Author Topic: [In progress G]HijackThis log - Crazy Search Hijack Problem (Read 1506 times)

jillcatherine · « **on:** November 08, 2011, 06:48:39 PM »

Ok, so I have the malware from the darkest places of the earth on my computer, and the wonderful woman at Dell Forums told me you guys were the folks to help.

It has just about driven me batty. No scan can detect it, but it's taken over all of my browsers. It starts up new tabs (pop up search pages), blocks my access to websites that can help and therefore my own research on how to remove, it will not let me start my windows firewall, it will not let me install AVG, but I have run Webroot Spy Sweeper and Spybot.

Here is my Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:44:32 PM, on 11/6/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal
Running processes:
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe"
O4 - HKLM\..\Run: [PDF5 Registry Controller] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe"
O4 - HKLM\..\Run: [RUNUPDATER] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe"
O4 - HKLM\..\Run: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
O4 - HKLM\..\Run: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
O4 - HKLM\..\Run: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - Invalid registry found
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell 1355cn Status Database (DLNADB) - Unknown owner - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Parental Controls (WPCSvc32) - Unknown owner - C:\Windows\system32\qdvd32.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

gahixon1 · « **Reply #1 on:** November 08, 2011, 07:10:20 PM »

Hello Jillcatherine and welcome to the Forums,

My name is George and I will be assisting you with your problem.

Please follow all my instructions carefully in the order that I give them.

Please give a VERY clear description of the problem you are having. The more detailed, the quicker we will be able to work through the problem together.

Do not install any updates until I tell you to do so. Updating an infected computer can have disastrous effects.

Do not attempt any other fixes than what I give you here. Using other tools might interfere with the cleaning process. It may also damage your computer.

Please stick with me until the end. Just because your computer is no longer showing signs of malware, does not mean you are protected.

Either print or save to Notepad all the instructions that I give you. If there is anything you are unsure of or any instructions you feel lack clarity, please do not hesitate to ask.

Some of the logs I may ask for are very long and complex. As is analysing these logs. My responses to you may take longer than you would expect. I assure you that I will work through your problem and a solution as quick as I can.

Please be patient while I determine my first set of instructions.

Step 1
ATF Cleaner

Please download ATF Cleaner by Atribune.

This program is for Windows 98/ME/2K/XP and Vista

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2
Run Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Step 3
DDS
We need to see some additional information about what is happening in your machine.
Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.com
- DDS.scr
- DDS.pif
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool.
- When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
The instructions here ask you to attach the Attach.txt.

Instead of attaching, please copy/paste both logs into your next reply.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

In your next reply can I have:
DDS.txt
Attach.txt
The MBAM log and any issues you may have had.

jillcatherine · « **Reply #2 on:** November 09, 2011, 11:32:14 AM »

AWESOME. Will do. I am at your command!!!

I will be working from home tomorrow and will be able to follow all of your steps, then will repost with my results and the files you requested!!

Thanks again!!!

Jill

gahixon1 · « **Reply #3 on:** November 09, 2011, 01:04:48 PM »

Thanks for the update,

George

jillcatherine · « **Reply #4 on:** November 09, 2011, 04:55:37 PM »

Hi George,

I was able to get started early. Step 1 regarding ATF Cleaner... I have windows 7. Is there an alternative or do I skip that step? I look forward to hearing from you.

Thanks,
Jill

PS: Most prevalent symptom right now... ANY search results must have the address to the site I wish to go to pasted directly into the address bar, otherwise I am redirected to famous search, marvelous search systems, etc.

gahixon1 · « **Reply #5 on:** November 10, 2011, 07:22:46 AM »

Hi,

That is the standard behaviour, of a search redirect hijacker. Don't worry we should be able to get the problem sorted. Please ignore the ATF instruction, and continue with the others.

Thanks,

George

jillcatherine · « **Reply #6 on:** November 10, 2011, 10:23:47 AM »

Ok, here is everything. Malwarebytes found nothing.

Thanks for your support. I greatly appreciate it!

DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jill at 8:16:09 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2452 [GMT -8:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
C:\Windows\system32\conhost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
uRun: [Akamai NetSession Interface] C:\Users\Jill\AppData\Local\Akamai\netsession_win.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
mRun: [PDFHook] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe"
mRun: [PDF5 Registry Controller] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe"
mRun: [RUNUPDATER] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe"
mRun: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
mRun: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
mRun: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
mRun: [RIMBBLaunchAgent.exe] "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Jill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Jill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0BE3ACB9-3CE2-4458-8981-109DFDFDBDBC} : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
mRun-x64: [PDFHook] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe"
mRun-x64: [PDF5 Registry Controller] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe"
mRun-x64: [RUNUPDATER] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe"
mRun-x64: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
mRun-x64: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
mRun-x64: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
mRun-x64: [RIMBBLaunchAgent.exe] "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-9 98208]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 DLNADB;Dell 1355cn Status Database;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [2010-9-29 89920]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-6-14 144672]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-15 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-9 705856]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-9 2320920]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-9-15 1201640]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-26 136176]
S2 WPCSvc32;Parental Controls ;C:\Windows\system32\qdvd32.exe --> C:\Windows\system32\qdvd32.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-26 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-11-10 16:09:51   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-10 15:56:35   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF891DF7-1089-426C-B4D8-B62921B3AED5}\offreg.dll
2011-11-10 00:01:18   --------   d-----w-   C:\Users\Jill\AppData\Local\Akamai
2011-11-09 02:23:48   886784   ----a-w-   C:\Program Files\Common Files\System\wab32.dll
2011-11-09 02:23:47   708608   ----a-w-   C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 02:23:46   1897328   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-11-09 02:23:43   3141120   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-09 02:18:47   8570192   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF891DF7-1089-426C-B4D8-B62921B3AED5}\mpengine.dll
2011-11-06 22:38:58   --------   d--h--w-   C:\ProgramData\Common Files
2011-11-06 22:36:24   --------   d-----w-   C:\ProgramData\MFAData
2011-11-03 21:41:07   --------   d-----w-   C:\Windows\System32\MpEngineStore
2011-10-30 18:06:02   --------   d-----w-   C:\Users\Jill\AppData\Roaming\OpenOffice.org
2011-10-30 17:59:13   --------   d-----w-   C:\Program Files (x86)\OpenOffice.org 3
2011-10-26 22:03:15   6144   ----a-w-   C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 22:03:15   6144   ----a-w-   C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-26 06:16:19   0   ----a-w-   C:\Windows\SysWow64\shoA1F9.tmp
2011-10-25 05:45:51   --------   d-sh--w-   C:\Windows\System32\%APPDATA%
2011-10-25 05:42:39   --------   d-----we   C:\Windows\system64
2011-10-25 05:40:34   --------   d-sh--w-   C:\Users\Jill\AppData\Local\7f725c16
.
==================== Find3M ====================
.
2011-10-27 21:14:30   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-04 04:49:54   0   ----a-w-   C:\Windows\SysWow64\sho10BA.tmp
2011-10-03 13:06:03   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-09-01 01:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:40:28   861184   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20   1197568   ----a-w-   C:\Windows\System32\wininet.dll
2011-08-20 05:41:16   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23   482816   ----a-w-   C:\Windows\System32\html.iec
2011-08-20 03:26:38   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46   75776   ----a-w-   C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46   288256   ----a-w-   C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46   104960   ----a-w-   C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23   72704   ----a-w-   C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23   59904   ----a-w-   C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23   204288   ----a-w-   C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 8:18:40.93 ===============

Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2010 6:15:41 PM
System Uptime: 11/10/2011 7:53:15 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 08VFX1
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | U2E1 | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 307.118 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP164: 10/31/2011 8:00:32 PM - Windows Backup
RP165: 10/31/2011 9:11:54 PM - Windows Update
RP166: 11/1/2011 2:37:14 PM - Windows Update
RP167: 11/3/2011 2:56:35 PM - Windows Update
RP168: 11/4/2011 8:50:42 AM - Windows Update
RP169: 11/6/2011 3:05:19 PM - Installed Java(TM) 6 Update 29
RP170: 11/7/2011 8:00:15 PM - Windows Backup
RP171: 11/8/2011 6:17:12 PM - Windows Update
RP172: 11/8/2011 8:00:38 PM - Windows Update
.
==== Installed Programs ======================
.
.
3DVIA player 5.0
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Messaging Toolbar
Apple Application Support
Apple Software Update
Bing Bar
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
Consumer In-Home Service Agreement
Cozi
Dell 1355cn/1355cnw Color MFP
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Toolbar
Dell Webcam Central
Download Updater (AOL LLC)
EA Download Manager
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 29
Junk Mail filter update
LeapFrog Connect
LeapFrog Leapster2 Plugin
LeapFrog Tag Plugin
LoJack Factory Installer
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nuance PaperPort 12
Nuance PDF Viewer Plus
OpenOffice.org 3.3
PDF Settings CS5
PxMergeModule
Quicken 2008
Quicken 2011
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Scansoft PDF Professional
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
Spy Sweeper Core
Spybot - Search & Destroy
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Late Night
The Sims™ 3 World Adventures
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
Visual Studio 2008 x64 Redistributables
Webroot AntiVirus with Spy Sweeper
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 4:01:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.
11/9/2011 4:01:57 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/6/2011 2:47:00 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
11/10/2011 7:56:12 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
11/10/2011 7:53:40 AM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
11/10/2011 7:53:37 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/10/2011 7:53:37 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/10/2011 7:53:33 AM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8132

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/10/2011 8:13:31 AM
mbam-log-2011-11-10 (08-13-31).txt

Scan type: Quick scan
Objects scanned: 199332
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gahixon1 · « **Reply #7 on:** November 11, 2011, 11:05:41 AM »

Hi Jillcatherine,

I'd like you to run this program next please.

Step 3
ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

* Double click on combofix.exe & follow the prompts.
* XP Users ONLY - When prompted, please allow CF to install the Recovery Console.
* When finished, it will produce a logfile located at C:\ComboFix.txt.
* Post the contents of that log in your next reply with a new DDS log.

Note: ComboFix will open a window which will detail its progress. It may take several minutes to complete. Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

*Note: Combofix is an extremely powerful tool and should not be used unsupervised. If used inappropriately it can cause irreparable damage to your computer.*

In your next reply:
Combofix.txt

jillcatherine · « **Reply #8 on:** November 11, 2011, 07:38:08 PM »

Thanks George.

ComboFix 11-11-11.06 - Jill 11/11/2011 17:14:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2361 [GMT -8:00]
Running from: c:\users\Jill\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Chris\AppData\Roaming\Adobe\shed
c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}
c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\chrome.manifest
c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\chrome\xulcache.jar
c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\defaults\preferences\xulcache.js
c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w43dam9m.default\extensions\{51994d98-3b9e-41fa-8673-4b65e40b5958}\install.rdf
c:\users\Jill\Adobe_Creative_Suite_5_Master_Collection-AkamaiDLM.exe
c:\users\Jill\FullTiltSetup.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-11 16:02 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBFC259C-66D4-404E-BC66-2C37D4EEB413}\mpengine.dll
2011-11-10 16:09 . 2011-11-10 16:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 00:01 . 2011-11-11 16:02   --------   d-----w-   c:\users\Jill\AppData\Local\Akamai
2011-11-09 02:23 . 2011-10-01 05:28   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 02:23 . 2011-10-01 04:43   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 02:23 . 2011-09-29 16:24   1897328   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:23 . 2011-09-29 04:09   3141120   ----a-w-   c:\windows\system32\win32k.sys
2011-11-06 23:14 . 2011-11-06 23:14   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-11-06 22:38 . 2011-11-06 22:38   --------   d--h--w-   c:\programdata\Common Files
2011-11-06 22:36 . 2011-11-06 22:39   --------   d-----w-   c:\programdata\MFAData
2011-11-03 21:41 . 2011-11-03 19:47   --------   d-----w-   c:\windows\system32\MpEngineStore
2011-10-30 18:06 . 2011-10-30 18:06   --------   d-----w-   c:\users\Jill\AppData\Roaming\OpenOffice.org
2011-10-30 17:59 . 2011-10-30 17:59   --------   d-----w-   c:\program files (x86)\OpenOffice.org 3
2011-10-26 23:40 . 2011-10-26 23:40   --------   d-----w-   c:\windows\system32\Macromed
2011-10-26 22:03 . 2011-08-15 05:08   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2011-10-26 22:03 . 2011-08-15 04:25   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-26 06:16 . 2011-10-26 06:16   0   ----a-w-   c:\windows\SysWow64\shoA1F9.tmp
2011-10-25 05:45 . 2011-10-25 05:45   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2011-10-25 05:40 . 2011-10-25 05:40   --------   d-sh--w-   c:\users\Jill\AppData\Local\7f725c16
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 16:16 . 2011-04-26 10:29   159080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-27 21:14 . 2011-07-26 20:47   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-04 04:49 . 2011-10-04 04:49   0   ----a-w-   c:\windows\SysWow64\sho10BA.tmp
2011-10-03 13:06 . 2010-10-10 03:28   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-09-15 16:43 . 2011-09-15 16:43   388096   ----a-r-   c:\users\Jill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-01 01:00 . 2011-07-12 23:53   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-27 05:40 . 2011-10-11 21:58   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-11 21:58   861184   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 21:58   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 21:58   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-08-20 05:45 . 2011-10-11 21:58   1197568   ----a-w-   c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-11 21:58   57856   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-11 21:58   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-08-20 04:35 . 2011-10-11 21:58   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-11 21:58   482816   ----a-w-   c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-11 21:58   386048   ----a-w-   c:\windows\SysWow64\html.iec
2011-08-17 05:32 . 2011-10-11 21:58   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-08-17 05:27 . 2011-10-11 21:58   288256   ----a-w-   c:\windows\system32\MSNP.ax
2011-08-17 05:27 . 2011-10-11 21:58   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-08-17 05:27 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\system32\MSDvbNP.ax
2011-08-17 05:27 . 2011-10-11 21:58   104960   ----a-w-   c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:26 . 2011-10-11 21:58   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22 . 2011-10-11 21:58   72704   ----a-w-   c:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22 . 2011-10-11 21:58   59904   ----a-w-   c:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22 . 2011-10-11 21:58   204288   ----a-w-   c:\windows\SysWow64\MSNP.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 22:14   238968   ----a-w-   c:\program files (x86)\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Akamai NetSession Interface"="c:\users\Jill\AppData\Local\Akamai\netsession_win.exe" [2011-11-11 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"IndexSearch"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe" [2010-06-15 46368]
"PaperPort PTD"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe" [2010-06-15 29984]
"PDFHook"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe" [2010-03-06 62752]
"RUNUPDATER"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe" [2010-09-29 465728]
"Dell 1355 MFP Launcher"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" [2010-09-29 920384]
"Dell 1355 MFP RUN"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe" [2010-09-29 2481472]
"StatusAutoRun"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" [2010-09-29 3789120]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys

R2 WPCSvc32;Parental Controls ;c:\windows\system32\qdvd32.exe

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-16 249648]
S2 DLNADB;Dell 1355cn Status Database;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [2010-09-29 89920]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-06-15 144672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-09-15 1201640]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 20:47]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 20:47]
.
2011-11-11 c:\windows\Tasks\wrSpySweeper_L4AB1FED886DF465B82B934EC9A5405B0.job
- c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-09-15 22:19]
.
2011-11-11 c:\windows\Tasks\wrSpySweeper_L4AB1FED886DF465B82B934EC9A5405B0.job
- c:\program files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2011-09-15 22:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-08 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF21472.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Open with PDF Viewer Plus - c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Notify-GoToAssist - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-QuickSet - c:\program files\Dell\QuickSet\QuickSet.exe
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2011-11-11 17:35:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 01:35
.
Pre-Run: 330,896,994,304 bytes free
Post-Run: 330,864,975,872 bytes free
.
- - End Of File - - 9AFD23A2C8354716021DA15E8B44715A

gahixon1 · « **Reply #9 on:** November 13, 2011, 09:17:55 PM »

Hi jillcatherine,

Apologies for my late reply, I have been away from my main computer for some time. As follows please

Step 1

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Step 2
Please open Notepad and copy/paste this code into the notepad:

Code: [Select]

KillAll::
ClearJavaCache::
File::
c:\users\Jill\AppData\Local\7f725c16
c:\windows\SysWow64\sho10BA.tmp

Save this as CFScript.txt and change the 'Save as type' to 'All Files' and place it on your desktop. Make sure your AV is disabled while we do this.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

In your next reply:
Combofix.txt
How is your computer running now?

jillcatherine · « **Reply #10 on:** November 14, 2011, 12:05:48 PM »

Oh don't apologize! I appreciate all your help!

Ok, so I folllowed your last set of instructions, and it looked like combo fix did something, but my computer did not reboot, and no log was produced, it just looked like it extracted the file and that was it.

The computer is working great, otherwise though.

jillcatherine · « **Reply #11 on:** November 14, 2011, 12:30:46 PM »

Wait... I guess I wasn't patient enough!!! here is the log:

ComboFix 11-11-14.02 - Jill 11/14/2011 10:08:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2422 [GMT -8:00]
Running from: c:\users\Jill\Desktop\ComboFix.exe
Command switches used :: c:\users\Jill\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jill\AppData\Local\7f725c16"
"c:\windows\SysWow64\sho10BA.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 18:20 . 2011-11-14 18:20   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-14 18:20 . 2011-11-14 18:20   --------   d-----w-   c:\users\Chris\AppData\Local\temp
2011-11-14 18:20 . 2011-11-14 18:20   --------   d-----w-   c:\users\Brendan\AppData\Local\temp
2011-11-13 17:26 . 2011-11-13 17:26   --------   d-----w-   C:\My Designs - Embroidery Software 6
2011-11-13 17:24 . 2009-05-09 05:28   137000   ----a-w-   c:\windows\SysWow64\MSMAPI32.OCX
2011-11-13 17:24 . 2011-11-13 17:25   --------   d-----w-   c:\program files (x86)\BERNINA
2011-11-13 17:24 . 2011-11-13 17:24   --------   d-----w-   c:\program files (x86)\Common Files\Wilcom
2011-11-13 17:23 . 2005-04-04 07:00   63488   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-11-13 17:23 . 2005-04-04 07:00   184320   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-13 17:23 . 2005-04-04 07:01   274432   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-13 17:23 . 2011-11-13 17:23   331908   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-13 17:23 . 2011-11-13 17:23   200836   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-13 17:23 . 2005-04-04 07:02   753664   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-13 17:23 . 2005-04-04 07:02   69714   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-13 17:23 . 2005-04-04 06:59   5632   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-11 16:02 . 2011-10-07 04:16   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBFC259C-66D4-404E-BC66-2C37D4EEB413}\mpengine.dll
2011-11-10 16:09 . 2011-11-10 16:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 00:01 . 2011-11-12 14:57   --------   d-----w-   c:\users\Jill\AppData\Local\Akamai
2011-11-09 02:23 . 2011-10-01 05:28   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 02:23 . 2011-10-01 04:43   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 02:23 . 2011-09-29 16:24   1897328   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:23 . 2011-09-29 04:09   3141120   ----a-w-   c:\windows\system32\win32k.sys
2011-11-06 23:14 . 2011-11-06 23:14   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-11-06 22:38 . 2011-11-06 22:38   --------   d--h--w-   c:\programdata\Common Files
2011-11-06 22:36 . 2011-11-06 22:39   --------   d-----w-   c:\programdata\MFAData
2011-11-03 21:41 . 2011-11-03 19:47   --------   d-----w-   c:\windows\system32\MpEngineStore
2011-10-30 18:06 . 2011-10-30 18:06   --------   d-----w-   c:\users\Jill\AppData\Roaming\OpenOffice.org
2011-10-30 17:59 . 2011-10-30 17:59   --------   d-----w-   c:\program files (x86)\OpenOffice.org 3
2011-10-26 23:40 . 2011-10-26 23:40   --------   d-----w-   c:\windows\system32\Macromed
2011-10-26 22:03 . 2011-08-15 05:08   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2011-10-26 22:03 . 2011-08-15 04:25   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-26 06:16 . 2011-10-26 06:16   0   ----a-w-   c:\windows\SysWow64\shoA1F9.tmp
2011-10-25 05:45 . 2011-10-25 05:45   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2011-10-25 05:40 . 2011-10-25 05:40   --------   d-sh--w-   c:\users\Jill\AppData\Local\7f725c16
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 16:20 . 2011-04-26 10:29   159080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-27 21:14 . 2011-07-26 20:47   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-04 04:49 . 2011-10-04 04:49   0   ----a-w-   c:\windows\SysWow64\sho10BA.tmp
2011-10-03 13:06 . 2010-10-10 03:28   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 21:58   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-09-15 16:43 . 2011-09-15 16:43   388096   ----a-r-   c:\users\Jill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-01 01:00 . 2011-07-12 23:53   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-27 05:40 . 2011-10-11 21:58   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-11 21:58   861184   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 21:58   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-11 21:58   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-08-20 05:45 . 2011-10-11 21:58   1197568   ----a-w-   c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-11 21:58   57856   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-11 21:58   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-08-20 04:35 . 2011-10-11 21:58   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-11 21:58   482816   ----a-w-   c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-11 21:58   386048   ----a-w-   c:\windows\SysWow64\html.iec
2011-08-17 05:32 . 2011-10-11 21:58   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-08-17 05:27 . 2011-10-11 21:58   288256   ----a-w-   c:\windows\system32\MSNP.ax
2011-08-17 05:27 . 2011-10-11 21:58   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-08-17 05:27 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\system32\MSDvbNP.ax
2011-08-17 05:27 . 2011-10-11 21:58   104960   ----a-w-   c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:26 . 2011-10-11 21:58   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22 . 2011-10-11 21:58   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22 . 2011-10-11 21:58   72704   ----a-w-   c:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22 . 2011-10-11 21:58   59904   ----a-w-   c:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22 . 2011-10-11 21:58   204288   ----a-w-   c:\windows\SysWow64\MSNP.ax
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_01.27.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-14 18:21   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-12 01:26   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-12 01:26   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-14 18:21   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-12 01:26   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-14 18:21   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-27 22:05 . 2011-11-14 18:22   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-27 22:05 . 2011-11-12 01:27   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-14 05:13   78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-10-27 22:05 . 2011-11-12 01:27   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-27 22:05 . 2011-11-14 18:22   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-27 22:05 . 2011-11-14 18:22   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-27 22:05 . 2011-11-12 01:27   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-27 01:29 . 2011-11-14 18:22   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-27 01:29 . 2011-11-12 01:27   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-27 01:29 . 2011-11-14 18:22   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-27 01:29 . 2011-11-12 01:27   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-12 01:26 . 2011-11-12 01:26   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-14 18:21 . 2011-11-14 18:21   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-12 01:26 . 2011-11-12 01:26   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-14 18:21 . 2011-11-14 18:21   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-10-28 02:05 . 2011-11-12 01:26   262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-10-28 02:05 . 2011-11-14 18:21   262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2011-11-12 00:53   624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-14 18:05   624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-14 18:05   106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-12 00:53   106756 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-12 01:25   384436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-14 18:20   384436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-08-08 22:46 . 2008-08-08 22:46   242176 c:\windows\Installer\279362.msi
- 2009-07-14 04:45 . 2011-11-11 19:38   3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-11-13 17:30   3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-12 10:16 . 2011-11-14 17:58   1055348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4289127186-800932172-3693104646-1001-8192.dat
- 2011-05-12 10:16 . 2011-11-06 22:58   1055348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4289127186-800932172-3693104646-1001-8192.dat
+ 2010-04-21 22:34 . 2010-04-21 22:34   7217664 c:\windows\Installer\27935d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 22:14   238968   ----a-w-   c:\program files (x86)\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Akamai NetSession Interface"="c:\users\Jill\AppData\Local\Akamai\netsession_win.exe" [2011-11-12 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"IndexSearch"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe" [2010-06-15 46368]
"PaperPort PTD"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe" [2010-06-15 29984]
"PDFHook"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe" [2010-03-06 62752]
"RUNUPDATER"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe" [2010-09-29 465728]
"Dell 1355 MFP Launcher"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" [2010-09-29 920384]
"Dell 1355 MFP RUN"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe" [2010-09-29 2481472]
"StatusAutoRun"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" [2010-09-29 3789120]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Jill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe