# DWM.exe error message



## RhondaLee1 (Mar 2, 2013)

Hi, I was not sure which forum I should put this in. I hope this is the right one. This is the family PC. There are 3 users, but only mine is an administrator. The error only happens when I log on, none of the users get it. It may not be a big deal. Even though I get this error message every single time I log in, after I click it and wait or the system to continue to boot up, everything works fine. 

Here is the exact error message:

Could not load or run
'C:\Users\home\AppData\Local\Temp\dwm.exe' specified in the registry.
Make sure the file exists on your computer or remove the reference to it in the registry.

I would appreciate any feedback as to what this error is and how to get rid of it. Or if I sho.uld even fool with it, since it doesn't really cause any problems, except a delay in logging in


----------



## captainron276 (Sep 11, 2010)

To help us help you,please use the TSG System Info tool to let Tech's know the specs of your computer: http://static.techguy.org/download/SysInfo.exe Copy and paste the results here in your thread.* You can use the TSG Info to fill in your computer information in your user profile as well.*

Also, if its a brand name system like an Acer,Dell or HP, please post the exact model of the system.


----------



## RhondaLee1 (Mar 2, 2013)

captainron276 said:


> To help us help you,please use the TSG System Info tool to let Tech's know the specs of your computer: http://static.techguy.org/download/SysInfo.exe Copy and paste the results here in your thread.* You can use the TSG Info to fill in your computer information in your user profile as well.*
> 
> Also, if its a brand name system like an Acer,Dell or HP, please post the exact model of the system.


Sorry, I didn't provide more info. The computer is a Dell 530S. I will run that tool and provide the requsted info tomorrow. Off to bed now. Thanks.


----------



## Elvandil (Aug 1, 2003)

Just FYI: dwm.exe is the Windows deasktop manager. But, it is not in any temp directory. It is likely that the error is due to an infection masquerading as a normal process, probably gone now if the file can't be found. Nothing should be running from the temp directory except the rare installer that unpacks there when a new program is being installed.

But you should still do a complete scan.

Run this standalone Startup Control Panel (direct download link) and look under the tabs to find the entry for the dwm.exe that is trying to run from that directory (right-click and choose Edit to see the full paths in any entries) and delete it.


----------



## RhondaLee1 (Mar 2, 2013)

The Sysinfo is below:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista&#8482; Home Basic, Service Pack 2, 32 bit
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz, x64 Family 6 Model 22 Stepping 1
Processor Count: 1
RAM: 2036 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 320 Mb
Hard Drives: C: Total - 142290 MB, Free - 86371 MB; D: Total - 10239 MB, Free - 5440 MB;
Motherboard: Dell Inc., 0RY007
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled


----------



## RhondaLee1 (Mar 2, 2013)

Elvandil - I just read your post after I posted the system info that was requested. Do you still recommend me following your directions?


----------



## captainron276 (Sep 11, 2010)

Rhonda,

Follow Elvandil's instructions and he will get you going in the right direction 

Happy B-Day Elvandil


----------



## RhondaLee1 (Mar 2, 2013)

Elvandil - I followed your instructions, but there was nothing with "dwm.exe" under any of the tabs. Any other suggestions? -- Rhonda


----------



## jenae (Mar 17, 2013)

Hi, most likely it is benign, however you should have your system checked by the security forum, the reg key, load, value data referenced, should not be simply deleted until you are given the all clear (a trojan most likely) the key in question is :-

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load


----------



## Cookiegal (Aug 27, 2003)

jenae is correct about a possible loading point.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under Custom Scans/Fixes type in *Netsvcs*
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,
When I clicked on "OTC" a McAfee warning box popped-up. 
It said, "McAfee has detected that your download contains viruses, spyware, and other potentially unwanted programs. These programs can damage your hard drive or steal your personal information."
It asked if I wanted to "block" the download or continue anyway. I wasn't sure what to do, as this kind of scared me. So I just cancelled the download, instead of blocking it. 
Should this happen and should I feel safe to download this tool anyway? Please let me know what to do, and thanks for helping me.
Rhonda


----------



## Cookiegal (Aug 27, 2003)

It shouldn't be OTC but OTL. Yes, you need to allow it. You may have to disable McAfee temporariliy.

The tools we use are often flagged as malware but they are not. It's because of what they are capable of doing (making changes to the system, deleting files, services, etc.) so it's based on behaviour.


----------



## RhondaLee1 (Mar 2, 2013)

Sorry that was a typo. I clicked on OTL. I will follow your instructions now and post results.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal, here are the results:

*OTL.Txt:*

OTL logfile created on: 3/18/2013 1:30:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop\shortcuts
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.76% Memory free
4.21 Gb Paging File | 2.45 Gb Available in Paging File | 58.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 83.36 Gb Free Space | 59.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 13:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\shortcuts\OTL.exe
PRC - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/10/07 05:02:38 | 000,140,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
PRC - [2012/10/07 04:12:36 | 000,252,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
PRC - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
PRC - [2012/05/31 16:41:40 | 000,132,488 | ---- | M] (Capital Intellect Inc) -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/29 16:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/20 12:13:56 | 000,927,576 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
PRC - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/10/29 16:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 16:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2013/03/13 02:34:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/11/22 05:40:54 | 000,279,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/05/31 16:41:40 | 000,132,488 | ---- | M] (Capital Intellect Inc) [Auto | Running] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/30 09:44:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/09 07:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/11/09 07:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/11/09 07:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/11/09 07:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/11/09 07:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/11/09 07:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/11/09 07:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/02 02:46:50 | 000,252,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/11/02 02:46:50 | 000,081,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2012/05/28 11:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/17 11:27:10 | 000,722,944 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008/07/02 02:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/11/01 17:47:56 | 000,267,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/myweb...0&si=&st=sb&n=77cf1fe5&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081030
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{F276DEC6-3251-42EE-BC95-DE93DBBC3C77}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/02/17 15:31:20 | 000,000,000 | ---D | M]

[2012/06/20 11:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2010/02/03 22:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/06/20 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 05:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/02/13 13:26:53 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/12/10 05:49:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 13:26:54 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/12/06 11:36:27 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober241267714.xml
[2012/05/04 02:26:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Coupon Activator Netscape Plugin v. 4.5.0.0 (Enabled) = C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/02/25 02:35:51 | 000,000,000 | -H-D | M]
F3 - HKCU WinNT: Load - (C:\Users\home\AppData\Local\Temp\dwm.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Matchmaking)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://iplay.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E80585-710A-47B3-B318-4A2A9850375B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\home\AppData\Roaming\Microsoft\Windows\shell.exe) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\home\Pictures\discus2.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\discus2.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{74b5fac8-6a67-11e1-a08b-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{74b5fac8-6a67-11e1-a08b-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{74b5fae3-6a67-11e1-a08b-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{74b5fae3-6a67-11e1-a08b-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{c45b938c-08e3-11df-b2f8-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{c45b938c-08e3-11df-b2f8-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 10:23:53 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/18 10:23:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/18 10:23:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/18 10:23:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/18 10:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/15 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Facebook
[2013/03/14 03:02:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/14 03:02:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 03:02:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 03:02:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 03:02:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/14 03:02:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 03:02:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 03:02:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/12 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SanDisk SecureAccess
[2013/02/27 19:01:33 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Quicken
[2013/02/27 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2013/02/27 18:47:58 | 004,200,896 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2013/02/27 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
[2013/02/27 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/02/27 18:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2013/02/27 18:45:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Intuit
[2013/02/27 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/02/22 21:44:47 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINCTL4.OCX
[2013/02/22 21:44:47 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINUTIL5.DLL
[2013/02/22 21:44:47 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINLCTL5.DLL
[2013/02/22 21:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Winferno
[2013/02/16 23:20:56 | 000,147,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/02/16 23:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/02/16 23:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/02/16 23:09:08 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2013/02/16 23:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/02/16 23:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/16 23:06:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/16 21:12:29 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\TeamViewer
[2013/02/16 19:07:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2013/02/16 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 13:34:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/18 12:57:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 12:57:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/18 12:47:55 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/18 12:47:55 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/18 12:21:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
[2013/03/18 10:42:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002UA.job
[2013/03/18 10:23:11 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/18 10:23:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/18 10:23:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/18 10:23:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/18 10:23:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/03/18 10:23:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/18 10:14:58 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/03/18 10:10:31 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job
[2013/03/17 18:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
[2013/03/17 13:42:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002Core.job
[2013/03/16 18:56:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/16 18:56:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/03/16 18:56:39 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/13 02:34:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 02:34:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/12 12:34:27 | 000,000,288 | ---- | M] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/03/12 00:27:49 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME
[2013/02/27 18:47:53 | 000,001,617 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/02/27 18:47:27 | 000,000,120 | ---- | M] () -- C:\Windows\QUICKEN.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/15 18:16:29 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
[2013/03/15 18:16:27 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
[2013/03/12 12:34:27 | 000,000,288 | ---- | C] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/02/27 18:47:52 | 000,001,617 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/02/22 21:44:51 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\WSSHelper.job
[2013/02/16 23:21:27 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/02/16 22:35:50 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/02/16 22:35:37 | 000,002,946 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/02/16 18:53:19 | 2136,133,632 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/04 01:37:58 | 000,000,680 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011/04/25 18:56:13 | 000,011,776 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 12:58:28 | 000,072,080 | ---- | C] () -- C:\Users\home\g2mdlhlpx.exe
[2010/10/10 01:51:16 | 000,000,263 | ---- | C] () -- C:\Users\home\AppData\Roaming\asdsada.bat
[2009/12/15 18:02:51 | 000,000,428 | ---- | C] () -- C:\Users\home\AppData\Roaming\wklnhst.dat
[2009/08/15 18:44:03 | 000,003,284 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANIWZCS{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}
[2009/08/15 18:40:58 | 000,000,253 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANICONFIG_{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}.ini

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1C94526F
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:2913008E
@Alternate Data Stream - 338 bytes -> C:\ProgramData\TEMP:E1002D91
@Alternate Data Stream - 316 bytes -> C:\ProgramData\TEMP:3D059D31
@Alternate Data Stream - 311 bytes -> C:\ProgramData\TEMP:4CB560CF
@Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP81A09B0
@Alternate Data Stream - 300 bytes -> C:\ProgramData\TEMP:2D1BA810
@Alternate Data Stream - 298 bytes -> C:\ProgramData\TEMP:5C5DFEA1
@Alternate Data Stream - 297 bytes -> C:\ProgramData\TEMP:92660C3E
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:A4E5024A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6EAE3ABC
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:60D735B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E7123C4C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6DD87D86
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F4133568
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:104EF12D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E4373D93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2FC9D9C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8DEE424C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B85E5267
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:858D9994
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0AE6CC6C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1B79AEF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C6FB18EA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:226A6E31
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP1BCFD4A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP2F157E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:726FDB23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6468C896
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD171C9E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8470B630
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B31F805F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP41AB8D0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3A6F413D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP158BAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AA243C48
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP6200B77
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:53ABB239
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:09CEBED1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BAFDD950
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8807C278
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:869C5089
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B13EE36
< End of report >

*Extras.Txt:*

OTL Extras logfile created on: 3/18/2013 1:30:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop\shortcuts
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.76% Memory free
4.21 Gb Paging File | 2.45 Gb Available in Paging File | 58.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 83.36 Gb Free Space | 59.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithHiDefMedia] -- "C:\Program Files\HiDefMedia\HiDefMedia\HiDefMedia.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C677753-49F5-466D-AA14-ACF2C9847806}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{20349525-C743-4637-8930-0468E97378E6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{323F5168-29C0-49B8-8A30-88250D6F2AA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3CF23061-9696-498A-A14E-196DF8C99AF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{605FA9F4-C032-4FB6-B9FF-9F313BCA1741}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6228DBB1-0DA4-4D09-9299-8C6E8634E714}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{7CDF7515-351E-439B-962F-714AD332E9FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8481CFB4-9451-4E87-83D5-16501240C545}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9116A713-D063-49B8-9BC4-E17B934E4AC9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9508D3D3-1030-4403-BDC6-A40D98416D84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{CF6775DD-D342-4A8C-9BF6-71324F9CDAA1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F7DB1230-6209-4D09-BC53-CE6AA06B79D8}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F313162-A3FB-4D7E-AFD2-36B2CF6844A7}" = protocol=58 | dir=in | [email protected],-28545 | 
"{0F459D6A-00FD-44FB-B053-28C5AB515FD9}" = protocol=17 | dir=in | app=c:\program files\mypoints point finder\toolbarupdate.exe | 
"{1071F04D-32D9-4BBE-AA5E-3ECCF80E8A70}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{1B6386EE-4A11-4BE3-8681-5DC5BFAA48A2}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{207E922F-F01A-46F0-8B3B-CEA5426C7164}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{279BAA9E-FD7F-442F-A0F5-8388F13C6FE7}" = protocol=6 | dir=in | app=c:\program files\mypoints point finder\toolbarupdate.exe | 
"{305C6A6E-1F07-42E7-9390-8214038AD05A}" = dir=in | app=c:\users\home\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{38DF793B-5C4D-4CE2-A749-2D2B20AD3FD0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{3909BBB5-64FB-4B00-BCE8-19D709EEC16C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{391A9F98-DEBF-4D99-97C5-712B1E2FC915}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{394616BA-8FA4-4115-897E-79CAF0345749}" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe | 
"{39B44D4D-4413-4630-8C5B-305ACC54B17F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{4B22FA54-8C61-4BE8-8231-7537F5A82FF1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5E242BA9-6BBB-4E30-8440-17F1E65A8EB3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{63FE77AB-95BF-4809-8B88-F6CBDE21E185}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{6A841802-4D5B-4A45-9E4B-D2E4E834A93C}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6EE7AE8B-C05F-473E-B30A-D3665B4F81E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{74849B4B-D194-4104-81FA-E23DD651E2F4}" = protocol=1 | dir=in | [email protected],-28543 | 
"{7928D6DF-5C3E-446A-885C-78AE784C29EB}" = protocol=6 | dir=in | app=c:\program files\mypoints point finder\troubleshooter.exe | 
"{88001442-53A8-4FED-93EA-F4D5DCC30730}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8C78F96F-DDA4-4FC2-B512-8886402E4259}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{8CA9E098-3EF8-44AE-A959-FB9B946A4F1B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{918F57EC-40C9-4A2E-A52A-5AA3B5434E86}" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\dropbox\bin\dropbox.exe | 
"{92648807-60F0-4FA5-A314-BEE7C74925B4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{98A05E66-5A19-447E-A6E4-E90CF6066A66}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{A2BB2C35-4444-499E-BE6D-2FE683613007}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{AD9EB2C1-3EE6-4213-A13A-49C29D279727}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{B2F8F1D2-A156-48E8-82FC-0E06CB269C23}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | 
"{DB28EEF3-E222-4B9E-8B74-44418899705B}" = protocol=17 | dir=in | app=c:\program files\mypoints point finder\troubleshooter.exe | 
"{E15C40C1-40AA-45C5-9627-3980572AD1F2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F566A4A2-4D60-408F-B6DF-AC5152CEFD9A}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F7D31A63-6533-45DF-B227-FF85E37C71CE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{FC72B60E-4D98-40EB-BE83-9FFFBC71431F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{8939D2C1-7AC6-40CB-B6C1-4C16E2FEB157}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"TCP Query User{B597F0D4-4F4F-45C8-8A46-74BA0B551A9E}C:\program files\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files\dell\dell datasafe online\nobuclient.exe | 
"TCP Query User{CAF3FE78-7887-4453-947E-9F7DDBB38722}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"TCP Query User{FB8A6507-32BA-41CC-AAE8-1C44507420FE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{135CF787-1802-4BF4-9850-6567957146CE}C:\program files\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files\dell\dell datasafe online\nobuclient.exe | 
"UDP Query User{240A8971-27D1-4A1B-B394-0E616694BE88}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{887B997B-F130-4D92-B18E-5143EF3D6237}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"UDP Query User{88F3F1C9-ABE4-4A01-A31E-D2C24F8D3304}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E8D54BE3-7781-4B87-BB9F-62719B0E52A6}" = Houghton Mifflin eReference Suite
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DAO 3.5" = DAO 3.5
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HiDef Media Player" = HiDef Media Player 1.1.12
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee AntiVirus Plus
"Office14.SingleImage" = Microsoft Office Professional 2010
"PC-Doctor for Windows" = Dell Support Center
"PokerStars.net" = PokerStars.net
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"sp6" = Logitech SetPoint 6.32
"The Print Shop 10.0" = The Print Shop
"The Print Shop Photo Pro 1.0" = The Print Shop Photo Pro
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2013 3:31:12 PM | Computer Name = home-PC | Source = Perflib | ID = 1010
Description =

Error - 3/14/2013 3:31:14 PM | Computer Name = home-PC | Source = Perflib | ID = 1008
Description =

Error - 3/14/2013 6:22:15 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/14/2013 6:22:15 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/15/2013 7:22:58 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/15/2013 7:23:26 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/15/2013 7:23:26 PM | Computer Name = home-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 3/16/2013 4:32:28 PM | Computer Name = home-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16470, time stamp
0x510c8801, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0x40000015, fault offset 0x00052fd3, process id 0x97c, application
start time 0x01ce228318d4abb0.

Error - 3/16/2013 6:57:16 PM | Computer Name = home-PC | Source = Winferno Subscription Service | ID = 262144
Description =

Error - 3/16/2013 6:58:26 PM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/14/2013 5:58:15 PM | Computer Name = home-PC | Source = DCOM | ID = 10010
Description =

Error - 3/14/2013 10:34:45 PM | Computer Name = home-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 3/14/2013 10:34:48 PM | Computer Name = home-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 3/15/2013 6:07:04 PM | Computer Name = home-PC | Source = DCOM | ID = 10010
Description =

Error - 3/15/2013 8:34:03 PM | Computer Name = home-PC | Source = DCOM | ID = 10010
Description =

Error - 3/16/2013 4:30:51 PM | Computer Name = home-PC | Source = DCOM | ID = 10016
Description =

Error - 3/16/2013 4:30:54 PM | Computer Name = home-PC | Source = DCOM | ID = 10016
Description =

Error - 3/16/2013 7:02:00 PM | Computer Name = home-PC | Source = DCOM | ID = 10010
Description =

Error - 3/16/2013 8:12:33 PM | Computer Name = home-PC | Source = DCOM | ID = 10010
Description =

Error - 3/18/2013 2:03:47 AM | Computer Name = home-PC | Source = DCOM | ID = 10010
Description =

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Yes, I see that loading point in the log as well as other malicious items.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2418376
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
[2012/02/13 13:26:53 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/13 13:26:54 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
F3 - HKCU WinNT: Load - (C:\Users\home\AppData\Local\Temp\dwm.exe) - File not found
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://iplay.oberon-media.com/Gamesh...onGameHost.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not found
O20 - HKCU Winlogon: Shell - (C:\Users\home\AppData\Roaming\Microsoft\Windows\shell.exe) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2010/10/10 01:51:16 | 000,000,263 | ---- | C] () -- C:\Users\home\AppData\Roaming\asdsada.bat
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## RhondaLee1 (Mar 2, 2013)

Cookie Gal,
My problem is solved! After I rebooted my PC, I did not get that error message. I had been getting it for over a year, so I just couldn't believe it and rebooted my PC again. Again, no error message. Here is the infor you requested. First there was a "Fix Log" You did not ask for this, but I am pasting it in, because maybe you do want it. The second paste is the OTL.Txt that was created when I ran a quick scan. Should I go ahead and mark this issue solved?
*FIX LOG:*
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\ not found.
File C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi not found.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\home\AppData\Local\Temp\dwm.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
C:\Windows\Downloaded Program Files\OberonGameHost_dbg.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020}\ deleted successfully.
File {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\home\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\home\AppData\Roaming\asdsada.bat moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03192013_150023

*OTL TEXT LOG - after quick scan:*

OTL logfile created on: 3/19/2013 3:39:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop\shortcuts
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.44% Memory free
4.21 Gb Paging File | 2.64 Gb Available in Paging File | 62.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 84.37 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 13:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\shortcuts\OTL.exe
PRC - [2013/03/15 18:15:52 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/10/07 05:02:38 | 000,140,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
PRC - [2012/10/07 04:12:36 | 000,252,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
PRC - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
PRC - [2012/05/31 16:41:40 | 000,132,488 | ---- | M] (Capital Intellect Inc) -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/29 16:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/20 12:13:56 | 000,927,576 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
PRC - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/10/29 16:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 16:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2013/03/13 02:34:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/11/22 05:40:54 | 000,279,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/05/31 16:41:40 | 000,132,488 | ---- | M] (Capital Intellect Inc) [Auto | Running] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/30 09:44:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/09 07:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/11/09 07:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/11/09 07:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/11/09 07:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/11/09 07:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/11/09 07:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/11/09 07:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/02 02:46:50 | 000,252,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/11/02 02:46:50 | 000,081,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2012/05/28 11:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/17 11:27:10 | 000,722,944 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008/07/02 02:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/11/01 17:47:56 | 000,267,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081030
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{F276DEC6-3251-42EE-BC95-DE93DBBC3C77}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/02/17 15:31:20 | 000,000,000 | ---D | M]

[2012/06/20 11:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2010/02/03 22:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/06/20 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 05:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/10 05:49:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/06 11:36:27 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober241267714.xml
[2012/05/04 02:26:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Coupon Activator Netscape Plugin v. 4.5.0.0 (Enabled) = C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/02/25 02:35:51 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Matchmaking)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E80585-710A-47B3-B318-4A2A9850375B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\home\Pictures\discus2.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\discus2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{74b5fac8-6a67-11e1-a08b-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{74b5fac8-6a67-11e1-a08b-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{74b5fae3-6a67-11e1-a08b-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{74b5fae3-6a67-11e1-a08b-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{c45b938c-08e3-11df-b2f8-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{c45b938c-08e3-11df-b2f8-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 15:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/19 15:00:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/15 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Facebook
[2013/03/12 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SanDisk SecureAccess
[2013/02/27 19:01:33 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Quicken
[2013/02/27 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2013/02/27 18:47:58 | 004,200,896 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2013/02/27 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
[2013/02/27 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/02/27 18:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2013/02/27 18:45:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Intuit
[2013/02/27 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/02/22 21:44:47 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINCTL4.OCX
[2013/02/22 21:44:47 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINUTIL5.DLL
[2013/02/22 21:44:47 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINLCTL5.DLL
[2013/02/22 21:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Winferno

========== Files - Modified Within 30 Days ==========

[2013/03/19 15:43:20 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/03/19 15:41:40 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/19 15:41:40 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/19 15:38:09 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job
[2013/03/19 15:35:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 15:35:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 15:35:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 15:35:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/03/19 15:35:09 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 15:34:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/19 15:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
[2013/03/19 13:42:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002UA.job
[2013/03/19 13:42:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002Core.job
[2013/03/18 18:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
[2013/03/12 12:34:27 | 000,000,288 | ---- | M] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/03/12 00:27:49 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME
[2013/02/27 18:47:53 | 000,001,617 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/02/27 18:47:27 | 000,000,120 | ---- | M] () -- C:\Windows\QUICKEN.INI

========== Files Created - No Company Name ==========

[2013/03/15 18:16:29 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
[2013/03/15 18:16:27 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
[2013/03/12 12:34:27 | 000,000,288 | ---- | C] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/02/27 18:47:52 | 000,001,617 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/02/22 21:44:51 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\WSSHelper.job
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/04 01:37:58 | 000,000,680 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011/04/25 18:56:13 | 000,011,776 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 12:58:28 | 000,072,080 | ---- | C] () -- C:\Users\home\g2mdlhlpx.exe
[2009/12/15 18:02:51 | 000,000,428 | ---- | C] () -- C:\Users\home\AppData\Roaming\wklnhst.dat
[2009/08/15 18:44:03 | 000,003,284 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANIWZCS{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}
[2009/08/15 18:40:58 | 000,000,253 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANICONFIG_{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}.ini

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/08/21 22:28:35 | 000,000,000 | -HSD | M] -- C:\Users\home\AppData\Roaming\.#
[2009/09/10 09:57:14 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Aisle 5 Games, Inc
[2009/09/18 17:54:25 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Azuaz Games
[2013/03/18 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Canon
[2009/08/23 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CasualForge
[2009/08/29 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\cerasus.media
[2009/12/25 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Chessmaster Challenge
[2010/03/22 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/08/16 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CupcakeCafe
[2010/05/17 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CVS
[2011/08/21 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DriverCure
[2012/08/14 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox
[2012/06/12 05:26:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\E-centives
[2009/08/29 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\EleFun Games
[2009/08/22 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Fabulous Finds
[2010/06/16 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Facebook
[2010/09/10 03:54:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FCTB000060497
[2009/09/09 20:24:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Friday's games
[2009/09/17 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\funkitron
[2009/08/16 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/08/26 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Home Sweet Home Christmas
[2009/08/16 10:50:28 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\HSA
[2009/09/09 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\iWin
[2009/09/03 16:56:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Jetsetter
[2011/01/27 21:43:22 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Leadertech
[2010/02/17 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Ludia
[2012/05/19 17:39:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MAGIX
[2009/08/15 20:07:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Masque
[2009/09/01 14:10:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Meridian93
[2009/09/20 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Merscom
[2009/08/24 08:37:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Namco
[2009/08/17 11:36:26 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Oberon Games
[2010/12/31 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Oberon Media
[2009/08/20 15:39:43 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\panoramik
[2011/08/21 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ParetoLogic
[2011/02/15 00:48:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PCDr
[2009/08/19 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Peace Craft
[2009/09/11 10:11:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PlayFirst
[2009/08/16 11:19:51 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PoBros
[2009/09/18 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\RobinsonCrusoeOM
[2013/03/12 12:37:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SanDisk SecureAccess
[2009/08/23 10:26:21 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Shape games
[2009/09/08 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Sortasoft
[2009/08/25 15:51:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpinTop
[2009/12/25 20:52:14 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpinTop Games
[2009/09/03 14:07:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SprillBermudeEng
[2013/02/16 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TeamViewer
[2009/12/15 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Template
[2009/09/17 20:37:38 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Total Eclipse
[2009/08/16 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Twintale Entertainment
[2009/12/19 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\V-Games

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1C94526F
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:2913008E
@Alternate Data Stream - 338 bytes -> C:\ProgramData\TEMP:E1002D91
@Alternate Data Stream - 316 bytes -> C:\ProgramData\TEMP:3D059D31
@Alternate Data Stream - 311 bytes -> C:\ProgramData\TEMP:4CB560CF
@Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP81A09B0
@Alternate Data Stream - 300 bytes -> C:\ProgramData\TEMP:2D1BA810
@Alternate Data Stream - 298 bytes -> C:\ProgramData\TEMP:5C5DFEA1
@Alternate Data Stream - 297 bytes -> C:\ProgramData\TEMP:92660C3E
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:A4E5024A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6EAE3ABC
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:60D735B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E7123C4C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6DD87D86
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F4133568
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:104EF12D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E4373D93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2FC9D9C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8DEE424C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B85E5267
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:858D9994
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0AE6CC6C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1B79AEF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C6FB18EA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:226A6E31
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP1BCFD4A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP2F157E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:726FDB23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6468C896
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD171C9E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8470B630
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B31F805F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP41AB8D0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3A6F413D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP158BAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AA243C48
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP6200B77
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:53ABB239
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:09CEBED1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BAFDD950
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8807C278
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:869C5089
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B13EE36
< End of report >


----------



## RhondaLee1 (Mar 2, 2013)

Cookie Gal,
My problem is solved! After I rebooted my PC, I did not get that error message. I had been getting it for over a year, so I just couldn't believe it and rebooted my PC again. Again, no error message. Here is the infor you requested. First there was a "Fix Log" You did not ask for this, but I am pasting it in, because maybe you do want it. The second paste is the OTL.Txt that was created when I ran a quick scan. Should I go ahead and mark this issue solved?
*FIX LOG:*
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\ not found.
File C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi not found.
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\home\AppData\Local\Temp\dwm.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
C:\Windows\Downloaded Program Files\OberonGameHost_dbg.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020}\ deleted successfully.
File {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Value error. File not found not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\home\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\home\AppData\Roaming\asdsada.bat moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03192013_150023

*OTL TEXT LOG - after quick scan:*

OTL logfile created on: 3/19/2013 3:39:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop\shortcuts
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.44% Memory free
4.21 Gb Paging File | 2.64 Gb Available in Paging File | 62.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 84.37 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 13:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\shortcuts\OTL.exe
PRC - [2013/03/15 18:15:52 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/10/07 05:02:38 | 000,140,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
PRC - [2012/10/07 04:12:36 | 000,252,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
PRC - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
PRC - [2012/05/31 16:41:40 | 000,132,488 | ---- | M] (Capital Intellect Inc) -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/29 16:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/20 12:13:56 | 000,927,576 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
PRC - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/10/29 16:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 16:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2013/03/13 02:34:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/11/22 05:40:54 | 000,279,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/11/09 07:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/11/09 07:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/10/07 04:13:42 | 000,184,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/05/31 16:41:40 | 000,132,488 | ---- | M] (Capital Intellect Inc) [Auto | Running] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/30 09:44:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/11/09 07:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/11/09 07:53:32 | 000,210,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/11/09 07:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/11/09 07:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/11/09 07:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/11/09 07:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/11/09 07:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/02 02:46:50 | 000,252,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/11/02 02:46:50 | 000,081,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2012/05/28 11:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/17 11:27:10 | 000,722,944 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008/07/02 02:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/11/01 17:47:56 | 000,267,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081030
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{F276DEC6-3251-42EE-BC95-DE93DBBC3C77}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/02/17 15:31:20 | 000,000,000 | ---D | M]

[2012/06/20 11:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2010/02/03 22:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/06/20 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 05:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/10 05:49:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/06 11:36:27 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober241267714.xml
[2012/05/04 02:26:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Coupon Activator Netscape Plugin v. 4.5.0.0 (Enabled) = C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/02/25 02:35:51 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games  Matchmaking)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E80585-710A-47B3-B318-4A2A9850375B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\home\Pictures\discus2.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\discus2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{74b5fac8-6a67-11e1-a08b-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{74b5fac8-6a67-11e1-a08b-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{74b5fae3-6a67-11e1-a08b-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{74b5fae3-6a67-11e1-a08b-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\TL_Bootstrap.exe
O33 - MountPoints2\{c45b938c-08e3-11df-b2f8-00219b0d0f3a}\Shell - "" = AutoRun
O33 - MountPoints2\{c45b938c-08e3-11df-b2f8-00219b0d0f3a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 15:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/19 15:00:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/15 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Facebook
[2013/03/12 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SanDisk SecureAccess
[2013/02/27 19:01:33 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\Quicken
[2013/02/27 18:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2013/02/27 18:47:58 | 004,200,896 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2013/02/27 18:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
[2013/02/27 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/02/27 18:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2013/02/27 18:45:06 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Intuit
[2013/02/27 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/02/22 21:44:47 | 000,835,584 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINCTL4.OCX
[2013/02/22 21:44:47 | 000,495,616 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINUTIL5.DLL
[2013/02/22 21:44:47 | 000,393,216 | ---- | C] (Capital Intellect Inc) -- C:\Windows\System32\WINLCTL5.DLL
[2013/02/22 21:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Winferno

========== Files - Modified Within 30 Days ==========

[2013/03/19 15:43:20 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/03/19 15:41:40 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/19 15:41:40 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/19 15:38:09 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\WSSHelper.job
[2013/03/19 15:35:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 15:35:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 15:35:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/19 15:35:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/03/19 15:35:09 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 15:34:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/19 15:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
[2013/03/19 13:42:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002UA.job
[2013/03/19 13:42:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002Core.job
[2013/03/18 18:21:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
[2013/03/12 12:34:27 | 000,000,288 | ---- | M] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/03/12 00:27:49 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME
[2013/02/27 18:47:53 | 000,001,617 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/02/27 18:47:27 | 000,000,120 | ---- | M] () -- C:\Windows\QUICKEN.INI

========== Files Created - No Company Name ==========

[2013/03/15 18:16:29 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
[2013/03/15 18:16:27 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
[2013/03/12 12:34:27 | 000,000,288 | ---- | C] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/02/27 18:47:52 | 000,001,617 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2013.lnk
[2013/02/22 21:44:51 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\WSSHelper.job
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/04 01:37:58 | 000,000,680 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011/04/25 18:56:13 | 000,011,776 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 12:58:28 | 000,072,080 | ---- | C] () -- C:\Users\home\g2mdlhlpx.exe
[2009/12/15 18:02:51 | 000,000,428 | ---- | C] () -- C:\Users\home\AppData\Roaming\wklnhst.dat
[2009/08/15 18:44:03 | 000,003,284 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANIWZCS{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}
[2009/08/15 18:40:58 | 000,000,253 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANICONFIG_{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}.ini

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/08/21 22:28:35 | 000,000,000 | -HSD | M] -- C:\Users\home\AppData\Roaming\.#
[2009/09/10 09:57:14 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Aisle 5 Games, Inc
[2009/09/18 17:54:25 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Azuaz Games
[2013/03/18 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Canon
[2009/08/23 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CasualForge
[2009/08/29 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\cerasus.media
[2009/12/25 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Chessmaster Challenge
[2010/03/22 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009/08/16 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CupcakeCafe
[2010/05/17 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\CVS
[2011/08/21 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\DriverCure
[2012/08/14 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Dropbox
[2012/06/12 05:26:11 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\E-centives
[2009/08/29 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\EleFun Games
[2009/08/22 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Fabulous Finds
[2010/06/16 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Facebook
[2010/09/10 03:54:00 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\FCTB000060497
[2009/09/09 20:24:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Friday's games
[2009/09/17 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\funkitron
[2009/08/16 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/08/26 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Home Sweet Home Christmas
[2009/08/16 10:50:28 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\HSA
[2009/09/09 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\iWin
[2009/09/03 16:56:46 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Jetsetter
[2011/01/27 21:43:22 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Leadertech
[2010/02/17 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Ludia
[2012/05/19 17:39:42 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\MAGIX
[2009/08/15 20:07:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Masque
[2009/09/01 14:10:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Meridian93
[2009/09/20 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Merscom
[2009/08/24 08:37:40 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Namco
[2009/08/17 11:36:26 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Oberon Games
[2010/12/31 22:26:18 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Oberon Media
[2009/08/20 15:39:43 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\panoramik
[2011/08/21 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\ParetoLogic
[2011/02/15 00:48:24 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PCDr
[2009/08/19 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Peace Craft
[2009/09/11 10:11:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PlayFirst
[2009/08/16 11:19:51 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\PoBros
[2009/09/18 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\RobinsonCrusoeOM
[2013/03/12 12:37:47 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SanDisk SecureAccess
[2009/08/23 10:26:21 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Shape games
[2009/09/08 13:52:09 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Sortasoft
[2009/08/25 15:51:15 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpinTop
[2009/12/25 20:52:14 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SpinTop Games
[2009/09/03 14:07:37 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\SprillBermudeEng
[2013/02/16 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\TeamViewer
[2009/12/15 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Template
[2009/09/17 20:37:38 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Total Eclipse
[2009/08/16 12:37:36 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Twintale Entertainment
[2009/12/19 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\V-Games

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1C94526F
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:2913008E
@Alternate Data Stream - 338 bytes -> C:\ProgramData\TEMP:E1002D91
@Alternate Data Stream - 316 bytes -> C:\ProgramData\TEMP:3D059D31
@Alternate Data Stream - 311 bytes -> C:\ProgramData\TEMP:4CB560CF
@Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP81A09B0
@Alternate Data Stream - 300 bytes -> C:\ProgramData\TEMP:2D1BA810
@Alternate Data Stream - 298 bytes -> C:\ProgramData\TEMP:5C5DFEA1
@Alternate Data Stream - 297 bytes -> C:\ProgramData\TEMP:92660C3E
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:A4E5024A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6EAE3ABC
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:60D735B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E7123C4C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6DD87D86
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F4133568
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:104EF12D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E4373D93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2FC9D9C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8DEE424C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B85E5267
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:858D9994
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0AE6CC6C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1B79AEF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C6FB18EA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:226A6E31
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP1BCFD4A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP2F157E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:726FDB23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6468C896
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD171C9E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8470B630
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B31F805F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP41AB8D0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3A6F413D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP158BAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AA243C48
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP6200B77
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:53ABB239
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:09CEBED1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BAFDD950
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8807C278
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:869C5089
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B13EE36
< End of report >


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,
Thankyou so very much for fixing this issue! I have been getting that error and it slowed down my PC from booting for over a year! I cannot believe you did this for free! 
Thanks again,
Rhonda


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure. The file no longer existed but there was an entry in the registry which we removed that was still trying to load it so that's why you were getting that message.

Please stay with me. There is more to do.

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,

Okay, I think you are saying there is still more to fix on my PC. Great! I will follow up with this tomorrow. 

Rhonda


----------



## Cookiegal (Aug 27, 2003)

Yes. Please do.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,

Here is the log from ComboFix:

ComboFix 13-03-20.01 - home 03/20/2013 10:40:11.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.964 [GMT -4:00]
Running from: c:\users\home\Desktop\shortcuts\puppy.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
C:\install.exe
c:\program files\Gamevance
c:\program files\Gamevance\ars.cfg
c:\program files\Gamevance\icon.ico
c:\program files\PersonSecurity
c:\program files\PersonSecurity\psecurity.exe.tmp1
c:\program files\PersonSecurity\psecurity.exe.tmp2
c:\program files\PersonSecurity\psecurity.exe.tmp3
c:\program files\PersonSecurity\psecurity.exe.tmp4
c:\program files\PersonSecurity\psecurity.exe.tmp5
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{163B81E7-95D3-42DD-B79B-777FDEBA4A8C}.xps
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0396DD6-7C8C-492F-BC46-D0E1C20BEEC1}.xps
c:\users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA2AA56E-8478-4AF0-8F8E-8B387E28BDA6}.xps
c:\users\home\AppData\Roaming\.#
c:\users\home\g2mdlhlpx.exe
c:\users\home\GoToAssistDownloadHelper.exe
c:\windows\COUPon~1.ocx
c:\windows\system32\DC120fc7_32.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-20 14:55 . 2013-03-20 14:58 -------- d-----w- c:\users\home\AppData\Local\temp
2013-03-20 14:55 . 2013-03-20 14:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-03-20 14:55 . 2013-03-20 14:55 -------- d-----w- c:\users\Everybody\AppData\Local\temp
2013-03-20 14:55 . 2013-03-20 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 14:18 . 2013-03-20 14:18 -------- d-----w- c:\users\home\AppData\Local\Citrix
2013-03-19 19:00 . 2013-03-19 19:00 -------- d-----w- C:\_OTL
2013-03-18 14:23 . 2013-03-18 14:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 22:16 . 2013-03-15 22:16 -------- d-----w- c:\users\home\AppData\Local\Facebook
2013-03-12 16:37 . 2013-03-12 16:37 -------- d-----w- c:\users\home\AppData\Roaming\SanDisk SecureAccess
2013-03-11 02:41 . 2013-03-11 02:42 -------- d-----w- c:\users\Family
2013-03-01 03:58 . 2013-03-01 03:58 -------- d-----w- c:\users\Guest\AppData\Local\Google
2013-02-27 22:48 . 2013-02-27 22:48 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2013-02-27 22:47 . 2012-12-22 00:06 4200896 ----a-w- c:\windows\system32\cdintf400.dll
2013-02-27 22:45 . 2013-02-27 22:45 -------- d-----w- c:\program files\Common Files\Intuit
2013-02-27 22:45 . 2013-03-14 21:17 -------- d-----w- c:\program files\Quicken
2013-02-27 22:45 . 2013-02-27 22:45 -------- d-----w- c:\users\home\AppData\Roaming\Intuit
2013-02-27 22:44 . 2013-02-27 22:44 -------- d-----w- c:\programdata\Intuit
2013-02-23 01:44 . 2009-04-13 16:18 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2013-02-23 01:44 . 2008-06-02 15:38 835584 ----a-w- c:\windows\system32\WINCTL4.OCX
2013-02-23 01:44 . 2006-03-31 20:36 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2013-02-23 01:44 . 2013-02-23 01:44 -------- d-----w- c:\program files\Common Files\Winferno
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 14:23 . 2012-08-25 15:14 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-18 14:23 . 2011-05-06 22:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 06:34 . 2012-03-30 02:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 06:34 . 2011-09-05 19:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-05 05:26 . 2013-02-13 01:18 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-13 01:18 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-13 01:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-13 01:18 2048512 ----a-w- c:\windows\system32\win32k.sys
2012-12-22 00:06 . 2012-12-22 00:06 1722896 ----a-w- c:\windows\system32\inetclnt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Dell DataSafe Online"="c:\program files\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 927576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 514936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Everybody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Billminder.lnk - c:\quickenw\BILLMIND.EXE [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 06:34]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 22:15]
.
2013-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 22:15]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002Core.job
- c:\users\Everybody\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 17:37]
.
2013-03-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002UA.job
- c:\users\Everybody\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 17:37]
.
2013-03-20 c:\windows\Tasks\WSSHelper.job
- c:\program files\Common Files\Winferno\WSS\WSSHelper.exe [2013-02-23 20:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-20 10:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-20 11:01:44
ComboFix-quarantined-files.txt 2013-03-20 15:01
.
Pre-Run: 89,221,816,320 bytes free
Post-Run: 89,076,363,264 bytes free
.
- - End Of File - - 24BB1441A40EB92C9D1FE1F84B71B2E0


----------



## RhondaLee1 (Mar 2, 2013)

I also had to temporarily disable McAfee Antivirus Plus. I didn't know how, but called their support and he helped me. I have a question. When I first started with techguy, my PSU was burnt out in this PC and someone helped me diagnose it and we installed a new one. But I had installed Winferno (one of those "clean up your hard drive" programs. I was told to remove it and never run anything like that without expert help. 
I just noticed my McAfee has a Quick Clean tool that I can set to run on a regular basis. Is this one of the bad ones or should I use it? Thanks for helping. I will wait for your response.


----------



## Cookiegal (Aug 27, 2003)

I don't recommend running any registry cleaner functions even if they are included with reputable software such as McAfee.

Winferno is still on the system but you said you uninstalled it. Does it still appear in the Control Panel where you remove programs?

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## RhondaLee1 (Mar 2, 2013)

Thanks for the advice about registry cleaners. No Winferno does not show in control panel programs. I uninstalled it from there. How can I get rid of it completely? 
Here are the logs you requested.

*dds.text:*

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by home at 15:49:41 on 2013-03-20
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.895 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\PhotoScreensaver.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\home\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Dell DataSafe Online] c:\program files\dell\dell datasafe online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{97E80585-710A-47B3-B318-4A2A9850375B} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-9 565352]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2009-8-15 12800]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-9 210136]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184288]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-2-16 95232]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184288]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184288]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184288]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184288]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-2-16 632344]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-2-16 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-2-16 167344]
R2 NOBU;Dell DataSafe Online;c:\program files\dell\dell datasafe online\NOBuAgent.exe [2010-10-20 2075480]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 Winferno Subscription Service;Winferno Subscription Service;c:\program files\common files\winferno\wss\WSS.exe [2013-2-22 132488]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-9 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-9 234824]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-9 65488]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-9 362640]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 252200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-2-16 147472]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81456]
S3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-8-15 722944]
.
=============== Created Last 30 ================
.
2013-03-20 15:02:02 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-20 15:01:47 -------- d-----w- c:\users\home\appdata\local\temp
2013-03-20 14:36:10 98816 ----a-w- c:\windows\sed.exe
2013-03-20 14:36:10 256000 ----a-w- c:\windows\PEV.exe
2013-03-20 14:36:10 208896 ----a-w- c:\windows\MBR.exe
2013-03-20 14:18:16 -------- d-----w- c:\users\home\appdata\local\Citrix
2013-03-19 19:00:23 -------- d-----w- C:\_OTL
2013-03-18 14:23:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 22:16:04 -------- d-----w- c:\users\home\appdata\local\Facebook
2013-03-12 16:37:47 -------- d-----w- c:\users\home\appdata\roaming\SanDisk SecureAccess
2013-02-27 22:48:14 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2013-02-27 22:47:58 4200896 ----a-w- c:\windows\system32\cdintf400.dll
2013-02-27 22:45:28 -------- d-----w- c:\program files\common files\Intuit
2013-02-27 22:45:06 -------- d-----w- c:\users\home\appdata\roaming\Intuit
2013-02-27 22:45:06 -------- d-----w- c:\program files\Quicken
2013-02-27 22:44:29 -------- d-----w- c:\programdata\Intuit
2013-02-23 01:44:47 835584 ----a-w- c:\windows\system32\WINCTL4.OCX
2013-02-23 01:44:47 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2013-02-23 01:44:47 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2013-02-23 01:44:46 -------- d-----w- c:\program files\common files\Winferno
.
==================== Find3M ====================
.
2013-03-18 14:23:09 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-18 14:23:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 06:34:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 06:34:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38:50 2048512 ----a-w- c:\windows\system32\win32k.sys
2012-12-22 00:06:48 1722896 ----a-w- c:\windows\system32\inetclnt.dll
.
============= FINISH: 15:50:27.69 ===============

*attach.txt:*

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume3
Install Date: 10/30/2008 4:17:15 AM
System Uptime: 3/20/2013 11:25:45 AM (4 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 82.994 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.313 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1382: 2/28/2013 7:04:19 PM - Scheduled Checkpoint
RP1383: 3/8/2013 4:41:57 PM - Scheduled Checkpoint
RP1384: 3/10/2013 8:30:03 AM - Scheduled Checkpoint
RP1385: 3/11/2013 12:55:48 AM - Scheduled Checkpoint
RP1386: 3/11/2013 6:41:58 PM - Scheduled Checkpoint
RP1388: 3/12/2013 1:11:10 PM - Removed ANIWZCS2 Service
RP1390: 3/12/2013 1:12:30 PM - Removed D-Link Wireless 150 USB Adapter DWA-125
RP1391: 3/12/2013 1:19:55 PM - Windows Backup
RP1392: 3/14/2013 12:00:03 AM - Scheduled Checkpoint
RP1393: 3/14/2013 3:00:26 AM - Windows Update
RP1394: 3/14/2013 7:53:06 PM - Scheduled Checkpoint
RP1395: 3/15/2013 9:00:27 PM - Scheduled Checkpoint
RP1396: 3/16/2013 8:38:24 PM - Scheduled Checkpoint
RP1397: 3/18/2013 12:00:06 AM - Scheduled Checkpoint
RP1398: 3/18/2013 10:20:11 AM - Installed Java 7 Update 17
RP1399: 3/19/2013 12:57:55 AM - Scheduled Checkpoint
RP1400: 3/19/2013 6:12:05 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Browser Address Error Redirector
CameraHelperMsi
Canon Easy-WebPrint EX
Canon Inkjet Printer Driver Add-On Module
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
DAO 3.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-eBay
Dell DataSafe Online
Dell Best of Web
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
EDocs
eReg
Facebook Plug-In
Facebook Video Calling 1.2.0.287
Feedback Tool
HiDef Media Player 1.1.12
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Houghton Mifflin eReference Suite
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
iSEEK AnswerWorks English Runtime
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 34
Logitech SetPoint 6.32
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
Pando Media Booster
PokerStars.net
PowerDVD
QualXServ Service Agreement
Quicken 2013
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x86
Spelling Dictionaries Support For Adobe Reader 9
The Print Shop
The Print Shop Photo Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/20/2013 10:58:10 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/20/2013 10:38:48 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/20/2013 10:35:18 AM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
3/20/2013 10:35:15 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2013 12:02:10 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document New Photo Print, owned by home, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 469025652. Number of bytes printed: 395315572. Total number of pages in the document: 49. Number of pages printed: 0. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 1. Incorrect function.
3/18/2013 10:09:00 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document New Photo Print, owned by home, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 307584016. Number of bytes printed: 26784068. Total number of pages in the document: 37. Number of pages printed: 0. Client computer: \\HOME-PC. Win32 error code returned by the print processor: 1. Incorrect function.
3/16/2013 4:30:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user home-PC\home SID (S-1-5-21-983566750-3532387531-538099956-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/14/2013 3:09:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/14/2013 3:09:52 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/14/2013 3:02:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/14/2013 11:37:20 AM, Error: EventLog [6008] - The previous system shutdown at 11:35:59 AM on 3/14/2013 was unexpected.
.
==== End Of File ===========================


----------



## RhondaLee1 (Mar 2, 2013)

P.S. I disabled the McAfee to run these. I am going to reboot right now and it will turn McAfee back on.


----------



## Cookiegal (Aug 27, 2003)

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,

Will you be helping me take all these programs off my PC when we are done or will I need to keep them? I am just curious. I really appreciate all of your help. Yesterday, I was able to run a complete virus scan with McAfee. I have not been able to do this for quite some time. It would always get hung up somewhere in the middle and time out.

Anyway, here is the log you requested:

# AdwCleaner v2.115 - Logfile created 03/21/2013 at 15:56:42
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\shortcuts\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\ProgramData\iWin
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\home\AppData\Local\Conduit
Folder Found : C:\Users\home\AppData\Local\PackageAware
Folder Found : C:\Users\home\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\home\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\home\AppData\Roaming\iWin
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Everybody\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5065 octets] - [21/03/2013 15:56:42]
########## EOF - C:\AdwCleaner[R1].txt - [5125 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Yes, we'll remove these programs when we're done.

Please run AdwCleaner again and this time select the "delete" option and post the resulting log.


----------



## RhondaLee1 (Mar 2, 2013)

Cookie Gal,

I want to let you know that my flash drive are still starting automatically. You said that one program would stop that and the explanation said that it is much more secure. I don't use my flash drives on any other computers expect my PC and my Laptop. But if it is more secure, I would rather change it if I should. 
Also, I forgot until today when I tried to open my cdrom to make sure there was nothing in it. It will not open anymore for the last couple of months. Is this something that I could open another Thread for or is it not something that I could get help from techguys for? P.S. What about tech gals?!?! LOL

*Here is the log from AdwCleaner after I ran delete:*

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 19:33:48
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\home\Desktop\Cookiegal Helper\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\home\AppData\Local\Conduit
Folder Deleted : C:\Users\home\AppData\Local\PackageAware
Folder Deleted : C:\Users\home\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\home\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\home\AppData\Roaming\iWin
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Everybody\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5194 octets] - [21/03/2013 15:56:42]
AdwCleaner[S1].txt - [5248 octets] - [22/03/2013 19:33:48]
########## EOF - C:\AdwCleaner[S1].txt - [5308 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Are you saying that the CD Rom tray won't physically open? If that's what you mean then try the following:

First, be sure the computer is shut down and the power disconnected.

There should be a small pinhole on the front of the tray. Straighten out a paper clip and push it gently into the pinhole. This should manually release the tray.

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,

I think I am fallling in love with you. LOL My cdrom opens now!

*Here is the log you requested:*

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

I also copied the scan report in case you needed it:

C:\Users\home\AppData\Roaming\Mozilla\Firefox\prefs.js Win32/Agent.RQD.Gen trojan cleaned by deleting - quarantined

I have another question. I have McAfee Antivirus Plus and scanned yesterday or the day before, why did it not pick up or block this trojan?


----------



## Cookiegal (Aug 27, 2003)

I'm glad that worked to open the CD tray. 

The file that was detected is actually something in your Firefox prefrences. We removed a rogue extension so I'm confident this is a detection of something that remained relating to that. Not all anti-virus programs will pick up everything so I can't say why it wasn't detected.

Here's another program I'd like you to run just to be sure there are no hidden rootkits.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## RhondaLee1 (Mar 2, 2013)

I hope this is ok, but I am kind of anal with clutter, so I created a folder on my desktop that has all the programs and logs, etc. that we have used, that way I will have everything in one place when it is time to get rid of it.
I usually always turn off my screen saver and turn power supply to "never" turn off when I am downloading, installing, or running a scan. For several of these, like the eset we just used, I also have to disable McAfee. Should I disable McAfee to run this one? 
I have no idea what a "CD Emulation" program is. Can you give me an example or a better explanation so I can make sure I don't have one. If it is something to do with my cdrom drive, I never use that unless I buy new software or something. Don't listen to CDs or anything. 
I am going to wait for your response before I move forward with these instructions. 
Thanks again,
Rhonda


----------



## Cookiegal (Aug 27, 2003)

Actually, it's not a good idea to move the programs from where we tell you to download them. They are designed to run from the desktop (not from within a folder on the desktop) and when we run the cleanup tool it may not be able to remove them as it won't find the proper locations.

I'm sure you don't have an emulator so you can go ahead with GMER.


----------



## RhondaLee1 (Mar 2, 2013)

I am so sorry. I will move everything back to the desktop or wherever you asked me to put it, before I follow through with your instructions. I had no idea, that is so stupid of me to make a decision like that. I hope I didn't mess up something, but if I did I take full responsibility. I am going for my afternoon walk and I will take care of this later this evening or tomorrow after church.


----------



## RhondaLee1 (Mar 2, 2013)

Should I disable McAfee before I run this program?


----------



## Cookiegal (Aug 27, 2003)

You shouldn't have to but if you get any alerts then just click to Allow the program.

You wouldn't have messed anything up. It can't do any harm. It will just make it a little harder to remove the programs and their components.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,

I put everything back on the desktop, except for the eset. That one is in the program files. I am really sorry, I am newbie and I feel really bad especially with you volunteering to help me fix my PC. Actually a lot of stuff that I really didn't even know was wrong with it.

The weird thing about that "rogue file" is Firefox is not even on this PC. I do think my son installed it a couple of years ago and it was uninstalled at least a year ago. 

Anyway, when I clicked on the link above and the gmer opened up there was an error message on top that said, "Warning!!! GMER has found system modification caused by ROOTKIT activity. There was only an "okay" button and I wasn't sure if I was suppose to click it. All of the boxes on the right-hand side were checked except for the C:\. I also did not see a "Download EXE button.

I made a screen print but found out that I could not paste it into here and I pasted it to word, but don't think I can attach any files to show you.

I am going to wait for further instructions. 

Thanks again,
Rhonda


----------



## Cookiegal (Aug 27, 2003)

Don't feel bad. No harm done. 

That was only the landing page before you even download GMER. It shows an example of what a screen looks like if it finds rootkit activity.

Scroll down below that and click on the button that says "Download EXE".


----------



## RhondaLee1 (Mar 2, 2013)

Unfortunately, I was not able to successfully complete this scan. 
I scrolled down to the "Download EXE" button and saved the file to the desktop. It was named tgn8htew.exe. I double clicked the icon and the program opened and did a quick scan. 
*First and second scan attempts:* I didn't change anything, I just clicked on scan. It ran for about 15 minutes and an error. In the blue title section, it said, "tgn8htew.exe - No Disk" and in the body of the error box, it said, "There is no disk in the drive. Please insert a disk into drive\Device\Harddisk1\DR1." I tried again and received the exact same results.
*Third Scan attempt:* I unchecked IAT/EAT (_originally I thought I was only supposed to do that if I received a warning of rootkit activity_) This resulted in the exact same error message
*Forth scan attempt:* I unchecked IAT/EAT (_originally I thought I was only supposed to do that if I received a warning of rootkit activity_) _*and*_ I checked the box for C:\ (_which removed the check from the quick scan box_) I ended up with the exact same results
*On each attempt* I tried to click (try again, continue, and cancel) none of which did anything but give a loud ding. So I had to stop the scan and exit the program and click cancel a couple of times in the error box to make it go away. 
If this info helps, I did have to disable McAfee in order to save and download this program. I did disable my screen saver and power turn offs.
The program is still sitting on my desk top if you want me to try anything else. 
I tried to search for a path of drive\Device\Harddisk1\DR1 with no results found


----------



## Cookiegal (Aug 27, 2003)

OK let's try this instead.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## RhondaLee1 (Mar 2, 2013)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-24 18:56:17
-----------------------------
18:56:17.129 OS Version: Windows 6.0.6002 Service Pack 2
18:56:17.129 Number of processors: 1 586 0x1601
18:56:17.131 ComputerName: HOME-PC UserName: home
18:56:18.412 Initialize success
18:56:54.072 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:56:54.075 Disk 0 Vendor: WDC_WD1600AAJS-75B4A0 01.03A01 Size: 152587MB BusType: 3
18:56:54.230 Disk 0 MBR read successfully
18:56:54.234 Disk 0 MBR scan
18:56:54.237 Disk 0 Windows VISTA default MBR code
18:56:54.243 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
18:56:54.266 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
18:56:54.279 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142291 MB offset 21084160
18:56:54.285 Disk 0 scanning sectors +312496128
18:56:54.361 Disk 0 scanning C:\Windows\system32\drivers
18:57:08.520 Service scanning
18:57:21.315 Modules scanning
18:57:27.098 Disk 0 trace - called modules:
18:57:27.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
18:57:27.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ce7ac8]
18:57:27.526 3 CLASSPNP.SYS[8879f8b3] -> nt!IofCallDriver -> [0x84a4a6b8]
18:57:27.536 5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84a688a0]
18:57:27.546 Scan finished successfully
18:59:24.177 Disk 0 MBR has been saved successfully to "C:\Users\home\Desktop\MBR.dat"
18:59:24.280 The log file has been saved successfully to "C:\Users\home\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Everything looks fine there.

Can you try running GMER again but drag the one you have to the Recycle Bin and download it again after disabling McAfee. Then boot to safe mode and see if GMER will run.


----------



## RhondaLee1 (Mar 2, 2013)

Great. Had a long day. I will get to that tomorrow morning. Thanks again.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## RhondaLee1 (Mar 2, 2013)

Before I do this, please advise. Do I need to change anything with the check marks on the right-hand side? e.g. uncheck IAT/EAT and/or place a checkmark in c:\ instead of quickscan?


----------



## Cookiegal (Aug 27, 2003)

Not unless it warms of rootkit activity. The tool will do an initial quick scan. After that, uncheck IAT/EAT
and any drive letter other than the primary system drive (which is generally C) and click on "Scan".


----------



## RhondaLee1 (Mar 2, 2013)

I moved the GMER that was on my desktop as "tgn8h.exe" to the recyled bin and emptied the recyle bin. I then saved and download from previous link after I disabled McAfee. The new GMER saved as "3i1xbyix" I rebooted into Safe Mode.

When I double-click icon to open and run scan, I received the following error:

LoadDriver("C:\Users\Home\AppData\Local\Temp\pxldipow.sys") error 0xC0000061: This service cannot be started in safe mode.​However, the program opened. So I still clicked scan and I could see the files changing in the bottom portion as it scanned, but nothing was showing in the top half where the log would be entered. After scan completed, I received this message:​GMER hasn't found any system modification​
There was no log to save. I rebooted back into normal windows and tried to run a scan that way and had the same resulting error that I received on 03/23 Sat.​


----------



## Cookiegal (Aug 27, 2003)

Are you running GMER from the desktop?


Download RootRepeal from the following location and save it to your desktop.
*Zip Mirrors*
Primary Mirror
Secondary Mirror
Secondary Mirror


Extract RootRepeal.exe from the archive.
Open RootRepeal on your desktop.

In the Select Scan dialog, check:

Drivers
Files
Processes
Stealth Objects
Hidden Services

Be sure to close all other browser windows and let the scan run without interference.

When the scan is complete you will see the Save Report button. Click that and save the log to your desktop as RootRepeal.txt then copy and paste the log here please.


----------



## RhondaLee1 (Mar 2, 2013)

Yes, everything is on the desktop, per your request. I will work on this new instructions tomorrow morning.


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## RhondaLee1 (Mar 2, 2013)

Hi Cookiegal,

I changed this to unsolved, since we are still working on it. When I logged in the other two were no longer showing and I didn't want this one to disappear. Although, I thought I knew some stuff about computers, I really don't know what we are looking for. But I trust you and thanks again for helping.

I ran a scan with RootRepeal from my desktop. There was no Select Scan dialog, I had to run each one at a time. The scans for Drivers, Processes, and Stealth objects completed and I will paste the logs further down.

The scan for Hidden Objects resulted with no log and it said, "Found 0 hidden services" at the bottom of the page.

The scan for files would not complete, even though I attempted it three times. It continues to give the following error message:

RootRepeal Error
Attempt to read from Address 0x00000004

When I ok'd the error the whole program shut down.

Here are the logs I did get:

*Drivers: saved to the desktop as: RootRepeal_Scan_Drivers*

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2013/03/26 01:35
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8069A000 Size: 286720 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82A4E000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8D39C000 Size: 294912 File Visible: - Signed: -
Status: -
Name: anodlwf.sys
Image Path: C:\Windows\system32\DRIVERS\anodlwf.sys
Address: 0x8D3ED000 Size: 32768 File Visible: - Signed: -
Status: -
Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0xAAFBF000 Size: 36864 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x807AD000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x807B5000 Size: 122880 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8CBA7000 Size: 28672 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80489000 Size: 32768 File Visible: - Signed: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA9341000 Size: 102400 File Visible: - Signed: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x96720000 Size: 57344 File Visible: - Signed: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xAAFDB000 Size: 90112 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8C9DB000 Size: 98304 File Visible: - Signed: -
Status: -
Name: cfwids.sys
Image Path: C:\Windows\system32\drivers\cfwids.sys
Address: 0xAAFF1000 Size: 53088 File Visible: - Signed: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D2000 Size: 917504 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x887A2000 Size: 135168 File Visible: - Signed: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80491000 Size: 266240 File Visible: - Signed: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8CF2F000 Size: 53248 File Visible: - Signed: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x887C3000 Size: 36864 File Visible: - Signed: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8CE4D000 Size: 94208 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x88791000 Size: 69632 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8CB7B000 Size: 151552 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8CF47000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CF3C000 Size: 45056 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8CF68000 Size: 40960 File Visible: - Signed: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8C2C7000 Size: 655360 File Visible: - Signed: -
Status: -
Name: e1e6032.sys
Image Path: C:\Windows\system32\DRIVERS\e1e6032.sys
Address: 0x8C373000 Size: 241664 File Visible: - Signed: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8876A000 Size: 159744 File Visible: - Signed: -
Status: -
Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xAAEFE000 Size: 163840 File Visible: - Signed: -
Status: -
Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xAAEFE000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8C9D0000 Size: 45056 File Visible: - Signed: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807D3000 Size: 65536 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x805B2000 Size: 204800 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8CDF5000 Size: 36864 File Visible: - Signed: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8D2F3000 Size: 110592 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8C9F3000 Size: 40960 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82A1B000 Size: 208896 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x88307000 Size: 577536 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA72B7000 Size: 65536 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8CBB7000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0xA72AE000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8C90E000 Size: 741376 File Visible: - Signed: -
Status: -
Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8C80B000 Size: 1060864 File Visible: - Signed: -
Status: -
Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8859D000 Size: 315392 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA92B7000 Size: 446464 File Visible: - Signed: -
Status: -
Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8BC0C000 Size: 7057408 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: C:\Windows\system32\DRIVERS\intelide.sys
Address: 0x80781000 Size: 28672 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8857F000 Size: 61440 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8CAD9000 Size: 45056 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0xA72E6000 Size: 36864 File Visible: - Signed: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80401000 Size: 28672 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x88394000 Size: 172032 File Visible: - Signed: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x88295000 Size: 466944 File Visible: - Signed: -
Status: -
Name: LHidFilt.Sys
Image Path: C:\Windows\system32\DRIVERS\LHidFilt.Sys
Address: 0xA72DE000 Size: 32768 File Visible: - Signed: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA732E000 Size: 65536 File Visible: - Signed: -
Status: -
Name: LMouFilt.Sys
Image Path: C:\Windows\system32\DRIVERS\LMouFilt.Sys
Address: 0xA72F7000 Size: 30720 File Visible: - Signed: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0xA72FF000 Size: 110592 File Visible: - Signed: -
Status: -
Name: LVPr2Mon.sys
Image Path: C:\Windows\system32\Drivers\LVPr2Mon.sys
Address: 0xAAF91000 Size: 19072 File Visible: - Signed: -
Status: -
Name: lvrs.sys
Image Path: C:\Windows\system32\DRIVERS\lvrs.sys
Address: 0xA723F000 Size: 303616 File Visible: - Signed: -
Status: -
Name: lvuvc.sys
Image Path: C:\Windows\system32\DRIVERS\lvuvc.sys
Address: 0xA6E0D000 Size: 4324480 File Visible: - Signed: -
Status: -
Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80408000 Size: 458752 File Visible: - Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA9200000 Size: 12672 File Visible: - Signed: -
Status: -
Name: mfeapfk.sys
Image Path: C:\Windows\system32\drivers\mfeapfk.sys
Address: 0xAAF59000 Size: 125088 File Visible: - Signed: -
Status: -
Name: mfeavfk.sys
Image Path: C:\Windows\system32\drivers\mfeavfk.sys
Address: 0x8CE64000 Size: 226400 File Visible: - Signed: -
Status: -
Name: mfebopk.sys
Image Path: C:\Windows\system32\drivers\mfebopk.sys
Address: 0xAAF78000 Size: 58048 File Visible: - Signed: -
Status: -
Name: mfefirek.sys
Image Path: C:\Windows\system32\drivers\mfefirek.sys
Address: 0x8CE9C000 Size: 353472 File Visible: - Signed: -
Status: -
Name: mfehidk.sys
Image Path: C:\Windows\system32\drivers\mfehidk.sys
Address: 0x88204000 Size: 555008 File Visible: - Signed: -
Status: -
Name: mfencbdc.sys
Image Path: C:\Windows\system32\DRIVERS\mfencbdc.sys
Address: 0x8CEF3000 Size: 243680 File Visible: - Signed: -
Status: -
Name: mfewfpk.sys
Image Path: C:\Windows\system32\drivers\mfewfpk.sys
Address: 0x8D30E000 Size: 201856 File Visible: - Signed: -
Status: -
Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8C9C3000 Size: 53248 File Visible: - Signed: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0xA728A000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8CAE4000 Size: 45056 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0xA72EF000 Size: 32768 File Visible: - Signed: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8079D000 Size: 65536 File Visible: - Signed: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA935A000 Size: 86016 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA936F000 Size: 135168 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA9390000 Size: 126976 File Visible: - Signed: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA93AF000 Size: 233472 File Visible: - Signed: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA93E8000 Size: 98304 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8C800000 Size: 45056 File Visible: - Signed: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806E9000 Size: 32768 File Visible: - Signed: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x883BE000 Size: 192512 File Visible: - Signed: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x88519000 Size: 176128 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8CAF1000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8875B000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8875B000 Size: 61440 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8840E000 Size: 1093632 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8CA63000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA7368000 Size: 40960 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8CA6E000 Size: 143360 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8CB3D000 Size: 69632 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x88400000 Size: 57344 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8D36A000 Size: 204800 File Visible: - Signed: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x88544000 Size: 241664 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x885EA000 Size: 57344 File Visible: - Signed: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8CE43000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8860A000 Size: 1114112 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8860A000 Size: 1114112 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82A4E000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8CBA0000 Size: 28672 File Visible: - Signed: -
Status: -
Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA733E000 Size: 172032 File Visible: - Signed: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x807E3000 Size: 90112 File Visible: - Signed: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80718000 Size: 65536 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806F1000 Size: 159744 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x80796000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x80788000 Size: 57344 File Visible: - Signed: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xAAE0A000 Size: 909312 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82A4E000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8CB4E000 Size: 184320 File Visible: - Signed: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80478000 Size: 69632 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x8828C000 Size: 36288 File Visible: - Signed: -
Status: -
Name: pxldipow.sys
Image Path: C:\Users\home\AppData\Local\Temp\pxldipow.sys
Address: 0xAAF96000 Size: 103680 File Visible: No Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8CBAE000 Size: 36864 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8CA4C000 Size: 94208 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8CA91000 Size: 61440 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8CAA0000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8CAB4000 Size: 86016 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82A4E000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8CE07000 Size: 245760 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8CBEB000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8CBF3000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAAFC8000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA7372000 Size: 77824 File Visible: - Signed: -
Status: -
Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8CC00000 Size: 2049472 File Visible: - Signed: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xAAEE8000 Size: 40960 File Visible: - Signed: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8D356000 Size: 81920 File Visible: - Signed: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x88753000 Size: 32768 File Visible: - Signed: -
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA9207000 Size: 720896 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA73AD000 Size: 323584 File Visible: - Signed: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA7385000 Size: 163840 File Visible: - Signed: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA9324000 Size: 118784 File Visible: - Signed: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8CA00000 Size: 266240 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8CAEF000 Size: 4992 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8D209000 Size: 958464 File Visible: - Signed: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xAAEF2000 Size: 49152 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8CA41000 Size: 45056 File Visible: - Signed: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8D340000 Size: 90112 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8CAC9000 Size: 65536 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x96670000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x887F7000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x887EC000 Size: 45056 File Visible: - Signed: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8CAFB000 Size: 53248 File Visible: - Signed: -
Status: -
Name: usbaudio.sys
Image Path: C:\Windows\system32\drivers\usbaudio.sys
Address: 0xA722D000 Size: 73216 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8CF4F000 Size: 94208 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CF66000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8858E000 Size: 61440 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8CB08000 Size: 217088 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8C3B9000 Size: 253952 File Visible: - Signed: -
Status: -
Name: usbprint.sys
Image Path: C:\Windows\system32\DRIVERS\usbprint.sys
Address: 0xA72D4000 Size: 40960 File Visible: - Signed: -
Status: -
Name: usbscan.sys
Image Path: C:\Windows\system32\DRIVERS\usbscan.sys
Address: 0xA72C7000 Size: 53248 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0xA7299000 Size: 86016 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8C3AE000 Size: 45056 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8CBBE000 Size: 49152 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8CBCA000 Size: 135168 File Visible: - Signed: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80728000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80737000 Size: 303104 File Visible: - Signed: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8871A000 Size: 233472 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x883ED000 Size: 77824 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8C367000 Size: 49152 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8060B000 Size: 528384 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8068C000 Size: 57344 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x96450000 Size: 2117632 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x96450000 Size: 2117632 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806E0000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82A4E000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x8D3E4000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: C:\Windows\system32\drivers\WudfPf.sys
Address: 0xA731A000 Size: 81920 File Visible: - Signed: -
Status: -
Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xAAF26000 Size: 32768 File Visible: - Signed: -
Status: -

*Processes: Saved to the desktop as RootRepeal_Scan_Processes*

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2013/03/26 02:42
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\mfevtps.exe
PID: 372 Status: -
Path: C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
PID: 472 Status: -
Path: C:\Windows\System32\smss.exe
PID: 528 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 596 Status: -
Path: C:\Windows\System32\wininit.exe
PID: 636 Status: -
Path: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
PID: 652 Status: -
Path: C:\Windows\System32\services.exe
PID: 692 Status: -
Path: C:\Windows\System32\lsass.exe
PID: 708 Status: -
Path: C:\Windows\System32\lsm.exe
PID: 716 Status: -
Path: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PID: 860 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 916 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 964 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 976 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1016 Status: -
Path: C:\Windows\System32\drivers\XAudio.exe
PID: 1068 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1124 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1156 Status: -
Path: C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PID: 1192 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1244 Status: -
Path: C:\Windows\System32\audiodg.exe
PID: 1252 Status: Locked to the Windows API!
Path: C:\Windows\System32\svchost.exe
PID: 1276 Status: -
Path: C:\Windows\System32\SLsvc.exe
PID: 1292 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1328 Status: -
Path: C:\Program Files\Dell\DellDock\DockLogin.exe
PID: 1404 Status: -
Path: C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PID: 1416 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1476 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1488 Status: -
Path: C:\Windows\System32\spoolsv.exe
PID: 1672 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1700 Status: -
Path: C:\Windows\System32\SearchIndexer.exe
PID: 1748 Status: -
Path: C:\Program Files\Common Files\Winferno\WSS\WSS.exe
PID: 1764 Status: -
Path: C:\Windows\System32\AERTSrv.exe
PID: 1936 Status: -
Path: C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PID: 1980 Status: -
Path: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PID: 2040 Status: -
Path: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2856 Status: -
Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 2920 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 2940 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 3452 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 3572 Status: -
Path: C:\Program Files\McAfee\MSC\McAPExe.exe
PID: 3676 Status: -
Path: C:\Program Files\Logitech\SetPointP\SetPoint.exe
PID: 4420 Status: -
Path: C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PID: 4456 Status: -
Path: C:\Windows\System32\igfxpers.exe
PID: 4584 Status: -
Path: C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
PID: 4592 Status: -
Path: C:\Windows\System32\igfxsrvc.exe
PID: 4708 Status: -
Path: C:\Windows\System32\SearchProtocolHost.exe
PID: 4988 Status: -
Path: C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
PID: 5460 Status: -
Path: C:\Users\home\AppData\Local\temp\Temp2_RootRepeal2.zip\RootRepeal.exe
PID: 5572 Status: -
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
PID: 5840 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 6424 Status: -
Path: C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
PID: 6884 Status: -
Path: C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
PID: 7764 Status: -
Path: C:\Windows\System32\SearchFilterHost.exe
PID: 8840 Status: -
Path: C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
PID: 8980 Status: -
Path: C:\Windows\System32\igfxtray.exe
PID: 9128 Status: -
Path: C:\Windows\explorer.exe
PID: 9216 Status: -
Path: C:\Windows\System32\winlogon.exe
PID: 9544 Status: -
Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 10020 Status: -
Path: C:\Windows\RtHDVCpl.exe
PID: 10040 Status: -
Path: C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe
PID: 10596 Status: -
Path: C:\Program Files\Logitech\Vid HD\Vid.exe
PID: 11164 Status: -
Path: C:\Windows\System32\rundll32.exe
PID: 11852 Status: -
Path: C:\Windows\System32\hkcmd.exe
PID: 12088 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 12284 Status: -

*Stealth Objects: Saved to the desktop as RootRepeal_Scan_StealthObjects*

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2013/03/26 02:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Stealth Objects
-------------------
Object: Hidden Module [Name: PlatJsRes.dll]
Process: mcuicnt.exe (PID: 7764) Address: 0x69400000 Size: 1564672


----------



## Cookiegal (Aug 27, 2003)

I'm trying to determine if there may be a rootkit because none of the rootkit detecting tools will run properly.

Please try to scan with GMER again but this time uncheck everything except "Files" and the C: drive then post the results.


----------



## RhondaLee1 (Mar 2, 2013)

I don't know if this has anything to do with it, but I wanted to let you know that this morning right after doing the scan I rebooted to reactivate McAfee. I then went on the Internet to do some research for a term paper I am working on. I was on the website "eHow.com" and I got two notices from McAfee straight in a row that a trojan was caught and quarantined. I could only click on one to view, I think the second one pushed the first one away.

The second I did get to open said it was from asf.advertslead.com and the trojan name was "JS/Exploit-Sty-Kite (trojan)

Do you think either of them programs brought this to me or was it from eHow.com? Now my PC is kind of acting weird and slow.


----------



## Cookiegal (Aug 27, 2003)

Please check McAfee's logs and report back the names of the files detected and their location.

It sounds like an advertisement from the ehow.com site that McAfee is not liking.


----------



## RhondaLee1 (Mar 2, 2013)

I ran GMER exactly as you said. It took it two hours and 15 minutes. There no log at the end. Just a messsage to GMER hasn't found any system modification"


----------



## Cookiegal (Aug 27, 2003)

Yeah, that one takes long be cause it goes through every file, even temporary ones. 

No log will be created if nothing is detected so that's good.

Please do the same (individual scans) for these:

System
Devices
Services


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,
I just wanted to let you know that I didn't forget about you. I am sorry. I had a doctor's appointment and a lot of shopping and paying bills and stuff. If I can't get to this this evening, I will definitely do it tomorrow. As for the McAfee, I am going to have to call them for help. When I look at the Security Log it doesn't give me the names of the files or the location. I don't know where to find what you were asking for. I only got the name of one trojan, because there was a link to click in the warning box. There were two, but one box went away before I could click on it. I also have an 8 page research paper that I am working on. But I am sure I can get to it later tonight or tomorrow morning. 
Thanks again, for all you help.


----------



## Cookiegal (Aug 27, 2003)

That's fine. 

For McAfee you should be able to view items in quarantine by doing the following:

Click on *Navigation *in the upper right-hand corner then under *Features*, click on *Quarantined and Trusted Items*.

.


----------



## RhondaLee1 (Mar 2, 2013)

In the quarantined and trusted items folder: under *Quarantined Items*

This is all the *information displayed:*


*Item​Threat​Detected​Status​jH3pjS06uP500U2M0UtsZ07ngY0zKG10OkxN[1].htm
JS/Exploit-Stykit.d
03/26/2013
04:27 AM
Detected
pdfx[1].htm
JS/Exploit-Stykit.e
03/26/2013
04:28 AM
Detected
*

I am going to run the other requested scans now and when post them logs when finished.


----------



## RhondaLee1 (Mar 2, 2013)

Sorry, that was in a table, but I gues this page doesn't like tables. The items in the middle are the titles of each column and each row is presented respectively.


----------



## RhondaLee1 (Mar 2, 2013)

*ark_system.txt:*

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-28 11:30:40
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-75B4A0 rev.01.03A01 149.01GB
Running: 3i1xbyix.exe; Driver: C:\Users\home\AppData\Local\Temp\pxldipow.sys

---- System - GMER 2.1 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8824A2E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8824A312]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8824A2FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8824A2D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- EOF - GMER 2.1 ----

*ark_devices.txt:*

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-28 11:31:17
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJS-75B4A0 rev.01.03A01 149.01GB
Running: 3i1xbyix.exe; Driver: C:\Users\home\AppData\Local\Temp\pxldipow.sys

---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 2.1 ----

Services:

No log was created. A message box popped up and said, "GMER hasn't found any system modification"


----------



## RhondaLee1 (Mar 2, 2013)

Both logs saved to the desktop as the title I ented for them.


----------



## Cookiegal (Aug 27, 2003)

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*pdfx*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## RhondaLee1 (Mar 2, 2013)

SystemLook 04.09.10 by jpshortstuff
Log created at 11:19 on 29/03/2013 by home
Administrator - Elevation successful
========== filefind ==========
Searching for "*pdfx*"
No files found.
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

It looks to me like there were advertisements on the ehow.com page from advertslead.com that contained an exploit and that McAfee blocked them. The files mentioned are .htm files which are web pages.

Are there any other problems with the computer?


----------



## RhondaLee1 (Mar 2, 2013)

No the computer seems to be working fine. I haven't gotten the original error for a while now and I think it is actually running a little faster now, too.


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

Please follow these steps to uninstall ComboFix and all of its files and components.

Click the *START button* then in the *SEARCH field* type *ComboFix /uninstall* then press Enter. Note the *space* between the *x* and the */* as it needs to be there. 









You will see a warning asking if you are sure you want to run ComboFix. Please click on the *Run* button to start the program and ComboFix will proceed to uninstall itself.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

Click on the Start button to open your Start Menu. 
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.

You will now be at the System Protection tab in the System control panel.

Clear the check box next to the disk to turn off System Protection, and then click OK. This will flush out all previous restore points.

Now select the check box next to the disk, and then click OK to turn system restore back on.

Now create a new restore point. Click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.

Type in a title for the manual restore point and press the Create button. Vista will now create a manual restore point, and when completed, display a notice saying that it was created successfully.


----------



## RhondaLee1 (Mar 2, 2013)

I tried this a few times. I made sure there was a space between the x and /. However I keep getting a search box opening that says file cannot be found. 
I tried to type it into the run box as shown on your instructions. It still says file cannot be found. 
Does this have anything to do with the fact that you told me to save it as puppy.exe? 

Awaiting further instructions.

Hope you had a beautiful Easter.


----------



## Cookiegal (Aug 27, 2003)

Where is puppy.exe located right now? Is it on the desktop?


----------



## RhondaLee1 (Mar 2, 2013)

Yes, everything is on the desktop.


----------



## Cookiegal (Aug 27, 2003)

This is happening because ComboFix was moved. Let's try moving it back to your shortcuts folder and run the uninstall command.


----------



## RhondaLee1 (Mar 2, 2013)

Sorry, that is my fault. I will do that later this evening or tommorrow. Right now I am neck deep in an 8 page research paper and preparing for an accounting exam.


----------



## Cookiegal (Aug 27, 2003)

Good luck on the exam.


----------



## RhondaLee1 (Mar 2, 2013)

I wanted to let you know that up to March 23, I was saving everything into a folder I created on the desktop named "Cookiegal help." After you said I should not do this I dragged everything out to the desktop and deleted that folder. Should I create another folder with this name and drag puppy.exe into it. I am so sorry I messed this stuff up. I had no idea. I am not an expert on computers and for most things it doesn't matter if you put in a folder, so I didn't think nothiing of it. 
I am going to wait for your further advice.


----------



## RhondaLee1 (Mar 2, 2013)

To make matters worse, several of them were saved to the desktop originally and then when my desk top started to get so cluttered I couldn't find my folders I created that folder and dragged them into it, then the others I saved to it up until I learned I wasn't suppose to then the rest were saved to the desktop.


----------



## Cookiegal (Aug 27, 2003)

No, it's OK. Here's what we're going to do.

Please download CombFix and again and be sure to rename it puppy.exe and put it on the desktop while saving it (not after) and this will install ComboFix over top of the previous one.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Once you've done that, please disable your security programs, run a scan with ComboFix, re-enable your security programs and post the log.


----------



## RhondaLee1 (Mar 2, 2013)

ComboFix 13-04-02.01 - home 04/02/2013 16:19:16.2.1 - x86
Microsoft® Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.2036.962 [GMT -4:00]
Running from: c:\users\home\Desktop\puppy.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 20:34 . 2013-04-02 20:35 -------- d-----w- c:\users\home\AppData\Local\temp
2013-04-02 20:34 . 2013-04-02 20:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-02 20:34 . 2013-04-02 20:34 -------- d-----w- c:\users\Everybody\AppData\Local\temp
2013-04-02 20:34 . 2013-04-02 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 05:36 . 2012-05-28 14:28 147472 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-29 14:52 . 2013-03-29 14:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-03-29 14:50 . 2013-03-29 14:52 -------- d-----w- c:\program files\QuickTime
2013-03-29 14:38 . 2013-03-29 14:39 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-23 15:10 . 2013-03-23 17:00 -------- d-----w- c:\program files\ESET
2013-03-23 15:10 . 2013-03-23 15:10 -------- d-----w- c:\program files\ESET Online Scanner
2013-03-20 20:07 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 14:18 . 2013-03-20 14:18 -------- d-----w- c:\users\home\AppData\Local\Citrix
2013-03-19 19:00 . 2013-03-19 19:00 -------- d-----w- C:\_OTL
2013-03-18 14:23 . 2013-03-18 14:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 22:16 . 2013-03-15 22:16 -------- d-----w- c:\users\home\AppData\Local\Facebook
2013-03-12 16:37 . 2013-03-12 16:37 -------- d-----w- c:\users\home\AppData\Roaming\SanDisk SecureAccess
2013-03-11 02:41 . 2013-03-11 02:42 -------- d-----w- c:\users\Family
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 14:23 . 2012-08-25 15:14 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-18 14:23 . 2011-05-06 22:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 06:34 . 2012-03-30 02:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 06:34 . 2011-09-05 19:35 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-05 05:26 . 2013-02-13 01:18 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-13 01:18 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-13 01:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-13 01:18 2048512 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Dell DataSafe Online"="c:\program files\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-10-20 927576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 515888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Everybody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Billminder.lnk - c:\quickenw\BILLMIND.EXE [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 06:34]
.
2013-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000Core.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 22:15]
.
2013-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1000UA.job
- c:\users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 22:15]
.
2013-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002Core.job
- c:\users\Everybody\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 17:37]
.
2013-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-983566750-3532387531-538099956-1002UA.job
- c:\users\Everybody\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-02 17:37]
.
2013-04-02 c:\windows\Tasks\WSSHelper.job
- c:\program files\Common Files\Winferno\WSS\WSSHelper.exe [2013-02-23 20:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 16:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-02 16:38:39
ComboFix-quarantined-files.txt 2013-04-02 20:38
ComboFix2.txt 2013-03-20 15:01
.
Pre-Run: 89,190,260,736 bytes free
Post-Run: 88,967,266,304 bytes free
.
- - End Of File - - E956E6FB023EA1066B53711C3B48605A


----------



## Cookiegal (Aug 27, 2003)

You mentioned that you had removed Winferno so please remove this from the Scheduled Tasks in the Control Panel:

c:\windows\Tasks\WSSHelper.job

and delete this folder:

c:\program files\Common Files\*Winferno*

Now the uninstall command for ComboFix should work.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.


----------



## RhondaLee1 (Mar 2, 2013)

I followed your instructions and I was able to successfully uninstall ComboFix. I received a box that said it was uninstalled.

As for your first two instructions, I think I was able to delete the WSSHelper task. It still shows under task status in the bottom, but when I click Task Scheduler Library it is no longer there.

As for the Winferno folder, I tried to delete it. I just keep getting an error that says I need permission. I am the only administrator on this PC. But it will not delete. Can you help me with that?


----------



## RhondaLee1 (Mar 2, 2013)

Also, I don't know if you can help with this or not. Everytime I open the task scheduler, I receive the following error message:

An error has occurred for task reminders - ARiEL. Error Message: The specified account name is invalid.

I do have a user with the name Ariel. It is not spelled with Caps like ARiEL. Do you know what I need to do to fix that error message or is it even important?


----------



## Cookiegal (Aug 27, 2003)

RhondaLee1 said:


> I followed your instructions and I was able to successfully uninstall ComboFix. I received a box that said it was uninstalled.
> 
> As for your first two instructions, I think I was able to delete the WSSHelper task. It still shows under task status in the bottom, but when I click Task Scheduler Library it is no longer there.
> 
> As for the Winferno folder, I tried to delete it. I just keep getting an error that says I need permission. I am the only administrator on this PC. But it will not delete. Can you help me with that?


Try booting to safe mode and see if you can delete the folder there.


----------



## Cookiegal (Aug 27, 2003)

RhondaLee1 said:


> Also, I don't know if you can help with this or not. Everytime I open the task scheduler, I receive the following error message:
> 
> An error has occurred for task reminders - ARiEL. Error Message: The specified account name is invalid.
> 
> I do have a user with the name Ariel. It is not spelled with Caps like ARiEL. Do you know what I need to do to fix that error message or is it even important?


Can you log into the Ariel account? See if there are any Scheduled Tasks under that name.


----------



## RhondaLee1 (Mar 2, 2013)

I was able to delete the Winferno file.

I logged into Ariel's account and could not find any task under her name specifically. There was some calendar reminder that we didn't know what it was so we deleted it, but it did not stop me from getting the error. Funny thing, when I opened the task scheduler under her ID I did not get that error. But I logged back into mine and was still getting it. 

Also, a while back we changed that user from everybody to Ariel and when I logged into her account I get an error message that says:

Error loading C:\Users\Everybody\AppData\Local\Yahoo!\Virtual Store\ipjkmo.dll

We have no idea what that even is. If you can help.

But I know you have been working with me for quite a while and if you are tired of it, I don't blame you. You can just help me clear everything out and I will live with these two error messages. They don't seem to impede the computer running.

Thanks again,
Rhonda


----------



## Cookiegal (Aug 27, 2003)

Can you log into Ariel's account and run DDS and then post the log.


----------



## RhondaLee1 (Mar 2, 2013)

Sorry for the delay. Extremely busy with family issues and school work. Will get back to you as soon as I possibly can. Hopefully tomorrow.


----------



## Cookiegal (Aug 27, 2003)

No problem. Take your time.


----------



## RhondaLee1 (Mar 2, 2013)

DDS was not on her desktop. I went to page two of this thread and downloaded it to her desktop. I cannot see it on her desktop, so I tried to download it again. It said it was already there, so I clicked run from the download box at the bottom of the browser.

Here are the logs.

*DDS-Notepad:*

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by home at 11:22:25 on 2013-04-08
Microsoft® Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.2036.968 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Everybody\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Facebook Update] "c:\users\home\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Dell DataSafe Online] c:\program files\dell\dell datasafe online\NOBuClient.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{97E80585-710A-47B3-B318-4A2A9850375B} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-9 565416]
R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2009-8-15 12800]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-9 210168]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-2-16 95232]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184728]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184728]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184728]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-2-16 184728]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-2-16 632344]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-2-16 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-2-16 171976]
R2 NOBU;Dell DataSafe Online;c:\program files\dell\dell datasafe online\NOBuAgent.exe [2010-10-20 2075480]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-9 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-9 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-9 362640]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 252200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Winferno Subscription Service;Winferno Subscription Service;"c:\program files\common files\winferno\wss\wss.exe" --> c:\program files\common files\winferno\wss\WSS.exe [?]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-3-30 147472]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-9 65488]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81456]
S3 netr28u;D-Link USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-8-15 722944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-04-03 08:38:23 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-02 20:38:41 -------- d-----w- c:\users\home\appdata\local\temp
2013-03-30 05:36:20 147472 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-03-29 14:52:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-03-23 15:10:19 -------- d-----w- c:\program files\ESET Online Scanner
2013-03-23 15:10:19 -------- d-----w- c:\program files\ESET
2013-03-20 20:07:12 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 14:18:16 -------- d-----w- c:\users\home\appdata\local\Citrix
2013-03-19 19:00:23 -------- d-----w- C:\_OTL
2013-03-18 14:23:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 22:16:04 -------- d-----w- c:\users\home\appdata\local\Facebook
2013-03-12 16:37:47 -------- d-----w- c:\users\home\appdata\roaming\SanDisk SecureAccess
.
==================== Find3M ====================
.
2013-03-18 14:23:09 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-18 14:23:09 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 06:34:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 06:34:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:24:27.98 ===============

*Attach-Notepad:*

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Basic 
Boot Device: \Device\HarddiskVolume3
Install Date: 10/30/2008 4:17:15 AM
System Uptime: 4/8/2013 10:27:21 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | Socket 775 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 83.628 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.313 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Browser Address Error Redirector
CameraHelperMsi
Canon Easy-WebPrint EX
Canon Inkjet Printer Driver Add-On Module
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
DAO 3.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell-eBay
Dell DataSafe Online
Dell Best of Web
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center
Digital Line Detect
EDocs
eReg
Facebook Plug-In
Facebook Video Calling 1.2.0.287
Feedback Tool
HiDef Media Player 1.1.12
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Houghton Mifflin eReference Suite
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
iSEEK AnswerWorks English Runtime
Java 7 Update 17
Java Auto Updater
Java(TM) 6 Update 34
Logitech SetPoint 6.32
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
McAfee AntiVirus Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
Pando Media Booster
PokerStars.net
PowerDVD
QualXServ Service Agreement
Quicken 2013
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x86
Spelling Dictionaries Support For Adobe Reader 9
The Print Shop
The Print Shop Photo Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Yahoo! Software Update
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Please run OTL on Ariel's account and post the log.


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal, I went to the first page and found the link to OTL for this scan. I just realized I followed those instructions and typed "Netsvcs" under Custom Scans/Fixes. I should have asked you if you wanted me to do that. I am sorry. Here is the scan I got. If you need me to run it again without typing that in, let me know and I will do it.

*OTL logfile* created on: 4/9/2013 3:41:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Everybody\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.40% Memory free
4.21 Gb Paging File | 2.20 Gb Available in Paging File | 52.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 83.45 Gb Free Space | 60.06% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/09 15:40:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Everybody\Desktop\OTL.exe
PRC - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
PRC - [2013/02/28 13:33:06 | 000,140,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\McAPExe.exe
PRC - [2012/12/26 10:09:06 | 000,171,976 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/12/26 10:05:32 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/10/07 04:12:36 | 000,252,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
PRC - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
PRC - [2012/07/19 13:37:34 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Everybody\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/29 16:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/10/20 12:13:56 | 000,927,576 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe
PRC - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 12:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/13 04:25:03 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/01/09 04:38:55 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/09 04:35:56 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
MOD - [2013/01/09 04:35:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013/01/09 04:35:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/09 04:34:28 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/09 04:22:59 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/09 04:21:36 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010/10/29 16:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 16:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 17:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 19:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 18:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 18:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 18:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 18:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 18:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 18:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 18:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 18:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 18:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Winferno\WSS\WSS.exe -- (Winferno Subscription Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2013/03/13 02:34:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2013/03/05 11:43:26 | 000,184,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV - [2013/03/01 09:06:56 | 000,287,752 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/12/26 10:09:06 | 000,171,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/12/26 10:05:32 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/10/06 08:28:42 | 000,632,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/10/20 12:11:14 | 002,075,480 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\home\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\home\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/12/26 10:12:06 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/12/26 10:09:16 | 000,210,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/12/26 10:06:54 | 000,565,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/12/26 10:05:52 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/12/26 10:05:22 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/12/26 10:05:02 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/12/26 10:04:34 | 000,132,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/11/02 02:46:50 | 000,252,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfencbdc.sys -- (mfencbdc)
DRV - [2012/11/02 02:46:50 | 000,081,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfencrk.sys -- (mfencrk)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/17 11:27:10 | 000,722,944 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/03/06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008/07/02 02:43:50 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/11/01 17:47:56 | 000,267,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/04/29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F276DEC6-3251-42EE-BC95-DE93DBBC3C77}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5: C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/02/17 15:31:20 | 000,000,000 | ---D | M]

[2012/06/20 11:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions
[2010/02/03 22:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/06/20 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 05:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/10 05:49:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/06 11:36:27 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober241267714.xml
[2012/05/04 02:26:50 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Coupon Activator Netscape Plugin v. 4.5.0.0 (Enabled) = C:\Users\home\AppData\Roaming\E-centives\NPcolPM470.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - homepage: http://www.google.com/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Everybody\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Everybody\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Everybody\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/02 16:35:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Facebook Update] C:\Users\home\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/02/25 02:35:51 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games  Matchmaking)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E80585-710A-47B3-B318-4A2A9850375B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\home\Pictures\discus2.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\Pictures\discus2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/04/09 15:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/04/03 04:38:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/02 16:38:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/02 16:38:41 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\temp
[2013/03/30 01:36:20 | 000,147,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/03/29 10:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/03/29 10:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/03/29 10:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/03/29 10:36:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/24 18:54:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\home\Desktop\aswMBR.exe
[2013/03/23 11:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET Online Scanner
[2013/03/23 11:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/20 16:07:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/20 15:49:28 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\home\Desktop\dds.scr
[2013/03/20 10:35:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/20 10:18:16 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Citrix
[2013/03/19 15:00:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/18 13:22:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2013/03/18 10:23:53 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/18 10:23:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/18 10:23:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/18 10:23:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/15 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Facebook
[2013/03/14 03:02:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/14 03:02:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/14 03:02:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/14 03:02:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/14 03:02:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/14 03:02:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/14 03:02:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/14 03:02:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/12 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\SanDisk SecureAccess

========== Files - Modified Within 30 Days ==========

[2013/04/09 15:36:48 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/04/09 15:34:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/09 14:27:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 14:27:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/08 10:34:26 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/08 10:34:26 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/08 10:27:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/08 10:27:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/04/08 10:27:37 | 2134,065,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 16:35:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/29 11:18:12 | 000,075,264 | ---- | M] () -- C:\Users\home\Desktop\SystemLook.exe
[2013/03/29 10:52:33 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/03/29 10:40:45 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/26 01:15:59 | 000,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat
[2013/03/26 00:33:29 | 000,464,491 | ---- | M] () -- C:\Users\home\Desktop\RootRepeal2.zip
[2013/03/26 00:32:52 | 000,464,491 | ---- | M] () -- C:\Users\home\Desktop\RootRepeal1.zip
[2013/03/25 11:26:45 | 000,377,856 | ---- | M] () -- C:\Users\home\Desktop\3i1xbyix.exe
[2013/03/24 18:59:24 | 000,000,512 | ---- | M] () -- C:\Users\home\Desktop\MBR.dat
[2013/03/24 18:55:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\home\Desktop\aswMBR.exe
[2013/03/24 00:14:21 | 000,377,856 | ---- | M] () -- C:\Users\home\Desktop\download_php
[2013/03/21 15:56:14 | 000,609,993 | ---- | M] () -- C:\Users\home\Desktop\AdwCleaner.exe
[2013/03/20 15:49:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\home\Desktop\dds.scr
[2013/03/18 13:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
[2013/03/18 10:23:11 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/18 10:23:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/18 10:23:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/18 10:23:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/18 10:23:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/03/18 10:23:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/13 02:34:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 02:34:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/12 12:34:27 | 000,000,288 | ---- | M] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2013/03/12 00:27:49 | 000,000,007 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME

========== Files Created - No Company Name ==========

[2013/04/03 16:03:15 | 2134,065,152 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/29 11:18:11 | 000,075,264 | ---- | C] () -- C:\Users\home\Desktop\SystemLook.exe
[2013/03/29 10:52:33 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/03/29 10:40:45 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/29 10:40:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/26 00:37:49 | 000,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
[2013/03/26 00:33:22 | 000,464,491 | ---- | C] () -- C:\Users\home\Desktop\RootRepeal2.zip
[2013/03/26 00:32:50 | 000,464,491 | ---- | C] () -- C:\Users\home\Desktop\RootRepeal1.zip
[2013/03/25 11:26:44 | 000,377,856 | ---- | C] () -- C:\Users\home\Desktop\3i1xbyix.exe
[2013/03/24 18:59:24 | 000,000,512 | ---- | C] () -- C:\Users\home\Desktop\MBR.dat
[2013/03/24 00:13:54 | 000,377,856 | ---- | C] () -- C:\Users\home\Desktop\download_php
[2013/03/21 15:54:11 | 000,609,993 | ---- | C] () -- C:\Users\home\Desktop\AdwCleaner.exe
[2013/03/12 12:34:27 | 000,000,288 | ---- | C] () -- C:\Users\home\AppData\Roaming\.backup.dm
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/04 01:37:58 | 000,000,680 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011/04/25 18:56:13 | 000,011,776 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 18:02:51 | 000,000,428 | ---- | C] () -- C:\Users\home\AppData\Roaming\wklnhst.dat
[2009/08/15 18:44:03 | 000,003,284 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANIWZCS{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}
[2009/08/15 18:40:58 | 000,000,253 | ---- | C] () -- C:\Users\home\AppData\Roaming\ANICONFIG_{C595F776-AC8E-4F7B-8E63-CA5AAAED2380}.ini

========== ZeroAccess Check ==========

[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:1C94526F
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:2913008E
@Alternate Data Stream - 338 bytes -> C:\ProgramData\TEMP:E1002D91
@Alternate Data Stream - 316 bytes -> C:\ProgramData\TEMP:3D059D31
@Alternate Data Stream - 311 bytes -> C:\ProgramData\TEMP:4CB560CF
@Alternate Data Stream - 306 bytes -> C:\ProgramData\TEMP81A09B0
@Alternate Data Stream - 300 bytes -> C:\ProgramData\TEMP:2D1BA810
@Alternate Data Stream - 298 bytes -> C:\ProgramData\TEMP:5C5DFEA1
@Alternate Data Stream - 297 bytes -> C:\ProgramData\TEMP:92660C3E
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:A4E5024A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6EAE3ABC
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:60D735B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E7123C4C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6DD87D86
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F4133568
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:104EF12D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E4373D93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BA41EC1A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2FC9D9C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8DEE424C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:E90251A2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B85E5267
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5425B7F5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:858D9994
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0AE6CC6C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1B79AEF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C6FB18EA
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:226A6E31
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP1BCFD4A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP2F157E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:726FDB23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:02573978
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6468C896
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD171C9E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8470B630
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3325D6E9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B31F805F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP41AB8D0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3A6F413D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP158BAF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AA243C48
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:93E9C78D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP6200B77
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:53ABB239
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:09CEBED1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BAFDD950
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:8807C278
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:869C5089
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:7B13EE36
< End of report >


----------



## Cookiegal (Aug 27, 2003)

Is Ariel's account actually named Everybody?

Because that's the account that OTL is running from. I don't see anything with Ariel's name in it.


----------



## RhondaLee1 (Mar 2, 2013)

When that user was created, it was originally named "Everybody." Later it was renamed Ariel.


----------



## Cookiegal (Aug 27, 2003)

According to OTL the account Everybody still exists.

Please lot into Ariel's account and then download a fresh copy of OTL and run it.


----------



## RhondaLee1 (Mar 2, 2013)

That is exactly what I did. Do you want me to get rid of the new one I downloaded yesterday and do it again? Do I need to type anything in under Custom Scans/Fixes?


----------



## RhondaLee1 (Mar 2, 2013)

Sorry, I meant to say: before I run a scan.


----------



## Cookiegal (Aug 27, 2003)

If that's what you did then there's no point.

If you go to C:\Users do you see folders there for both Everybody and Ariel?


----------



## RhondaLee1 (Mar 2, 2013)

Cookiegal,

I had no idea there was such a discrepancy in the user accounts. Below is the information I found about the user accounts on this PC. Also, we bought this PC from rent-a-center on Jan 21, 2010. Whatever was done prior to that I am not sure. I changed the name of some users instead of deleting them and creating new ones, did this cause the problem? When we brought the computer home, there was Home and Public. Ariel created a password protected user with administrator properties. I deleted that account and password protected Home, because I did not authorize her to do that. I had Home and Everybody. Later when Ariel came back to live with us. I allowed her to have a password protected account without administrator properties. I believe at that time I changed Home to Rhonda and Everybody to Ariel. I would let my grandkids log in and use my account. That became an issue of them going on without permission so last month, I changed the password for Rhonda (home) and created a Family account with a password only the adults knew. I don't think I realized that I could "turn on" the Guest account.

*When I look at the log in screen, here are my choices:*

Ariel Family Rhonda (_the only administrator account_)

*When I pull up C:\Users:*

*Name* *Created* *Last modified*
Everybody 02/19/2011 10/10/2012
Family 03/10/2013 03/10/2013
Guest 02/08/2012 02/08/2012
Home 11/02/2006 03/20/2013
Public 11/02/2006 03/20/2013

*When I go through the control panel and pull up users:*
Rhonda (administrator)
Ariel
Family
Guest (account turned off)


----------



## Cookiegal (Aug 27, 2003)

OTL will look at all user accounts so the log doesn't show anything that the previous one didn't.

When renaming accounts it doesn't automatically rename the user's folder so while her account name is now Ariel, her documents are listed under the name "Everybody". I'm not sure how to fix that on Vista so I suggest that you start a new thread for help with that. I'm sure that account name error you're getting is because of the name changes.

Are there any other issues that need to be addressed?


----------



## RhondaLee1 (Mar 2, 2013)

If I understand you correctly, the error message that we are getting everytime we log into Ariel's Account...

Error loading C:\Users\Everybody\AppData\Local\Yahoo!\Virtual Store\ipjkmo.dll

...is due to the name conflict on the users and for that I should start another thread to try to get help fixing. 

If that is correct, then NO there are no other issues that need addressed, with the exception of removing all of the programs we downloaded and all of the logs on my desktop.


----------



## Cookiegal (Aug 27, 2003)

No, I was referring to the error you get when accessing the task reminders:


> An error has occurred for task reminders - ARiEL. Error Message: The specified account name is invalid.


It gets tricky when renaming accounts as you really need to also change the path to that user's account in the registry, which doesn't get changed automatically. So right now, Ariel's account is actually in the "Everybody" user account folder and the Rhonda account is in the "Home" user account folder. When the task reminder was set up Ariel's name was probably typed that way but user names are not case sensitive so that wouldn't matter. But the error is probably occurring because the path to Ariel's account says it's the "Everybody" account and can't find Ariel.

We'll see if we can fix that but I'll need yo to export a registry key for me.

Go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.

Also, regarding the other error (Error loading C:\Users\Everybody\AppData\Local\Yahoo!\Virtual Store\ipjkmo.dll) please do the following:

 *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*ipjkmo*
:regfind
ipjkmo
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## RhondaLee1 (Mar 2, 2013)

Here are the logs. I was not sure if you wanted me to run SystemLook from mine or Ariel, so I did both.

*C:Look.txt:*

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"State"=dword:00000000
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-983566750-3532387531-538099956-1000]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,68,00,6f,00,6d,00,65,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,9e,09,a0,3a,cb,f4,8b,d2,f4,c0,12,\
20,e8,03,00,00
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000003
"RunLogonScriptSync"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-983566750-3532387531-538099956-1002]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,45,00,76,00,65,00,72,00,79,00,62,00,6f,00,64,00,79,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,9e,09,a0,3a,cb,f4,8b,d2,f4,c0,12,\
20,ea,03,00,00
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000000
"RunLogonScriptSync"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-983566750-3532387531-538099956-1003]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,46,00,61,00,6d,00,69,00,6c,00,79,00,00,00
"Flags"=dword:00000000
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,9e,09,a0,3a,cb,f4,8b,d2,f4,c0,12,\
20,eb,03,00,00
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000000
"RunLogonScriptSync"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-983566750-3532387531-538099956-501]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,47,00,75,00,65,00,73,00,74,00,00,00
"Flags"=dword:00000000
"State"=dword:00000080
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,9e,09,a0,3a,cb,f4,8b,d2,f4,c0,12,\
20,f5,01,00,00
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000000
"RunLogonScriptSync"=dword:00000000

*SystemLook.txt (from Rhonda - Home):*

SystemLook 04.09.10 by jpshortstuff
Log created at 17:36 on 13/04/2013 by home
Administrator - Elevation successful
========== filefind ==========
Searching for "*ipjkmo*"
No files found.
========== regfind ==========
Searching for "ipjkmo"
No data found.
-= EOF =-

*SystemLook.txt (from Ariel - Everybody):*

SystemLook 04.09.10 by jpshortstuff
Log created at 17:47 on 13/04/2013 by home
Administrator - Elevation successful
========== filefind ==========
Searching for "*ipjkmo*"
No files found.
========== regfind ==========
Searching for "ipjkmo"
[HKEY_USERS\S-1-5-21-983566750-3532387531-538099956-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"VirtualStore"="rundll32.exe "C:\Users\Everybody\AppData\Local\Yahoo!\VirtualStore\ipjkmo.dll",DllRegisterServer"
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Good. That's very helpful.

Does Ariel use something called Yahoo!\VirtualStore?

It's very easy to eliminate that error with a registry fix that I can prepare for you to run on the machine.


From the registry exports, I can see that indeed Ariel is Everybody and Rhonda is Home. The Public account seems to no longer exist so I supposed that's just a left over folder in C:\users but I wouldn't delete it in case it contains anything that may be needed as it shouldn't be causing any problems.

I'm checking with my colleagues just to make sure that what I want to do is the correct approach so once I get their feedback I'll post further instructions. It may not be until tomorrow though.


----------



## RhondaLee1 (Mar 2, 2013)

Ariel says she has never heard of Yahoo Virtual Store. I don't know how accurate that is, because it is my step daughter and she is never very truthful with me. So anyway it is not needed and can be gotten rid of. 

Tomorrow is great. I can't work on it anymore tonight anyway.


----------



## RhondaLee1 (Mar 2, 2013)

Oh yeah, I forgot to tell you that in Control Panel it shows the Public Account is turned off and can be turned on.


----------



## Cookiegal (Aug 27, 2003)

OK. Thanks for the information. I'll post more tomorrow.


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a FixAriel.zip file to this post. Please save it to your desktop. You can do this while logged into your Rhonda account that has Administrator privileges. Unzip the file (extract the contents) and right-click the FixAriel.reg file and select to run it as Administrator and allow it to merge into the registry.

Reboot the machine.

This should take care of the Yahoo! Virtual Store message she sees in her account. Please let me know if it doesn't.

As for the account name changes, the concensus is it's best to leave them as they are. As I mentioned, it's tricky renaming accounts and really the best and safest method is to create new ones and start fresh. You can transfer the contents from an old account to a new one if necessary. But the best thing to do would be leave them alone. In the future, should the need arise, just create a new account rather than renaming any existing ones.

Are there any other problems that still need to be addressed?


----------



## RhondaLee1 (Mar 2, 2013)

When I tried to run this fix, I received the following error:

Cannot import C:\Users\home\AppData\Local|Temp1_FixAriel.zip\FixAriel.reg: Error accessing the registry.

Should I try it from Ariel's page?

As for the other info, thanks for enlightening me. I will never change the name of a user again. I will creat a new one.


----------



## Cookiegal (Aug 27, 2003)

It's because you're trying to run it from your AppData\Local directory and the name has been changed. You need to save it to the hard drive (on the desktop) before unzipping and running it.


----------



## RhondaLee1 (Mar 2, 2013)

I swear I did that, but I will try it again.


----------



## RhondaLee1 (Mar 2, 2013)

I am getting the same error. Let me give you my step by step what I am doing and you can tell me what is wrong. 

1. I clicked on the link.
2. A bar appeared on the bottom of the screen asking me what I wanted to do, I selected "save as" to my desktop as FixAriel.
3. I closed the browser.
4. The FixAriel is a zip folder. I right-clicked and selected "extract all"
5. A box opened that said "select destination" with "C:\Users\home\Desktop\FixAriel" already there I clicked extract.
6. A new folder appeared on the desktop. I double-click to open.
7. Inside the new box, I right clicked on FixAriel and selected Merge a security warning opened and I selected run.
----- I also double-clicked FixAriel and a security warning opened and I selected run.
8. I received a User access control that needed my permission and I clicked continue.
9. I receive a registry editor warning asking if I trust this file and if I want to continue. I clicked yes.
10. I end up with the exact error message that I entered yesterday.

I am sorry if I am doing it wrong. Please correct me and I will do it again.


----------



## Cookiegal (Aug 27, 2003)

OK then try downloading, extracting and running it when logged into Ariel's account please.


----------



## RhondaLee1 (Mar 2, 2013)

I was successful using is from Ariel page. I rebooted the PC and logged back into Ariel and there was no more error message.

I believe everything is fixed on this PC and now all we have to do is remove all the prgrams we downloaded onto the PC. 

Sincerely,
Rhonda


----------



## Cookiegal (Aug 27, 2003)

Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTL program.


----------



## RhondaLee1 (Mar 2, 2013)

Ok I did that on both mine and Ariel's. Should I go ahead and delete all the notepad log texts?


----------



## Cookiegal (Aug 27, 2003)

Yes, you can go ahead and do that.


----------



## RhondaLee1 (Mar 2, 2013)

Ok, I will do that and wait for further instructions. Thank you so much for all you help. I did not expect so much help for free. If I had to pay, I would not have been able to fix it.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.

Are there any problems remaining?


----------



## RhondaLee1 (Mar 2, 2013)

No more issues whatsoever. We still need to remove the following:

FixAriel - Zip and App
GMER
RootRepeal1
RootRepeal2
AdwCleaner


----------



## Cookiegal (Aug 27, 2003)

Those can all be dragged to the Recycle Bin.


----------



## RhondaLee1 (Mar 2, 2013)

Okay thanks again for all your help Cookiegal you are the best.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

