset to this forum!!
Keep up the good work!


----------



## kells

Hey John! I went to start run> combofix / uninstall it runs its course like normal. I tried it three times and its still on my desk top. When I originally installed it I downloaded it to c:documents drive then cut and paste to desk top. Would that create an issue? Any suggestions?


----------



## johnb35

The correct way in typing it is

combofix /uninstall

there must be a space between the x and the / and no space between the / and the u.

Try it again.


----------

