Network virus causing internet to lose connection

Solved
By jeffrey7
Apr 19, 2011
Topic Status:
Not open for further replies.
  1. Unfortunately, I never wanted to ever have to write concerning a virus. But the problem has now arisen. I've taken preventive measures time and time again. Avast Virus Protection, CCleaner, Spyboy S&D. Always staying clear of unfamiliar websites and making sure I didn't open shady e-mails, messages, and downloads.

    The problem is this. I had a family member Sunday night get on who know's how many pornography websites. This family member downloaded videos on my laptop while I was out of the house for the evening. The family member downloaded 6 pornographic videos. I have my laptop, then as well, this family member had gotten on the home desktop computer March 20th and downloaded one pornographic video.

    There hasn't been any noticeable problems on the desktop, but their still could be problems on the computer. The main thing is my laptop. I found the pornographic movies (six of them) on my laptop last night (Monday) and proceeded to remove. After I removed them, I began to experience problems with my network. It has been persistent even until now. I've run Avast two or three times. Also run CCleaner, Spybody S&D, Malware Anti-bytes, and Rkill.

    The laptop will connect to the internet, but once I click to open up Google Chrome, shortly there after, the internet shuts itself off and restarts the process of connecting. I've already un-clicked the option of auto-connect to the specified network. This virus is a tricky one, I've done what I know to do and it's not work. I look unto you guys for help and wisdom in knowing what to do.

    The problem with the family member looking at pornography has also been fixed (changed password, they won't be getting it ever again.) So please help if you can, I'd be greatly appreciative.

    Thanks,
    Taylor


    (Desktop Computers Hijack This Log)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:47:09 PM, on 4/19/2011
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Home\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\PROGRA~1\UberIcon\UBERIC~1.EXE
    C:\PROGRA~1\Yzshadow\YzShadow.exe
    C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE
    C:\PROGRA~1\VIRTUA~1\modules\WinList.exe
    C:\PROGRA~1\ROCKET~1\ROCKET~1.EXE
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Home\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [sllaunch] C:\Windows\system32\sllaunch.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    --
    End of file - 6904 bytes
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help sort this out.

    It sounds like you've done some trouble shooting on your own. But the one thing you left out is a check of the settings, Services, etc. But we do not 'screen' for malware using HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    If you have Malwarebytes on the system, please be sure to update and run a new scan.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I don't have enough information to determine if the problem is malware related or system related- possibly even both. The logs will help me determine that.

    I do have 2 questions:
    1. Do you connect remotely to the computer?
    2. Did you recently install the following? Did the problem begin after the install?
    C:\PROGRA~1\UberIcon\UBERIC~1.EXE
    C:\PROGRA~1\Yzshadow\YzShadow.exe
    C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE
    C:\PROGRA~1\VIRTUA~1\modules\WinList.exe
    C:\PROGRA~1\ROCKET~1\ROCKET~1.EXE

    I would also like to caution you: IF the family member used a flash drive between the systems and we find this to be caused by malware, the flash drive would most likely also be infected and need to be disinfected. So don't use it between the systems and if needed for you to download to the flash drive to get the scanning programs, I will give disinfecting instructions first.

    Please also know, that since you have mentioned both the laptop and desktop, this thread will address the laptop only. If needed later, I will have you start a separate thread for the desktop.
  3. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Gotcha gotcha. Scratch that Hijackthis log, that was from my desktop. What I went ahead and did, I have a portable external hard drive that I'm using to haul TFC, DDS, and GMER to the laptop (since the laptop can't connect to the internet for anytime at all to download). I'll need to get that scanner of yours for my ext. hard drive since I'm having to connect it to my laptop.

    I'll go ahead and post the report that Gmer gave, as well the DDS log. If you want, I can post the Attach log as well if needed.

    I'll go ahead and attach the logs here for my laptop.

    I appreciate it, thanks Bobbye.

    Taylor

    Attached Files:

  4. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Just re-read the post haha, noticed about attached documents won't be read. Here's the pasted ones.

    GMER log:


    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-19 20:40:18
    Windows 6.1.7601 Service Pack 1
    Running: 77qqqhdz.exe


    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\r131 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba} 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\attrib 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk 8192 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log 1048576 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D5F.log 1048576 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D60.log 1048576 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D61.log 1048576 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome\User Data 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Cache 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\History 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R3FIZ18 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R3FIZ18\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 49152 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNEYZ0JD 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNEYZ0JD\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEIH52PS 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEIH52PS\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKUQ61H 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKUQ61H\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini 67 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Temp 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun\Java 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Macromedia 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Macromedia\Flash Player 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\Temp 0 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 25600 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{f6441f25-6a8c-11e0-82a8-a4badbc553ba}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{f6441f25-6a8c-11e0-82a8-a4badbc553ba}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{f6441f25-6a8c-11e0-82a8-a4badbc553ba}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\webStorage 0 bytes
    File C:\## aswSnx private storage\webStorage\attrib 0 bytes
    File C:\## aswSnx private storage\webStorage\image 0 bytes
    File C:\## aswSnx private storage\webStorage\image\rkill.log 633 bytes
    File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Explorer 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\History 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMCNQUY9 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMCNQUY9\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFVXZHP9 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFVXZHP9\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEJPHA4D 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEJPHA4D\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P776KH7Y 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P776KH7Y\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\curo.reg 220 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\extra.dat 472 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\h 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\h\explorer.exe 1536 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\h\iexplore.exe 1536 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\lmro.reg 600 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\lmroe.reg 74 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nircmd.chm 38015 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nircmd.exe 31232 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nircmdc.exe 30720 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nird 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nird\iexplore.exe 31232 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\pev.exe 255488 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\prep.bat 68 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs\explorer.exe 255488 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs\iexplore.exe 255488 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs\proc.dat 11031 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\proxycheck.exe 302187 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\rkill.bat 5003 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\rkill.reg 3087 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\s.inf 1081 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\sed.exe 98816 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\serv.dat 190 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\sh.vbs 313 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\swreg.exe 161792 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\userinit.exe 31232 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\winlogon.exe 31232 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\wl.txt 323 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\INF 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\INF\setupapi.app.log 3066458 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf 15660 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Rescache 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Rescache\rc0007 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Rescache\rc0007\rescache.hit 4192 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\System32 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\System32\DriverStore 0 bytes
    File C:\## aswSnx private storage\webStorage\snx_fs.dat 11202 bytes

    ---- EOF - GMER 1.0.15 ----











    DDS Log:


    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Taylor at 21:14:46.58 on Tue 04/19/2011
    Internet Explorer: 9.0.8080.16413
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1697 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\ico.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\Pelmiced.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\Taylor\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
    mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    mRun-x64: [Mouse Suite 98 Daemon] ICO.EXE
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-2 55856]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-22 505176]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-2 280408]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-2 22360]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-2 64344]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-24 42184]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-26 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-28 705856]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-3 215552]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-24 136176]
    S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
    S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
    S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-1 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
    .
    =============== Created Last 30 ================
    .
    2011-04-19 15:03:07 -------- d-----w- C:\Users\Taylor\AppData\Roaming\Malwarebytes
    2011-04-19 15:03:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-19 15:03:01 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-04-19 15:02:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-04-19 15:02:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-04-15 01:52:14 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
    2011-04-14 02:49:57 -------- d-----w- C:\PROGRA~3\LogMeIn
    2011-04-14 02:49:47 -------- d-----w- C:\Program Files (x86)\LogMeIn
    2011-03-26 20:07:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-03-26 20:07:28 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    .
    ==================== Find3M ====================
    .
    2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-03-01 07:50:25 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-03-01 07:50:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 13:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-02-23 13:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-02-22 23:29:58 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
    2011-02-21 22:27:50 40648 ----a-w- C:\Windows\avastSS.scr
    2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
    2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
    2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
    2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
    2011-02-03 01:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2009-08-20 08:13:26 9815040 ----a-w- C:\Program Files\openofficeorg31.msi
    2009-03-26 10:36:32 451928 ----a-w- C:\Program Files\setup.exe
    2002-03-11 09:06:30 1822520 ----a-w- C:\Program Files\instmsiw.exe
    2002-03-11 08:45:04 1708856 ----a-w- C:\Program Files\instmsia.exe
    .
    ============= FINISH: 21:15:31.18 ===============




















    Note as well, I'm using my desktop to do all of my internet access, downloading, etc. while the laptops network is messed up. This is going to be a doozy to fix I'm thinking.
  5. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    If I could, I ask again for help with this situation. If it's not fixed soon I will require the family member to pay someone to fix my computer for me or buy me a totally new computer. For this person's sake, as well mine, please someone help.

    Thanks everyone.

    Taylor
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You are getting free help here given by all volunteers. It requires patience. IF you don't have that, spend the $$$.
    =====================================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ======================================
    Pease note: I will not get back to this thread until tomorrow.
  7. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Alrighty, thanks Bobbye for the help with Combofix. I've got the script from the notepad here.


    ComboFix 11-04-23.02 - Taylor 04/24/2011 12:41:24.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1840 [GMT -4:00]
    Running from: c:\users\Taylor\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Setup.exe
    c:\users\Taylor\AppData\Roaming\inst.exe
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-24 16:47 . 2011-04-24 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-21 01:25 . 2011-04-23 03:13 -------- d-----w- c:\users\Taylor\AppData\Roaming\IObit
    2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\programdata\IObit
    2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\program files (x86)\IObit
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
    2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
    2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
    2011-03-26 20:07 . 2011-04-19 05:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-03-26 20:07 . 2011-03-26 20:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-04-13 04:47 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-13 04:47 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-23 14:04 . 2010-07-02 06:09 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-02-23 14:04 . 2011-01-21 22:08 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-23 13:57 . 2010-07-02 06:10 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-23 13:57 . 2011-02-22 18:38 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-23 13:55 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-23 13:55 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-23 13:55 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-23 13:54 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
    2011-02-21 22:27 . 2010-06-30 04:16 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
    2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000Core.job
    - c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
    .
    2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000UA.job
    - c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-24 12:54:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-24 16:54
    .
    Pre-Run: 163,784,753,152 bytes free
    Post-Run: 163,618,410,496 bytes free
    .
    - - End Of File - - 1CD23EDFC8C0AA5B97C4BBB38EE59DFA
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sorry- my internet was down:

    Please run this Custom Script

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DXSETUP.exe
    c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DSETUP.dll
    c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\dsetup32.dll
    c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DSETUP.dll
    c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DXSETUP.exe
    c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\dsetup32.dll
    c:\users\Marc\AppData\Local\Blegozab.bin
    Folder::
    c:\program files\Driver-Soft
    c:\programdata\jEcIbKpEnAi06504
     c:\programdata\oHk06511aGpMj06511
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================================
    How is the system running now?
  9. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Hey there Bobbye. Thanks again bro for the help. Here's the new log. (Hope this worked right haha :) )

    ComboFix 11-04-23.02 - Taylor 04/25/2011 22:06:35.3.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1430 [GMT -4:00]
    Running from: c:\users\Taylor\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-26 02:04 . 2011-04-26 02:05 -------- d-----w- C:\32788R22FWJFW
    2011-04-21 01:25 . 2011-04-23 03:13 -------- d-----w- c:\users\Taylor\AppData\Roaming\IObit
    2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\programdata\IObit
    2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\program files (x86)\IObit
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
    2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
    2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-04-13 04:47 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-13 04:47 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-23 14:04 . 2010-07-02 06:09 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-02-23 14:04 . 2011-01-21 22:08 238968 ----a-w- c:\windows\system32\aswBoot.exe
    2011-02-23 13:57 . 2010-07-02 06:10 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-23 13:57 . 2011-02-22 18:38 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-23 13:55 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-23 13:55 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-23 13:55 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-23 13:54 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
    2011-02-21 22:27 . 2010-06-30 04:16 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
    2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-24_16.49.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-26 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-04-24 16:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 05:10 . 2011-04-24 16:26 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-04-26 01:45 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-02 02:44 . 2011-04-26 01:45 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3613868978-245932973-150743863-1000_UserData.bin
    - 2011-04-24 16:47 . 2011-04-24 16:47 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-04-25 03:39 . 2011-04-25 03:39 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-04-26 01:36 . 2011-04-26 01:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-04-26 01:36 . 2011-04-26 01:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-26 01:36 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    - 2011-04-24 16:48 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    - 2011-04-24 16:48 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-04-26 01:36 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2010-06-05 02:19 . 2011-04-25 03:39 274976 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 05:01 . 2011-04-24 16:47 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-04-25 03:39 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000Core.job
    - c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
    .
    2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000UA.job
    - c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-25 22:41:28
    ComboFix-quarantined-files.txt 2011-04-26 02:41
    ComboFix2.txt 2011-04-24 16:54
    .
    Pre-Run: 163,407,826,944 bytes free
    Post-Run: 163,857,072,128 bytes free
    .
    - - End Of File - - 2422CF1C04BD4AAE33CD759BFB22EA26
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    When script has been run through Combofix, the following line shows in the header:
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt


    It looks like you just ran Combofixx twice without running the script in between.
  11. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Ahh gotcha, thanks Bobbye for catching that. Again, thanks for your patience. Here's the new one. I got this one right :)


    ComboFix 11-04-23.02 - Taylor 04/27/2011 19:25:53.4.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1802 [GMT -4:00]
    Running from: c:\users\Taylor\Desktop\ComboFix.exe
    Command switches used :: c:\users\Taylor\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DSETUP.dll"
    "c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\dsetup32.dll"
    "c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DXSETUP.exe"
    "c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DSETUP.dll"
    "c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\dsetup32.dll"
    "c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DXSETUP.exe"
    "c:\users\Marc\AppData\Local\Blegozab.bin"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-27 23:39 . 2011-04-27 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-21 01:25 . 2011-04-23 03:13 -------- d-----w- c:\users\Taylor\AppData\Roaming\IObit
    2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\programdata\IObit
    2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\program files (x86)\IObit
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
    2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
    2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-26 03:43 . 2010-07-04 04:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-26 03:43 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-26 03:43 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-04-26 03:43 . 2010-07-04 04:43 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-04-18 17:25 . 2010-06-30 04:16 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-18 17:25 . 2010-07-02 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-04-18 17:25 . 2011-01-21 22:08 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-18 17:18 . 2010-07-02 06:10 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-18 17:17 . 2011-02-22 18:38 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-18 17:16 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-18 17:13 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-18 17:13 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-18 17:13 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
    2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
    2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-24_16.49.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-27 23:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-27 23:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-04-24 16:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-27 23:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-02 06:03 . 2011-04-26 15:56 63246 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-04-24 16:26 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-04-27 23:16 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-02 02:44 . 2011-04-27 23:16 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3613868978-245932973-150743863-1000_UserData.bin
    - 2011-04-24 16:47 . 2011-04-24 16:47 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-04-27 04:17 . 2011-04-27 04:17 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-04-27 23:14 . 2011-04-27 23:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-27 23:14 . 2011-04-27 23:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-04-24 16:48 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    + 2011-04-27 23:14 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    + 2011-04-27 23:14 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    - 2011-04-24 16:48 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2010-06-05 02:19 . 2011-04-27 01:25 275024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2011-04-27 04:16 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-04-24 16:47 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2010-08-17 00:07 . 2011-04-21 02:00 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
    + 2010-08-17 00:07 . 2011-04-27 04:16 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9g9zknfn.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-27 20:00:11
    ComboFix-quarantined-files.txt 2011-04-28 00:00
    ComboFix2.txt 2011-04-26 02:41
    ComboFix3.txt 2011-04-24 16:54
    .
    Pre-Run: 164,053,143,552 bytes free
    Post-Run: 163,693,277,184 bytes free
    .
    - - End Of File - - FA943C5F24E93711E97280F5A4AC124C
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay- now you have it! There is one other log from the DDS scan> it's named Attach.txt.. It has some additional information that will help me help you. You don't need to run the scan again, just search for it in your computer and paste it in next reply. Note: you do not have to zip it- just ignore that.

    Please tell me what program you are using from IObit I'm checking the Combofix log now.

    Edit: I'd also like you to run this Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Combo fix looks good- just a few entries to remove. Are you still losing the internet connection? This is not something usually due to malware> Many of the malware programs deal in stealing your information, then sending it to some particular site. If there is no connection, that can't be done.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      c:\windows\Temp\logishrd\LVPrcInj02.dll
      c:\windows\Temp\logishrd\LVPrcInj02.dll
      c:\windows\Temp\logishrd\LVPrcInj01.dll
      c:\windows\Temp\logishrd\LVPrcInj01.dll
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===================================
    Let me know how the system is doing.
  14. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Gotcha gotcha. The Attach log from the laptop is right here.


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/1/2010 10:35:08 PM
    System Uptime: 4/19/2011 5:52:22 PM (3 hours ago)
    .
    Motherboard: Dell Inc. | | 0G848F
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Microprocessor | 2194/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 152.019 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 233 GiB total, 165.031 GiB free.
    Y: is FIXED (NTFS) - 15 GiB total, 8.253 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A
    Device ID: PCI\VEN_8086&DEV_293A&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&EF
    Manufacturer: Intel
    Name: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A
    PNP Device ID: PCI\VEN_8086&DEV_293A&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&EF
    Service: usbehci
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C
    Device ID: PCI\VEN_8086&DEV_293C&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&D7
    Manufacturer: Intel
    Name: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C
    PNP Device ID: PCI\VEN_8086&DEV_293C&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&D7
    Service: usbehci
    .
    ==== System Restore Points ===================
    .
    RP203: 3/15/2011 7:03:05 PM - Installed Adobe Reader X.
    RP204: 3/22/2011 11:33:01 PM - Scheduled Checkpoint
    RP205: 3/25/2011 12:32:17 AM - Windows Update
    RP206: 4/2/2011 12:10:27 AM - Scheduled Checkpoint
    RP207: 4/10/2011 12:09:47 AM - Scheduled Checkpoint
    RP208: 4/13/2011 10:49:22 PM - Installed LogMeIn
    RP209: 4/13/2011 11:04:36 PM - Installed Java(TM) 6 Update 24
    RP210: 4/14/2011 9:38:41 PM - Windows Update
    RP211: 4/19/2011 6:11:42 PM - Removed Dell Getting Started Guide.
    RP212: 4/19/2011 7:26:29 PM - Removed Google Earth Plug-in.
    RP213: 4/19/2011 7:27:16 PM - Removed LogMeIn
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Banctec Service Agreement
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cozi
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Driver Download Manager
    Digital Voice Recorder
    DVD Shrink 3.2
    Feedback Tool
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    GoToAssist 8.0.0.514
    Handbrake 0.9.4
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    Junk Mail filter update
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NOOK for PC
    PowerDVD DX
    QuickTime
    Roxio Burn
    Samsung PC Studio 3 USB Driver Installer
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 5.1
    SmartSound Common Data
    SmartSound Quicktracks 5
    Spybot - Search & Destroy
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    VLC media player 1.1.7
    VoiceOver Kit
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/19/2011 9:59:32 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    4/19/2011 7:52:22 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    4/19/2011 7:36:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    4/19/2011 7:09:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    4/19/2011 6:20:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    4/19/2011 5:52:58 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
    4/19/2011 5:52:42 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
    4/19/2011 5:52:38 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    4/19/2011 1:40:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    4/17/2011 11:42:08 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    4/15/2011 12:49:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    4/14/2011 11:48:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/14/2011 1:10:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================



    I used IObit thinking it might be able to pick something up. I reacted to soon and wasn't thinking straight. I scanned my computer with it and I think I may have filled a few security holes. But that's all I remember. I'm not for sure if I ran a ccleaner like option that it had or no. I could be thinking of my desktop computer that I did that on.


    I'll go ahead and run Security Check real quick and post it in my next post.

    One more thing before I go as well, my laptop, at least from what I've seen, it hasn't been dropping the internet connection. I worry though that their could be some problems still within it. I'm not sure. Anytime you open yourself up to pornography your going to get hurt and i don't want to do anymore banking/private services until I know for sure I'm safe.
  15. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Here's the checkup log as you asked for Bobbye. Thanks.

    Results of screen317's Security Check version 0.99.10
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader X (10.0.1)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ``````````End of Log````````````
  16. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Okay, so here are the OTM "logs" that I had to get. The first time I ran OTM it got over half way thru and my laptop completely froze in processing. OTM stopped responding, Window's Explorer became unresponsive, after waiting a while the only option was to manually shut down the laptop.

    It still opened a notepad .txt document when I turned the laptop on again. The first log is the log that I got when the computer became unresponsive. I ran OTM again since it wasn't able to fully get thru it's processes and the second .txt is the full scan that OTM was able to get thru.

    (Also Note: OTM asked me on the last scan to reboot and I did. That's what produced the 2nd Scan log for me.)

    1st Scan:


    Files moved on Reboot...
    File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VG7A34G6\background-banner-middle-v45[1].jpg moved successfully.
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R6DD9TY\background_banner_green_50_v45[1].jpg moved successfully.
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R6DD9TY\background_button_green_full[2].png moved successfully.
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R6DD9TY\list-item-plus[1].png moved successfully.
    C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CJI8NGS\background-banner-right-v45[1].jpg moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    2nd Scan:

    All processes killed
    ========== FILES ==========
    LoadLibrary failed for c:\windows\Temp\logishrd\LVPrcInj02.dll
    File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    LoadLibrary failed for c:\windows\Temp\logishrd\LVPrcInj02.dll
    File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in c:\windows\Temp\logishrd\LVPrcInj01.dll
    File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    DllUnregisterServer procedure not found in c:\windows\Temp\logishrd\LVPrcInj01.dll
    File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Taylor
    ->Temp folder emptied: 1767899 bytes
    ->Temporary Internet Files folder emptied: 64639 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8327991 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 434 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 241296 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 323798553 bytes

    Total Files Cleaned = 319.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 04282011_130009

    Files moved on Reboot...
    File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
    File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...




    Sorry again about that Bobbye, hopefully nothing has gotten messed up now. Also a side note, my Avast! logo isn't showing in my current running processes in Task Manager or at the Bottom right of Windows on boot up. I have to manually double click the Avast! icon that's on my desktop in order for it to start running. I've check to make sure, "Start on Boot up" is clicked. But the problem still persists. I don't know if it's something as easy as doing a reinstall of Avast! or if it's something malware has done. I dunno. Thanks again.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Just want to mention this: Total Files Cleaned = 319.00 mb from the OTM log. That is a lot of files! The program is set to remove temp files and cache file also. These were in your account:
    You might want to check your browser settings regarding temp folders and temporary internet files. You can control this as follows in Firefox:
    Tools> Options> Privacy section> Uncheck 'Remember download history'> Reset the History days to fewer (mine is set for only 3 days)> 'Remember Search & form history' is optional>> I don't have this checked.

    If you use Internet Explorer: Tools> Internet Options> General tab> Temporary internet files click on Settings> Check 'Never'> Move slider to the left, decreasing space allowed> Advanced tab> Security section> Check 'Empty TIF folder when browser is closed.'> OK> Apply> OK

    This, along with routine disc cleanup, defrag, error check will keep things you don't need from taking up space and using memory.
    ========================================
    I'm not sure what you're saying about Notepad opening when you startup, but try this:
    Go to Folder Options in the Control Panel> Click on View tab> Make sure this is checked 'do not show hidden files and folders.' Make sure this is checked 'Hide protected and system files (Recommended)'> Click on Apply> OK. Reboot and see if Notepad is gone.
    ======================================
    The most common program from IObit that I see is Advanced System Care.. I always advise uninstall because neither is the program good, nor the site considered safe. But you have a couple of entries left:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    Folder::
    c:\programdata\IObit
    c:\program files (x86)\IObit
    c:\users\Taylor\AppData\Roaming\IObit
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Suggest you update the Windows Installer. You v2.0 from 2002. I think it's v5 now.
  18. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Hey there Bobbye. Sorry for the mix up. Notepad doesn't open up everytime I boot up. In my response I was saying when my computer became unresponsive during the OTM, that on reboot the log of that OTM scan showed up in Notepad (sorry for confusion). I got the Combofix scan log, I was also wondering what you thought about the avast! issue. Thanks Bobbye, I appreciate it.

    ComboFix 11-04-23.02 - Taylor 04/28/2011 16:17:38.5.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1755 [GMT -4:00]
    Running from: c:\users\Taylor\Desktop\ComboFix.exe
    Command switches used :: c:\users\Taylor\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\IObit
    c:\program files (x86)\IObit\IObit Security 360\Downloaded\silverlight.exe.tmp
    c:\program files (x86)\IObit\IObit Security 360\IS360DataBase.db
    c:\program files (x86)\IObit\IObit Security 360\license.dat
    c:\program files (x86)\IObit\IObit Security 360\Quarantine Zone\info.db
    c:\program files (x86)\IObit\IObit Security 360\SecurityHoles.db
    c:\program files (x86)\IObit\IObit Security 360\SecurityHoles.ini
    c:\program files (x86)\IObit\IObit Security 360\unins000.exe
    c:\program files (x86)\IObit\IObit Security 360\UpdateLog.txt
    c:\programdata\IObit
    c:\programdata\IObit\IObit Security 360\config.ini
    c:\programdata\IObit\IObit Security 360\Ignore.ini
    c:\programdata\IObit\IObit Security 360\PD_Stat.ini
    c:\programdata\IObit\IObit Security 360\PS_Config.ini
    c:\users\Taylor\AppData\Roaming\IObit
    c:\users\Taylor\AppData\Roaming\IObit\Advanced SystemCare V4\Main.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-28 20:31 . 2011-04-28 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-28 16:28 . 2011-04-28 16:28 -------- d-----w- C:\_OTM
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
    2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
    2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
    2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-26 03:43 . 2010-07-04 04:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-26 03:43 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-04-26 03:43 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-04-26 03:43 . 2010-07-04 04:43 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-04-18 17:25 . 2010-06-30 04:16 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-18 17:25 . 2010-07-02 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-04-18 17:25 . 2011-01-21 22:08 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-18 17:18 . 2010-07-02 06:10 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-18 17:17 . 2011-02-22 18:38 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-18 17:16 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-18 17:13 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-18 17:13 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-18 17:13 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
    2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
    2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
    2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
    2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
    2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-04-24_16.49.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-28 20:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-04-24 16:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-28 20:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-28 20:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-02 06:03 . 2011-04-28 20:35 63730 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-04-24 16:26 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-04-28 20:36 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-02 02:44 . 2011-04-28 20:36 20446 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3613868978-245932973-150743863-1000_UserData.bin
    + 2011-04-28 20:31 . 2011-04-28 20:31 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2011-04-24 16:47 . 2011-04-24 16:47 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2011-04-28 20:32 . 2011-04-28 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-04-28 20:32 . 2011-04-28 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-28 20:32 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    - 2011-04-24 16:48 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
    - 2011-04-24 16:48 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2011-04-28 20:32 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
    + 2010-06-05 02:19 . 2011-04-28 18:25 275096 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2011-04-28 20:31 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-04-24 16:47 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2010-08-17 00:07 . 2011-04-21 02:00 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
    + 2010-08-17 00:07 . 2011-04-28 20:31 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
    - 2009-07-14 02:34 . 2011-04-15 02:02 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2011-04-28 16:30 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
    R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9g9zknfn.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-28 17:04:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-28 21:04
    ComboFix2.txt 2011-04-28 00:00
    ComboFix3.txt 2011-04-26 02:41
    ComboFix4.txt 2011-04-24 16:54
    .
    Pre-Run: 163,188,789,248 bytes free
    Post-Run: 163,116,867,584 bytes free
    .
    - - End Of File - - 77FA2BA0ACFE26BF1AC35FCCF1E9CAA6
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    About Avast: I went back to the DDS log to see if there was ant error related to Avast. There wasn't. But I did find this:
    4/19/2011 5:52:58 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.

    You can disable that Service: Start> Run> type in services.msc> enter> Double click on the McAfee Service> Set the Startup type to Disabled. Exit Services.
    ============================================
    But you can check for the Avast icon in the Notification Area this way:
    Right click on the Taskbar> Properties> In the Notification ares Check 'Hide inactive icons'> Then check Customize Find the icon for Avast and make sure the dialog box is set to Always Show> Then close.

    To see if the entries are checked on the Startup Menu using the msconfig utility:
    • Click on the Windows 7 start icon in the bottom left corner of your screen.
    • Type MSCONFIG in the search box> press enter or double-click on the MSCONFIG program that appears in the search results.
      [​IMG]
    • Click on Selective Startup
    • Click on the Startup tab. You will now see the System Msconfig Utility
      [​IMG]

      Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services. So most of the startup items you see here are optional.
    • If there are any Avast entries that are not checked, Please check.
    • When finished> click on OK
      Reboot the computer.
    • When you see this message come up: Check 'don't show this message again'> then Restart.
    [​IMG]
    Images courtesy NetSquirrel
    ============
    The Combofix log is fine. I would like to mention again that you check for update for Windows Installer You have 2 entries from 2002 for the v2 version. I thin the Windows 7 version is v5, so check Microsoft updates.

    Are there any remaining problems related to malware?
  20. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Hey there Bobbye, I think that were good. I did have a question concerning firewalls. I personally don't get on pornographic websites or anything of the like. I for the most part know which websites to go to and not to go to (I try to stay alert and safe when I'm on the web). Do you think I need to get something other than Windows Firewall? I haven't had any other problems until this, but maybe I need the extra protection???

    Was just wanting your recommendation if I needed one. Again Bobbye, I thank you very much for the assistance. Thanks again.

    Taylor
  21. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Quick update:

    Check msconfig, avast! isn't even listed in the start up log anymore. I don't know why I didn't think to check that anyways, but it isn't there anymore.

    On top of that, McAfee is acting awkward. McAfee SystemGuards was set to manual start up, so I turned it off to disabled. But the service McAfee Real-time Scanner you can only start the service. Everything else is grayed out (even when running services as Admin). I don't know what's up with that, but when I try to start the service to see if I can then manually disable, on starting it, it pops up with this:

    Windows could not start the McAfee Real Time Scanner services on Local Computer.

    Error 2: The system cannot find the file specified.

    I dunno, I just updated some of WIndows updates, I'll see if that helps anything. Let me know what you think if you could Bobbye.

    Taylor
  22. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Update:

    The problem with avast! not being there on start up and msconfig still not showing is persisting. I'll reinstall to see if that will help.

    The McAfee Real-time Scanner problem still persists. I dunno.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please reinstall Avast if that is your antivirus programs of choice.
    Please run the McAfee removal tool:

    Do this in the following order:
    1. DownloadAvast Free Version again and save it to your desktop. Do not run yet
    2. Download McAfee Removal Tool and save it to your desktop.Do not run yet.
      =======================================
    3. Boot into Safe Mode
      [o] Restart your computer and start pressing the F8 key on your keyboard.
      [o] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    4. Double click on the McAfee Removal Tool to run. Follow the prompts.
    5. Double click the new Avast setup to run. If you get a message about already having it 'do you want to replace it', answer Yes.
    6. Reboot back in to Normal Mode.

    Let me know if this handles the problem.
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You're very welcome for the help Taylor.

    About firewalls: Here is a very basic and non-technical description:
    I have never been impressed with the Windows Firewall because it only 'listens' at incoming ports. The way firewalls work is to 'listen' at ports and hopefully prevent traffic from accessing the system. But there are both incoming and outgoing ports on the system> for instance:
    When you put an address in the browser, it will use an outgoing port to request the site and the site will 'answer 'and load on the system through an incoming port.

    So, if the Windows Firewall misses a scanner and malware gets into the system and is the type to send your information to a site on the internet, the Windows FW won't 'hear' it because it doesn't listed at outgoing ports.

    If you are only using software Firewalls, It is better to have one that is bidirectional, that is, listens to both incoming and outgoing ports. The following free firewalls will do that:
    Comodo
    Zone Alarm

    An alternative to this would be to use a router along with the Windows firewall. Routers have hardware firewalls built into them. I ran ZoneAlarm Firewall for years. Eventually, I got a router. I left A running for a few months, but not a single scan got past the router. So I uninstalled ZoneAlarm and enabled the Windows Firewall and I have been well protected.

    Does this answer the Firewall question? When we finish, I'll have you remove the cleaning tools and give you some additional security tips.
  25. jeffrey7

    jeffrey7 Newcomer, in training Topic Starter Posts: 16

    Gotcha. Gotcha. The McAfee uninstaller did the job for it. Avast is working again on start up, everything seems to be working out fine.

    Again my thanks Bobbye. I run off a wireless router, so I think I'll do without a software firewall. I think were finished. If you want go ahead and run me through the cleaning and tips.

    Thanks again Bobbye.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.