BleepingComputer.com: Google keeps redirecting

Three days ago, my PC was infected with a virus which McAfee did not stop. I think I fixed most of the problems; but whenever I Google something, I get redirected to another site. I don't know what else to do.

The DDS.txt and Attach.txt are attachments.

I could not run the GMER log since I'm running a 64-bit version of Windows 7.


Your help is appreicated.

Here is the DDS - Notepad:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Chris at 14:08:49 on 2011-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4297 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\dcmsvc\dcmsvc.exe
C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local 127.0.0.1;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: TBSB05245 Class: {65c117be-6005-4b7e-811a-2e8a046c52a6} - C:\Program Files (x86)\Watch Football TV\tbcore3.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111109190851.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
uRun: [Akamai NetSession Interface] C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARNER~1.LNK - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://lojackforlaptops.absolute.com/ctmweb/testoc.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.bloodsystems.org/dana-cached/sc/JuniperSetupClient.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B224013C-19C4-426A-9DDA-65D1365D49D9} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{B224013C-19C4-426A-9DDA-65D1365D49D9}\755637477716274602C4F6F6B6 : DhcpNameServer = 107.20.210.188 107.20.211.133
TCP: Interfaces\{B224013C-19C4-426A-9DDA-65D1365D49D9}\755637477716274602C4F6F6B6022303 : DhcpNameServer = 107.20.210.188 107.20.211.133
TCP: Interfaces\{B224013C-19C4-426A-9DDA-65D1365D49D9}\84F6D656C696E6B6 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B224013C-19C4-426A-9DDA-65D1365D49D9}\A757A757D6168796D657D6 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: TBSB05245 Class: {65C117BE-6005-4B7E-811A-2E8A046C52A6} - C:\Program Files (x86)\Watch Football TV\tbcore3.dll
BHO-X64: TBSB05245 - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111109190851.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SNM] C:\Program Files (x86)\SpyNoMore\SNM.exe /startup
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\b2t4ds3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aol-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-06-2008&tb_mrud=04-04-2010
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aol-ab-en-us&tb_uuid=100000000000000002&tb_oid=05-06-2008&tb_mrud=04-04-2010&query=
FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: CouponAlert: 2pffxtbr@CouponAlert_2p.com - %profile%\extensions\2pffxtbr@CouponAlert_2p.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-31 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-7-24 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-7-24 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-7-24 161168]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-29 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-24 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-10-5 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-11 136176]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-24 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-24 79360]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-11 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-7-24 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-8-18 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-02 20:58:13 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{609891D7-7523-47EB-889B-F2508E40D1CF}\mpengine.dll
2011-12-02 20:58:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{609891D7-7523-47EB-889B-F2508E40D1CF}\offreg.dll
2011-12-02 06:23:41 388096 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 06:23:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-02 02:58:45 -------- d-----w- C:\Users\Chris\New folder
2011-12-02 02:58:25 -------- d-----w- C:\Users\Chris\Home Repair Improvements
2011-12-02 02:55:30 -------- d-----w- C:\Users\Chris\Fax
2011-12-01 22:22:33 -------- d-----w- C:\Users\Chris\Taxes
2011-12-01 22:18:17 -------- d-----w- C:\Users\Chris\Business
2011-12-01 22:16:54 -------- d-----w- C:\Users\Chris\Book Club
2011-12-01 21:25:49 -------- d-----w- C:\Users\Chris\Dell Info
2011-12-01 19:03:39 -------- d-----w- C:\Windows\4132789110
2011-12-01 18:43:22 -------- d-----w- C:\Users\Chris\AppData\Local\{16FDEE10-15E4-4B0F-957C-BD626F80B7D8}
2011-12-01 18:43:10 -------- d-----w- C:\Users\Chris\AppData\Local\{20E5DA1C-3B03-47D0-9775-B63A5AFA4EA8}
2011-12-01 18:11:48 -------- d-----w- C:\Users\Chris\Resume and Job Search
2011-12-01 05:35:11 -------- d-----w- C:\Users\Chris\Medical
2011-12-01 04:06:24 -------- d-----w- C:\Users\Chris\Computer problems
2011-12-01 03:36:10 -------- d-----w- C:\$RECYCLE.BIN
2011-12-01 02:30:08 98816 ----a-w- C:\Windows\sed.exe
2011-12-01 02:30:08 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-01 02:30:08 256000 ----a-w- C:\Windows\PEV.exe
2011-12-01 02:30:08 208896 ----a-w- C:\Windows\MBR.exe
2011-12-01 02:28:57 -------- d-----w- C:\ComboFix
2011-12-01 01:40:55 1152 ----a-w- C:\Windows\SysWow64\windrv.sys
2011-12-01 01:06:54 -------- d-----w- C:\Users\Chris\AppData\Local\{9F1D6BBE-96E8-4A2D-80B4-491A715D4601}
2011-12-01 01:06:17 -------- d-----w- C:\Users\Chris\AppData\Local\{F7CFCCAB-4D67-43AA-A27F-E9C4341611BB}
2011-11-30 04:01:00 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-30 04:01:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-30 03:25:53 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-30 03:20:12 -------- d-----w- C:\Users\Chris\AppData\Local\{67C3D0B4-136B-4E50-86ED-6FEC5CB5EDA9}
2011-11-30 03:19:47 -------- d-----w- C:\Users\Chris\AppData\Local\{04F26D24-6D03-4DB3-9112-2832B8BA9286}
2011-11-29 00:52:25 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-29 00:41:49 -------- d-----w- C:\Users\Chris\AppData\Local\{4D61C487-6E1D-464E-BA8A-51E58EAF4143}
2011-11-29 00:41:17 -------- d-----w- C:\Users\Chris\AppData\Local\{B77AE55A-0D68-4880-86D9-87238B36CE85}
2011-11-29 00:09:57 -------- d-----w- C:\Users\Chris\AppData\Local\{2A123848-0313-46F3-9622-E9C4FC6CDBE1}
2011-11-29 00:09:42 -------- d-----w- C:\Users\Chris\AppData\Local\{2B7DA4C4-F548-4A4D-B76F-1305F58639BE}
2011-11-28 01:58:54 -------- d-----w- C:\Users\Chris\AppData\Local\{7A6A941C-C125-4414-9EA1-6230580E9D70}
2011-11-28 01:58:42 -------- d-----w- C:\Users\Chris\AppData\Local\{89CC6F2E-E46D-47EA-9E52-6DF57A691FE5}
2011-11-27 22:32:07 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-11-27 21:46:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\McAfee
2011-11-27 17:47:10 -------- d-----w- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2011-11-27 17:08:36 -------- d-----w- C:\Users\Chris\AppData\Local\{70D51206-3043-42E5-BAC6-A22814CB493F}
2011-11-27 16:45:46 -------- d--h--w- C:\Users\Chris\AppData\Local\{3633F3C5-91D1-4691-B220-864276E71A02}
2011-11-27 16:45:34 -------- d--h--w- C:\Users\Chris\AppData\Local\{C9DB5EA5-8B25-423F-9ABE-854C12F308AD}
2011-11-26 18:16:23 -------- d--h--w- C:\Users\Chris\AppData\Local\{CFB4E341-876A-4DC5-B2E5-D3DA3ED5BE69}
2011-11-24 17:49:44 -------- d--h--w- C:\Users\Chris\AppData\Local\{F23A1561-9B31-400A-8A24-745478A8E938}
2011-11-24 17:49:25 -------- d--h--w- C:\Users\Chris\AppData\Local\{AF2DB382-88C7-43DA-87D3-056A82168756}
2011-11-23 18:48:44 -------- d--h--w- C:\Users\Chris\AppData\Local\{7E11658C-0448-4580-AF87-060185362169}
2011-11-23 18:48:32 -------- d--h--w- C:\Users\Chris\AppData\Local\{A912120F-A013-4E75-929C-1AED51EABD9B}
2011-11-23 00:09:08 -------- d--h--w- C:\Users\Chris\AppData\Local\{0925ADEE-ADB8-4819-9358-5A2FEFEB63D1}
2011-11-23 00:08:57 -------- d--h--w- C:\Users\Chris\AppData\Local\{9BDC6109-0368-4130-9728-24C56A1AED88}
2011-11-22 02:00:04 -------- d--h--w- C:\Users\Chris\AppData\Local\{EEAC8EF4-D319-4B5F-BCD5-5B790B790992}
2011-11-22 01:59:52 -------- d--h--w- C:\Users\Chris\AppData\Local\{85D8CEAA-B4E2-43BA-A381-48CDC121D1F9}
2011-11-20 20:10:21 -------- d--h--w- C:\Users\Chris\AppData\Local\{FDFC0631-2DC9-47BF-A56C-7FEAE4E966B5}
2011-11-20 20:10:07 -------- d--h--w- C:\Users\Chris\AppData\Local\{2EB527BB-E779-4EB8-9063-B9CF1CD596FC}
2011-11-19 20:39:41 -------- d--h--w- C:\Users\Chris\AppData\Local\{A66E62AE-235A-4266-92F5-07D2702AF8DA}
2011-11-19 20:39:29 -------- d--h--w- C:\Users\Chris\AppData\Local\{96A60403-9C89-459E-B505-F750E124BDC6}
2011-11-19 02:35:04 -------- d--h--w- C:\Users\Chris\AppData\Local\{AC6F41C4-11A8-493C-A743-09EB7B171D88}
2011-11-19 02:34:50 -------- d--h--w- C:\Users\Chris\AppData\Local\{5BDCDB1B-3A32-4B98-A49A-CCD23F67D46B}
2011-11-17 21:13:13 -------- d--h--w- C:\Users\Chris\AppData\Local\{118BF67D-CF77-492E-9A00-F7B8D97261A0}
2011-11-17 21:12:59 -------- d--h--w- C:\Users\Chris\AppData\Local\{9FA3B7DF-A3B1-4098-B26A-A415934E41D9}
2011-11-17 00:29:18 -------- d--h--w- C:\Users\Chris\AppData\Local\{89AC440E-3EA9-40EE-AACB-BE895E692B53}
2011-11-17 00:29:07 -------- d--h--w- C:\Users\Chris\AppData\Local\{51CEE859-5D61-4F62-9AEB-FD043C5869ED}
2011-11-16 00:08:54 -------- d--h--w- C:\Users\Chris\AppData\Local\{F853644C-84D8-482D-B6D2-E2593C270BF7}
2011-11-16 00:08:41 -------- d--h--w- C:\Users\Chris\AppData\Local\{DE9BA630-D654-48FA-984C-FBA90C250BAE}
2011-11-15 01:39:25 -------- d--h--w- C:\Users\Chris\AppData\Local\{0EE3953F-FBFF-4AA6-86BA-5C0D05C93642}
2011-11-15 01:39:08 -------- d--h--w- C:\Users\Chris\AppData\Local\{A59D8FAD-F77C-48DF-B04D-4430CD1915A6}
2011-11-13 20:48:06 -------- d--h--w- C:\Users\Chris\AppData\Local\{A8A8C3BD-2D42-46E9-B5BD-DF957D486176}
2011-11-13 20:47:53 -------- d--h--w- C:\Users\Chris\AppData\Local\{EB7ED87F-6ACD-469E-819E-99CD721BDEEC}
2011-11-13 06:03:49 -------- d--h--w- C:\Users\Chris\AppData\Local\{7F2FB9BB-F0F3-4306-9A36-C8B977EA24B1}
2011-11-12 17:26:41 -------- d--h--w- C:\Users\Chris\AppData\Local\{C3BFAFBE-0321-4BEC-8506-A2793EB7C47B}
2011-11-12 17:26:30 -------- d--h--w- C:\Users\Chris\AppData\Local\{F86FE5AB-F95A-42C5-AE05-1DEC01A4BDF9}
2011-11-12 01:46:52 -------- d--h--w- C:\Users\Chris\AppData\Local\{E97B6C19-7CAB-46EB-A911-B26F0D868FB1}
2011-11-12 01:46:41 -------- d--h--w- C:\Users\Chris\AppData\Local\{6B26F1B2-67CE-4251-A7ED-38E53796767F}
2011-11-10 23:55:14 -------- d--h--w- C:\Users\Chris\AppData\Local\{A9868204-C2BD-444E-8941-BE3082CDEBD8}
2011-11-10 23:54:09 -------- d--h--w- C:\Users\Chris\AppData\Local\{9DFAF757-EE9D-418D-98D3-D693CB0948FA}
2011-11-10 02:08:51 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-11-10 00:52:24 -------- d-----w- C:\Users\Chris\AppData\Local\Akamai
2011-11-10 00:51:51 -------- d--h--w- C:\Users\Chris\AppData\Local\{06B60874-1390-4569-8523-CDD0E188C369}
2011-11-10 00:51:39 -------- d--h--w- C:\Users\Chris\AppData\Local\{68F9EBE2-5EA7-414B-B24D-4FD580C51E89}
2011-11-09 01:14:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 01:14:32 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 01:14:31 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 01:14:29 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 01:01:39 -------- d--h--w- C:\Users\Chris\AppData\Local\{E2465F0F-9F29-44B7-BF3A-FE42709295BF}
2011-11-09 01:01:27 -------- d--h--w- C:\Users\Chris\AppData\Local\{80432371-D326-4CAC-A88D-C9EDDC04E763}
2011-11-08 01:37:07 -------- d--h--w- C:\Users\Chris\AppData\Local\{BEC0AD23-AD1F-4994-8C09-BF438BE7FEC9}
2011-11-08 01:36:54 -------- d--h--w- C:\Users\Chris\AppData\Local\{0FE8099A-F2BA-48CA-9F3F-183BD27257AB}
2011-11-07 05:51:03 -------- d--h--w- C:\Users\Chris\AppData\Local\{0A09DF5E-389A-4A1A-BF77-3E5612CF1B4B}
2011-11-06 17:08:41 -------- d--h--w- C:\Users\Chris\AppData\Local\{8F3C4547-389E-427E-B0DE-3D37B9ABA187}
2011-11-06 17:08:30 -------- d--h--w- C:\Users\Chris\AppData\Local\{75AB635B-477B-4265-AA4E-EB3007636491}
2011-11-06 05:08:00 -------- d--h--w- C:\Users\Chris\AppData\Local\{23D058A9-FE3B-41B2-AAEF-31C940FFBF5F}
2011-11-05 17:07:32 -------- d--h--w- C:\Users\Chris\AppData\Local\{93E2ED1B-18F2-4687-91ED-E1C8B51F8682}
2011-11-05 17:07:20 -------- d--h--w- C:\Users\Chris\AppData\Local\{492F9E0D-58ED-4537-A0F9-7A389CDDF060}
2011-11-05 03:13:10 -------- d--h--w- C:\Users\Chris\AppData\Local\{30C8BB08-3A13-4ECC-A284-E6CA3125E5DC}
2011-11-05 03:12:54 -------- d--h--w- C:\Users\Chris\AppData\Local\{D6B7BD36-3EC1-4DFA-B7F9-170F55589393}
2011-11-04 02:52:29 -------- d--h--w- C:\Users\Chris\AppData\Local\{40DBCCD0-2F31-4637-8BE4-D245B741FC7E}
2011-11-03 14:51:58 -------- d--h--w- C:\Users\Chris\AppData\Local\{E11782D2-4D8B-492B-A68E-4A408719B5D1}
2011-11-03 14:51:45 -------- d--h--w- C:\Users\Chris\AppData\Local\{2BAF3A34-D000-456B-A7A4-5E874F6BD865}
2011-11-03 01:41:06 -------- d--h--w- C:\Users\Chris\AppData\Local\{1A3D569C-C3FC-46F9-BDC5-FC039CC142F4}
2011-11-03 01:40:45 -------- d--h--w- C:\Users\Chris\AppData\Local\{181076ED-47D0-480B-86B1-217A54E428B8}
.
==================== Find3M ====================
.
2011-12-02 20:50:31 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-11-15 01:48:18 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 20:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 20:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 20:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 20:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 20:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 20:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 20:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 20:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 20:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 14:20:57.86 ===============

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Thank you for responding.

I ran Combofix and here is the report. I am still being redirected to other sites.

Was I supposed to disable Windows Defender? I didn't know it was enabled and I don't know how to disable it.



ComboFix 11-12-04.03 - Chris 12/04/2011 11:39:41.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4617 [GMT -7:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Recent\Rituxan Shaving Reaction - CLL Topics Sponsored Projects.url
c:\windows\4132789110
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 19:26 . 2011-12-04 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 19:26 . 2011-12-04 19:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-03 03:06 . 2011-12-03 05:42 -------- d-----w- c:\users\Chris\Recipes
2011-12-03 02:58 . 2011-12-03 03:01 -------- d-----w- c:\users\Chris\Powerpoint Practice and Templates
2011-12-03 02:30 . 2011-12-03 02:37 -------- d-----w- c:\users\Chris\My eBooks
2011-12-02 20:58 . 2011-12-04 17:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{609891D7-7523-47EB-889B-F2508E40D1CF}\offreg.dll
2011-12-02 20:58 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{609891D7-7523-47EB-889B-F2508E40D1CF}\mpengine.dll
2011-12-02 06:23 . 2011-12-02 06:23 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 06:23 . 2011-12-02 06:23 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-02 02:58 . 2011-12-02 02:58 -------- d-----w- c:\users\Chris\New folder
2011-12-02 02:58 . 2011-12-02 02:59 -------- d-----w- c:\users\Chris\Home Repair Improvements
2011-12-02 02:55 . 2011-12-02 02:55 -------- d-----w- c:\users\Chris\Fax
2011-12-01 22:22 . 2011-12-01 22:26 -------- d-----w- c:\users\Chris\Taxes
2011-12-01 22:18 . 2011-12-03 02:44 -------- d-----w- c:\users\Chris\Business
2011-12-01 22:16 . 2011-12-01 22:17 -------- d-----w- c:\users\Chris\Book Club
2011-12-01 21:25 . 2011-12-01 22:24 -------- d-----w- c:\users\Chris\Dell Info
2011-12-01 18:11 . 2011-12-01 18:54 -------- d-----w- c:\users\Chris\Resume and Job Search
2011-12-01 05:35 . 2011-12-02 03:56 -------- d-----w- c:\users\Chris\Medical
2011-12-01 04:06 . 2011-12-04 18:17 -------- d-----w- c:\users\Chris\Computer problems
2011-12-01 01:40 . 2011-12-01 01:40 1152 ----a-w- c:\windows\SysWow64\windrv.sys
2011-11-30 04:01 . 2011-11-30 04:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-30 04:01 . 2011-11-30 04:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-29 00:52 . 2011-05-25 01:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-27 22:32 . 2011-11-29 00:36 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2011-11-27 21:46 . 2011-11-27 21:46 -------- d-----w- c:\users\Chris\AppData\Roaming\McAfee
2011-11-27 17:47 . 2011-12-01 19:30 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2011-11-15 01:48 . 2011-11-15 01:48 -------- d-----w- c:\windows\system32\Macromed
2011-11-10 02:08 . 2011-10-18 21:29 28760 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-11-10 00:52 . 2011-12-04 18:27 -------- d-----w- c:\users\Chris\AppData\Local\Akamai
2011-11-09 01:14 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 01:14 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 01:14 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 01:14 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 05:56 . 2011-11-08 05:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 17:27 . 2010-07-31 01:54 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-11-15 01:48 . 2011-06-11 20:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 20:16 . 2010-07-25 00:24 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 20:16 . 2010-01-05 23:04 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 20:16 . 2010-01-05 23:04 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 20:16 . 2010-01-05 23:04 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 20:16 . 2010-01-05 23:04 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 20:16 . 2010-01-05 23:04 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 20:16 . 2010-01-05 23:04 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 20:16 . 2010-01-05 23:04 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-15 20:16 . 2010-01-05 23:04 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-01_03.37.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-12-01 03:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-04 17:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-01 03:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-04 17:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-04 17:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-01 03:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-25 00:15 . 2011-12-04 17:29 75128 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-04 17:29 37330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-31 04:32 . 2011-12-01 19:51 12898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1512392892-2806753903-778307048-1001_UserData.bin
+ 2011-06-10 13:34 . 2011-06-10 13:34 74272 c:\windows\system32\RtNicProp64.dll
- 2009-07-14 05:30 . 2011-07-14 16:09 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-01 19:47 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-06-10 13:34 . 2011-06-10 13:34 74272 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_0b34e24659c8add4\RtNicProp64.dll
+ 2010-07-30 23:54 . 2011-12-04 18:05 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-30 23:54 . 2011-12-01 03:35 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-30 23:54 . 2011-12-04 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-30 23:54 . 2011-12-01 03:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-01 03:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-04 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-12-04 17:34 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-07-31 03:02 . 2011-12-02 02:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-31 03:02 . 2011-11-27 20:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-01 19:51 . 2011-12-01 19:51 32256 c:\windows\Installer\1e0162.msi
+ 2010-10-24 07:02 . 2011-12-03 06:06 2500 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-04 17:27 . 2011-12-04 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-01 03:34 . 2011-12-01 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-04 17:27 . 2011-12-04 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-01 03:34 . 2011-12-01 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-14 23:31 . 2011-12-01 03:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-14 23:31 . 2011-12-04 17:28 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-02 02:27 . 2011-12-03 05:34 338910 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-06-10 13:34 . 2011-06-10 13:34 107552 c:\windows\system32\RTNUninst64.dll
- 2009-07-14 05:30 . 2011-07-14 16:09 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-01 19:47 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-14 16:09 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-12-01 19:47 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-06-10 13:34 . 2011-06-10 13:34 107552 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_0b34e24659c8add4\RTNUninst64.dll
+ 2011-06-10 13:34 . 2011-06-10 13:34 539240 c:\windows\system32\DriverStore\FileRepository\rt64win7.inf_amd64_neutral_0b34e24659c8add4\Rt64win7.sys
+ 2011-06-10 13:34 . 2011-06-10 13:34 539240 c:\windows\system32\drivers\Rt64win7.sys
+ 2009-07-14 05:12 . 2011-12-04 18:05 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-12-01 01:10 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-12-03 06:06 511088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-01 03:34 511088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-12-01 19:56 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-12 01:49 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-07-31 04:24 . 2011-12-01 03:34 2249912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-07-31 04:24 . 2011-12-03 06:06 2249912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-01 05:48 . 2011-12-03 06:06 7788928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1512392892-2806753903-778307048-1001-8192.dat
+ 2011-12-02 06:21 . 2011-12-02 06:21 1402880 c:\windows\Installer\a911b.msi
+ 2011-12-01 19:46 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
- 2009-07-14 02:34 . 2011-11-11 04:59 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-12-01 19:49 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-01 19:46 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
- 2011-06-12 06:38 . 2011-11-26 22:04 48570280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1512392892-2806753903-778307048-1001-4096.dat
+ 2011-06-12 06:38 . 2011-12-03 06:06 48570280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1512392892-2806753903-778307048-1001-4096.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{65C117BE-6005-4B7E-811A-2E8A046C52A6}]
2010-08-12 17:16 2602496 ----a-w- c:\program files (x86)\Watch Football TV\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-18 615808]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-11 39408]
"Akamai NetSession Interface"="c:\users\Chris\AppData\Local\Akamai\netsession_win.exe" [2011-11-08 3295320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2011-4-20 142848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 136176]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-07-25 79360]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-07-25 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 21:15]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 21:15]
.
2011-11-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\b2t4ds3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aol-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-06-2008&tb_mrud=04-04-2010
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aol-ab-en-us&tb_uuid=100000000000000002&tb_oid=05-06-2008&tb_mrud=04-04-2010&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: CouponAlert: 2pffxtbr@CouponAlert_2p.com - %profile%\extensions\2pffxtbr@CouponAlert_2p.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SNM - c:\program files (x86)\SpyNoMore\SNM.exe
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"=hex:51,66,7a,6c,4c,1d,38,12,f4,2c,e8,
a5,6c,9d,b3,54,f6,23,a7,2a,53,86,d1,87
"{8E114B8E-C041-4063-A432-EBBF454E9057}"=hex:51,66,7a,6c,4c,1d,38,12,e0,48,02,
8a,73,8e,0d,05,db,24,a8,ff,40,10,d4,43
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"=hex:51,66,7a,6c,4c,1d,38,12,09,52,2f,
00,89,4e,4a,06,d0,68,21,41,3a,f0,9e,db
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"=hex:51,66,7a,6c,4c,1d,38,12,0b,28,3b,
6b,8d,18,bf,0e,d7,a4,e7,04,9f,5b,c2,29
"{3462C343-BE19-4143-AF70-CEFB56F46FC6}"=hex:51,66,7a,6c,4c,1d,38,12,2d,c0,71,
30,2b,f0,2d,04,d0,66,8d,bb,53,aa,2b,d2
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}"=hex:51,66,7a,6c,4c,1d,38,12,e1,1f,51,
3e,0a,ac,85,0f,f7,62,fb,f5,f7,92,03,66
"{442AE524-EBA5-4B17-82F3-888D68BC999A}"=hex:51,66,7a,6c,4c,1d,38,12,4a,e6,39,
40,97,a5,79,0e,fd,e5,cb,cd,6d,e2,dd,8e
"{60E91567-EF8A-4520-BCE2-83ABA5256799}"=hex:51,66,7a,6c,4c,1d,38,12,09,16,fa,
64,b8,a1,4e,00,c3,f4,c0,eb,a0,7b,23,8d
"{65C117BE-6005-4B7E-811A-2E8A046C52A6}"=hex:51,66,7a,6c,4c,1d,38,12,d0,14,d2,
61,37,2e,10,0e,fe,0c,6d,ca,01,32,16,b2
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{CB0D163C-E9F4-4236-9496-0597E24B23A5}"=hex:51,66,7a,6c,4c,1d,38,12,52,15,1e,
cf,c6,a7,58,07,eb,80,46,d7,e7,15,67,b1
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:55,b8,5f,dc,92,49,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-04 12:50:15
ComboFix-quarantined-files.txt 2011-12-04 19:50
ComboFix2.txt 2011-12-01 04:03
.
Pre-Run: 371,600,756,736 bytes free
Post-Run: 371,014,303,744 bytes free
.
- - End Of File - - 5339F71DB76A7889D80846C7A3A7F282

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

I downloaded TDSSKiller. When I double click on it, a message appears asking "Do you want to allow the following program to make changes to this computer?' I've clicked Yes and nothing happens even after about 5 minutes.

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

Now I've really done something wrong. I ran the first thing you said to run. Here is the message I got: infected MBR detected. Then I click the repair or fix button. The next message was: Repair was successful.

I reboot but it won't reboot. It wants to do a system restore.

I'm sending this by iPhone. Serious help need.

System Recovery Environment

To access the System Recovery Environment in Windows 7, simply boot your PC,

• just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  
  
• There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  
  
• Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  
  
• From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  
  
• Type the following into the "Command Prompt Window": and press enter
  
  
  bootrec.exe /fixmbr
  

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

When I press F8, I get a Windows Error Recovery screen. (white lettering on black). There are two choices one of which is: Launch Startup Repair. When I've let this run, I get another message that says: Startup Repaid cannot repair this computer.

do you have the install CD if so try it from there


gringo

I have a DVD - Dell Drivers and Utilities: For reinstalling Dell Studio Laptop Computer Software. Is that what you mean?

I'm sorry to ask so many questions, but I'm way over my head here.

Thanks.

I think there is another one but try that one and look for repair computer


gringo

When I got the laptop, I made a System Repair disk. Even with this disk inserted, the PC automatically goes to Windows Error Recovery. Then another window - Startup Repair is checking your system for problems which says Startup Repair cannot repair this computer automatically.

How do I get it to read from the disk? Hopefully this is the correct disk.

Hello


check this and see if CD drive is first in bios

http://pcsupport.about.com/b/2008/05/15/how-to-change-boot-order-in-bios.htm

gringo