Jump to content


Photo
- - - - -

how to fix a dll error

dll error

  • This topic is locked This topic is locked
36 replies to this topic

#1 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 30 May 2012 - 08:42 PM

I was told to come here and post, this is the original message:
Hello all, I have recently gotten the following errors and I don't know how. I have done a malwarebytes scan and it found 1 i think 7 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9. The following error comes up when i boot my computer and I get 2 little boxes that state the following:

compntui64.dll

c:\users\MYNAME\appdata\local\temp\iscskeys.dll

I have seen online that there are scan systems to fix these but I tried to download a fixcleaner.com and it wont download for me, also it clears my history and shuts down my comp with a blue screen and restarts it and I lose the saved usernames and passwords and now trying to use google.com every search I do i get this... Error Refferer

If i do a system restore would that help? Any good scans I could download for free and fix this myself once in a while my IE will say an error has occured and needs to reopen the tab.

Thanks for any help.

****also i deleted QUICKTIME PLAYER because i thought that was the problem and it wasnt and i need it for a website,... is it ok to re-install quicktime?***

*******I DID A QUICK SCAN AND GOT THE FOLLOWING REPORT********
URGENT! You must restart your system to remove all active threats properly. Click Yes to restart now. ( i have done this AFTER I finish this post) --also i changed my name on the files to NAME as I dont want my name all over the forum---
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.27.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NAME :: NAME-PC [administrator]
5/30/2012 9:26:41 PM
mbam-log-2012-05-30 (21-26-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214826
Time elapsed: 4 minute(s), 48 second(s)
Memory Processes Detected: 2
C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> 2960 -> Delete on reboot.
C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> 4524 -> Delete on reboot.
Memory Modules Detected: 1
C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ICMPrinter (Trojan.Agent.SZ) -> Data: "C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe" /u -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{341509DC-CA89-03E9-E5EE-63E3B109C582} (Trojan.Birele) -> Data: C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmsttugc (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll",CreateProcessNotify -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> Delete on reboot.
C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> Delete on reboot.
C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.
C:\Users\NAME\AppData\Local\Temp\k8h0pp.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\NAME\AppData\Local\Temp\uoepougjrudefv.exe (Trojan.Agent.SZ) -> Quarantined and deleted successfully.
C:\Users\NAME\AppData\Local\Temp\~!#755D.tmp (Trojan.Birele) -> Quarantined and deleted successfully.
C:\Users\NAME\AppData\Local\Temp\~!#AB53.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\NAME\AppData\Local\Temp\~!#B352.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\NAME\AppData\Local\Temp\~!#B641.tmp (Trojan.Agent.SZ) -> Quarantined and deleted successfully.
(end)

ok I am back after a restart and I still get this...

error saying it has a problem starting up...
compntui64.dll

ALSO it doesn not save any of my browser history,...
this includes passwords with what i want to keep stored as well, like here I came back and it had no malwarebytes forum in the main URL bar and I had to sign in here as well.

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 31 May 2012 - 05:58 PM

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 02 June 2012 - 02:27 PM

MRCharlie, here is what you requested... sorry we had some storms here yesterday and I am a part of the weather team as well for FB and was tied up and we lost some power as well so here is the delayed reply. Also what this does not show is I did an update to Adobe Flashplayer and installed OOVOO and have since uninstalled OOVOO because after i did these 2 things I noticed problems and uninstalled and re-installed adobe flashplayer. Post back the 2 logs.....DDS.txt and Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/29/2011 6:58:51 PM
System Uptime: 6/1/2012 5:24:42 PM (22 hours ago)
.
Motherboard: Dell Inc. | | 08VFX1
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz | U2E1 | 911/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 519.41 GiB free.
D: is CDROM ()
Y: is FIXED (NTFS) - 15 GiB total, 6.771 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP232: 5/18/2012 7:23:59 AM - Windows Update
RP233: 5/22/2012 11:13:34 AM - Windows Update
RP234: 5/28/2012 9:15:22 AM - Removed ooVoo
RP235: 5/29/2012 12:10:42 PM - Windows Update
RP237: 5/29/2012 12:16:44 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader 9.1.2
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
Advanced Audio FX Engine
Ask Toolbar
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
B209a-m
BufferChm
CardRd81
CashCrate Toolbar
CCScore
Cozi
CR2
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell Product Registration
Dell Webcam Central
Destinations
DeviceDiscovery
EasyBits GO
eBay
Emergency 2012
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Facebook Video Calling 1.2.0.159
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
HLPIndex
HLPPDOCK
HLPRFO
HP Update
HPDiagnosticAlert
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Internet Explorer
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
John Deere Drive Green
Junk Mail filter update
Kodak EasyShare software
KSU
LAME v3.98.3 for Audacity
Light-O-Rama
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpaceIM
Notifier
NVIDIA PhysX
OpenOffice.org 3.3
OTtBP
OTtBPSDK
PowerDVD DX
PrintMaster 2011 Platinum
PS_AIO_06_B209a-m_SW_Min
QuickTime
Realtek High Definition Audio Driver
RollerCoaster Tycoon 3 Platinum
Roxio Burn
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SFR
SHASTA
SKIN0001
SKINXSDK
Skype Click to Call
Skype™ 5.7
SmartWebPrinting
SolutionCenter
Status
swMSM
TiVo Desktop 2.8.2
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VPRINTOL
Weather
WebReg
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/2/2012 8:17:08 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
6/2/2012 2:50:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
6/1/2012 9:22:23 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
6/1/2012 9:22:21 AM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
6/1/2012 9:22:19 AM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.
5/30/2012 3:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048df060, 0xfffff80000ba2748, 0xfffffa80094af800). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-19484-01.
5/30/2012 10:53:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/30/2012 10:45:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048e2a10, 0xfffff800049bf518, 0xfffffa800af36c60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-21730-01.
5/28/2012 9:06:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048dca10, 0xfffff800049c6518, 0xfffffa8009dcfcf0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052812-18111-01.
.
==== End Of File ===========================

--------------------------------------------------------------------AND-----------------------------------------------------------------------
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jason at 15:15:49 on 2012-06-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1518 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Dell Support Center\imstrayicon.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\taskeng.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: FCToolbarURLSearchHook Class: {93da556a-4376-4f66-a896-216daf31719e} - C:\Program Files (x86)\CashCrate Toolbar\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CashCrate Toolbar BHO: {5e07ebd4-381e-4f32-8cb9-8280222d9009} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: CashCrate Toolbar: {64d7ecdd-7e88-4292-889b-046055145cd6} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sdApp.exe] C:\Program Files (x86)\ShoppingDaisy\sdApp.exe
uRun: [Facebook Update] "C:\Users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DWWISVCS] rundll32 "compntui64.dll",CreateProcessNotify
uRun: [hesbr] rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath
uRun: [tracCERT] rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKS~1.LNK - C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113} : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\34963736F68393734383 : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\C696E6B6379737 : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{F40578BB-8BCB-4CA6-88E8-CF2738CFCE17} : DhcpNameServer = 13.35.0.1 13.35.0.2
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CashCrate Toolbar BHO: {5E07EBD4-381E-4F32-8CB9-8280222D9009} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: CashCrate Toolbar: {64D7ECDD-7E88-4292-889B-046055145CD6} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29:10];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-3-3 146928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-3 98208]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-3 705856]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2533400]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-27 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-02 12:18:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll
2012-06-01 13:23:53 -------- d-----w- C:\Users\Jason\AppData\Local\{05AA42C4-EED9-4038-85AF-B01E7D319FEF}
2012-06-01 13:23:41 -------- d-----w- C:\Users\Jason\AppData\Local\{2030A231-25C3-4E9F-88E6-C802299DE5E6}
2012-06-01 12:52:54 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll
2012-05-31 17:47:43 -------- d-----w- C:\Users\Jason\AppData\Local\{82848B80-141D-408B-814C-1C6F67E015A8}
2012-05-31 17:47:33 -------- d-----w- C:\Users\Jason\AppData\Local\{9F7F8AA6-AF28-4003-A824-74357828423F}
2012-05-31 01:49:02 -------- d-----w- C:\Users\Jason\AppData\Local\{27FC6D67-D067-40BF-83F7-ACBC5EE1DC00}
2012-05-31 01:48:50 -------- d-----w- C:\Users\Jason\AppData\Local\{089414D0-E2D6-446A-84BE-3FB4B689434E}
2012-05-30 19:38:11 -------- d-----w- C:\Users\Jason\AppData\Local\{9C6FE128-FA95-4CFC-A560-FCE5A9B7F6E3}
2012-05-30 19:38:01 -------- d-----w- C:\Users\Jason\AppData\Local\{C9CDBC57-35EC-4DBA-854C-5349B99A6A08}
2012-05-30 14:54:00 -------- d-----w- C:\Users\Jason\AppData\Local\{E3121394-7AF7-4140-85D5-CE26B9C5E394}
2012-05-30 14:53:50 -------- d-----w- C:\Users\Jason\AppData\Local\{894C241B-7184-4559-9711-95B3CB25E6A5}
2012-05-28 13:17:00 -------- d-----w- C:\Users\Jason\AppData\Local\visi_coupon
2012-05-28 13:10:56 -------- d-----w- C:\Users\Jason\AppData\Local\{B5CCDA7A-14B2-47E8-BC07-6A5AFAF0CC48}
2012-05-27 22:05:05 -------- d-----w- C:\Users\Jason\AppData\Local\{CF3F4022-DD88-4888-8BF6-BAA448F00D6C}
2012-05-27 21:59:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 21:59:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-27 20:31:29 -------- d-----w- C:\Users\Jason\AppData\Roaming\Imomku
2012-05-27 20:31:29 -------- d-----w- C:\Users\Jason\AppData\Roaming\Epvic
2012-05-27 20:26:14 -------- d-----w- C:\Users\Jason\AppData\Local\ICM
2012-05-27 13:18:53 -------- d-----w- C:\Users\Jason\AppData\Local\{84EF1222-9988-4B5F-88E1-3987A1238DCE}
2012-05-27 13:18:42 -------- d-----w- C:\Users\Jason\AppData\Local\{9F4C1BDE-FDF8-453E-9387-953D11AC50EF}
2012-05-25 20:40:44 -------- d-----w- C:\Users\Jason\AppData\Local\{9FEA8D35-8B76-4B19-8853-E6F9BF9AA037}
2012-05-25 20:40:34 -------- d-----w- C:\Users\Jason\AppData\Local\{700A1318-A596-43C8-B81E-79D6892BCDFA}
2012-05-23 21:44:16 -------- d-----w- C:\Users\Jason\AppData\Roaming\ooVoo Details
2012-05-20 00:47:19 -------- d-----w- C:\Users\Jason\AppData\Local\{49477DDF-1F82-414E-9DD3-CA7D753A7315}
2012-05-20 00:47:08 -------- d-----w- C:\Users\Jason\AppData\Local\{DED6FDA3-011C-4D59-BB35-F6306338B69B}
2012-05-15 01:17:23 96256 ----a-w- C:\ProgramData\compntui64.dll
2012-05-15 01:17:23 84992 ----a-w- C:\ProgramData\compntui.dll
2012-05-14 07:21:21 -------- d-----w- C:\Users\Jason\AppData\Local\{F0ED5A5A-3D56-4111-988B-08BC46536171}
2012-05-14 07:21:10 -------- d-----w- C:\Users\Jason\AppData\Local\{192801B4-13A0-4E0C-9A8E-89D96BD9D95A}
2012-05-13 18:47:39 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-13 18:47:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-13 18:47:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 18:47:36 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-13 18:47:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-13 18:47:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-13 07:34:56 -------- d-----w- C:\Users\Jason\AppData\Local\{AC9CF85B-89D3-4C09-99E9-8D646A6BD71A}
2012-05-13 07:34:46 -------- d-----w- C:\Users\Jason\AppData\Local\{54764B35-CA91-4085-84C8-3ACADD97D412}
2012-05-12 20:55:55 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 20:55:37 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 20:55:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 20:55:37 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 20:55:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 20:49:25 -------- d-----w- C:\Users\Jason\AppData\Local\{4A324FF3-E498-4E3E-8724-F0BA2B20BC97}
2012-05-12 20:49:13 -------- d-----w- C:\Users\Jason\AppData\Local\{229C20B4-297D-4437-A440-0F6A48B90019}
2012-05-12 18:48:01 -------- d-----w- C:\Users\Jason\AppData\Local\{4BB279B6-EB2B-41EF-8EAE-DE24FD2C64B6}
2012-05-12 18:47:43 -------- d-----w- C:\Users\Jason\AppData\Local\{7CE29CA2-9981-4E59-BB62-6916227A081A}
2012-05-11 13:42:36 -------- d-----w- C:\Users\Jason\AppData\Local\{1277A579-6F99-45B8-A5E9-E16BE8D7A66C}
2012-05-11 13:42:25 -------- d-----w- C:\Users\Jason\AppData\Local\{82AE0526-3EBF-4A81-94A9-E0DBCD36D0F0}
2012-05-11 13:04:24 -------- d-----w- C:\Users\Jason\AppData\Local\{8149658C-5944-4B54-980D-3A71DBDE2887}
2012-05-11 13:04:13 -------- d-----w- C:\Users\Jason\AppData\Local\{673FF047-1FE1-49A0-830B-7D719D0C3082}
2012-05-10 19:39:12 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 19:39:08 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 17:14:01 -------- d-----w- C:\Users\Jason\AppData\Local\{19298873-3756-4B7B-B150-DB9D9BC02AB6}
2012-05-09 17:13:51 -------- d-----w- C:\Users\Jason\AppData\Local\{5EBFAFF7-1841-4847-9AA7-F74A03135D2B}
2012-05-07 18:41:22 -------- d-----w- C:\Users\Jason\AppData\Local\Facebook
2012-05-06 01:31:03 -------- d-----w- C:\Users\Jason\AppData\Local\{28BBC22A-4670-4A48-A0D6-E1894CDDCA1B}
2012-05-06 01:30:52 -------- d-----w- C:\Users\Jason\AppData\Local\{5BEB04E9-D4A7-4309-93F5-5C106A9C5DC0}
2012-05-04 22:09:07 -------- d-----w- C:\Users\Jason\AppData\Local\{8E3B95D1-5003-41F5-9FC1-EBB6942F5BCC}
2012-05-04 22:08:57 -------- d-----w- C:\Users\Jason\AppData\Local\{C288D7C2-57D9-4B95-98F5-7A32AC1D4226}
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 15:16:48.91 ===============

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 02 June 2012 - 02:48 PM

I highly suggest you uninstall these two toolbars:

Ask Toolbar
CashCrate Toolbar


You have out date Java on the system, older versions are vulnerable to malware.

Also uninstall these:
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29


Then download and install the latest version Java™ 7 Update 4.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

----------------------

Can you run RogueKiller as I asked and post back the log:

http://forums.malwar...ndpost&p=556486

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 02 June 2012 - 06:35 PM

I highly suggest you uninstall these two toolbars:

Ask Toolbar
CashCrate Toolbar


You have out date Java on the system, older versions are vulnerable to malware.

Also uninstall these:
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29


Then download and install the latest version Java™ 7 Update 4.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java
I HAVE DELETED ALL THE ABOVE AND GOT THIS MESSAGE FROM THE JAVA VERIFY PAGE:
Verified Java Version Congratulations!
You have the recommended Java installed (Version 7 Update 4). -- I will run ROGUE KILLER tonight before bed and post information in the morning. Also I have deleted QUICKTIME PLAYER prior to this thread. WOULD IT BE OK TO RELOAD QUICKTIME? Thanks for the help so far.
----------------------

Can you run RogueKiller as I asked and post back the log:

http://forums.malwar...ndpost&p=556486

MrC



#6 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 02 June 2012 - 08:13 PM

Since I downloaded the new java now my FaceBook runs extremely slow and i get an error and page goes blank grey saying that facebook is not responding due to a long running script. Is this facebook itself or my computer screwed up? it only does this on facebook so far that i noticed. but java runs fine now, the first time i got this on my desktop using the new java...
A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x770e8dc9, pid=1312, tid=7452
#
# JRE version: 6.0_29-b11
# Java VM: Java HotSpot™ Client VM (20.4-b02 mixed mode, sharing windows-x86 )
# Problematic frame:
# C [ntdll.dll+0x38dc9]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/...eport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x050d9000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=7452, stack(0x04660000,0x04760000)]
siginfo: ExceptionCode=0xc0000005, writing address 0x00000014
Registers:
EAX=0x00000000, EBX=0xfffffff8, ECX=0xfffffffc, EDX=0x00000004
ESP=0x0475fa14, EBP=0x0475fa64, ESI=0x050e17b8, EDI=0x050e17bc
EIP=0x770e8dc9, EFLAGS=0x00010213
Top of Stack: (sp=0x0475fa14)
0x0475fa14: 050e17b8 050e17bc 00000001 0000982c
0x0475fa24: 002e002c 6d0c76d4 00a35708 00000000
0x0475fa34: 0475fa24 0475fa0c 00000000 6d102d8c
0x0475fa44: 6d102d8c 6d102d70 6d102d8c 00000000
0x0475fa54: 00000000 00000000 7efd7000 00000560
0x0475fa64: 0475fa8c 770e8cd8 00000000 00000000
0x0475fa74: 00000001 050e17b8 050e1688 00000004
0x0475fa84: 00000000 00000001 0475facc 6d09d6eb
Instructions: (pc=0x770e8dc9)
0x770e8da9: c2 8b d8 8b c1 f0 0f b1 1f 3b c1 0f 85 58 fe ff
0x770e8db9: ff 33 c0 89 45 0c 89 45 08 8b 06 83 f8 ff 74 03
0x770e8dc9: ff 40 14 8b 5d f4 8b 7d f0 80 3d 82 03 fe 7f 00
0x770e8dd9: 0f 85 da 99 04 00 8b 45 fc 57 6a 00 83 f8 ff 0f

Register to memory mapping:
EAX=0x00000000 is an unknown value
EBX=0xfffffff8 is an unknown value
ECX=0xfffffffc is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x0475fa14 is pointing into the stack for thread: 0x050d9000
EBP=0x0475fa64 is pointing into the stack for thread: 0x050d9000
ESI=0x050e17b8 is an unknown value
EDI=0x050e17bc is an unknown value

Stack: [0x04660000,0x04760000], sp=0x0475fa14, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [ntdll.dll+0x38dc9] RtlIntegerToUnicodeString+0x2fc
C [ntdll.dll+0x38cd8] RtlIntegerToUnicodeString+0x20b
C [awt.dll+0x9d6eb] Java_sun_awt_windows_WToolkit_init+0x1ab
C [USER32.dll+0x162fa] gapfnScSendMessage+0x332
C [USER32.dll+0x16d3a] GetThreadDesktop+0xd7
C [USER32.dll+0x177c4] CharPrevW+0x138
C [USER32.dll+0x1788a] DispatchMessageW+0xf
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WToolkit.eventLoop()V+0
j sun.awt.windows.WToolkit.run()V+52
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x0510cc00 JavaThread "Timer-2" [_thread_blocked, id=5440, stack(0x05540000,0x05590000)]
0x0510f800 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=6108, stack(0x06f60000,0x06fb0000)]
0x0510f000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=6848, stack(0x057f0000,0x05840000)]
0x0510d800 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=2820, stack(0x05760000,0x057b0000)]
0x0510c400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2684, stack(0x06d60000,0x06db0000)]
0x0510b800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=3604, stack(0x059a0000,0x059f0000)]
0x0510b400 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=6240, stack(0x05910000,0x05960000)]
0x050e6000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=3020, stack(0x05880000,0x058d0000)]
0x01eb6800 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=2224, stack(0x052d0000,0x05320000)]
=>0x050d9000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=7452, stack(0x04660000,0x04760000)]
0x050d8400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2616, stack(0x054b0000,0x05500000)]
0x050cf000 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=4280, stack(0x05360000,0x053b0000)]
0x01ea7c00 JavaThread "Timer-0" [_thread_blocked, id=8112, stack(0x05000000,0x05050000)]
0x01e7d400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=7536, stack(0x04e60000,0x04eb0000)]
0x01e5b000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1328, stack(0x04c40000,0x04c90000)]
0x01e48c00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=6208, stack(0x04bb0000,0x04c00000)]
0x01e47c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=7812, stack(0x04b20000,0x04b70000)]
0x01e44800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7752, stack(0x04a90000,0x04ae0000)]
0x01e3c400 JavaThread "Finalizer" daemon [_thread_blocked, id=6676, stack(0x04a00000,0x04a50000)]
0x01e3b000 JavaThread "Reference Handler" daemon [_thread_blocked, id=6324, stack(0x04970000,0x049c0000)]
0x01f8ac00 JavaThread "main" [_thread_in_native, id=1116, stack(0x00390000,0x003e0000)]
Other Threads:
0x01dfe400 VMThread [stack: 0x04880000,0x048d0000] [id=3836]
0x01e64c00 WatcherThread [stack: 0x04cd0000,0x04d20000] [id=3720]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 5120K, used 3040K [0x24520000, 0x24aa0000, 0x29a70000)
eden space 4608K, 64% used [0x24520000, 0x24808ec0, 0x249a0000)
from space 512K, 11% used [0x24a20000, 0x24a2f400, 0x24aa0000)
to space 512K, 0% used [0x249a0000, 0x249a0000, 0x24a20000)
tenured generation total 11044K, used 7731K [0x29a70000, 0x2a539000, 0x34520000)
the space 11044K, 70% used [0x29a70000, 0x2a1fce80, 0x2a1fd000, 0x2a539000)
compacting perm gen total 12288K, used 4875K [0x34520000, 0x35120000, 0x38520000)
the space 12288K, 39% used [0x34520000, 0x349e2e40, 0x349e3000, 0x35120000)
ro space 10240K, 51% used [0x38520000, 0x38a4d0b8, 0x38a4d200, 0x38f20000)
rw space 12288K, 54% used [0x38f20000, 0x395b9570, 0x395b9600, 0x39b20000)
Code Cache [0x025c0000, 0x028c0000, 0x045c0000)
total_blobs=1804 nmethods=1573 adapters=165 free_code_cache=30409984 largest_free_block=256
Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\java.exe
0x770b0000 - 0x77230000 C:\Windows\SysWOW64\ntdll.dll
0x752d0000 - 0x753e0000 C:\Windows\syswow64\kernel32.dll
0x763d0000 - 0x76416000 C:\Windows\syswow64\KERNELBASE.dll
0x753e0000 - 0x75480000 C:\Windows\syswow64\ADVAPI32.dll
0x74d80000 - 0x74e2c000 C:\Windows\syswow64\msvcrt.dll
0x75190000 - 0x751a9000 C:\Windows\SysWOW64\sechost.dll
0x76420000 - 0x76510000 C:\Windows\syswow64\RPCRT4.dll
0x74790000 - 0x747f0000 C:\Windows\syswow64\SspiCli.dll
0x74780000 - 0x7478c000 C:\Windows\syswow64\CRYPTBASE.dll
0x72c90000 - 0x72cdc000 C:\Windows\system32\apphelp.dll
0x74020000 - 0x740ad000 C:\Windows\AppPatch\AcLayers.DLL
0x74b20000 - 0x74c20000 C:\Windows\syswow64\USER32.dll
0x74880000 - 0x74910000 C:\Windows\syswow64\GDI32.dll
0x74910000 - 0x7491a000 C:\Windows\syswow64\LPK.dll
0x75540000 - 0x755dd000 C:\Windows\syswow64\USP10.dll
0x75780000 - 0x763ca000 C:\Windows\syswow64\SHELL32.dll
0x74920000 - 0x74977000 C:\Windows\syswow64\SHLWAPI.dll
0x74c20000 - 0x74d7c000 C:\Windows\syswow64\ole32.dll
0x75480000 - 0x7550f000 C:\Windows\syswow64\OLEAUT32.dll
0x74290000 - 0x742a7000 C:\Windows\system32\USERENV.dll
0x74580000 - 0x7458b000 C:\Windows\system32\profapi.dll
0x74430000 - 0x74481000 C:\Windows\system32\WINSPOOL.DRV
0x728e0000 - 0x728f2000 C:\Windows\system32\MPR.dll
0x74980000 - 0x749e0000 C:\Windows\system32\IMM32.DLL
0x76690000 - 0x7675c000 C:\Windows\syswow64\MSCTF.dll
0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll
0x72b80000 - 0x72bb2000 C:\Windows\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\Program Files (x86)\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files (x86)\Java\jre6\bin\java.dll
0x6d000000 - 0x6d14c000 C:\Program Files (x86)\Java\jre6\bin\awt.dll
0x72970000 - 0x72b0e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
0x6d7e0000 - 0x6d7ef000 C:\Program Files (x86)\Java\jre6\bin\zip.dll
0x72bc0000 - 0x72c40000 C:\Windows\system32\uxtheme.dll
0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll
0x749e0000 - 0x74afd000 C:\Windows\syswow64\CRYPT32.dll
0x77080000 - 0x7708c000 C:\Windows\syswow64\MSASN1.dll
0x75630000 - 0x7574b000 C:\Windows\syswow64\WININET.dll
0x74b00000 - 0x74b03000 C:\Windows\syswow64\Normaliz.dll
0x74e30000 - 0x74fe8000 C:\Windows\syswow64\iertutil.dll
0x76570000 - 0x76681000 C:\Windows\syswow64\urlmon.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll
0x74490000 - 0x74499000 C:\Windows\system32\VERSION.dll
0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll
0x75270000 - 0x752a5000 C:\Windows\syswow64\WS2_32.dll
0x74b10000 - 0x74b16000 C:\Windows\syswow64\NSI.dll
0x74540000 - 0x7457c000 C:\Windows\system32\mswsock.dll
0x74520000 - 0x74526000 C:\Windows\System32\wship6.dll
0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll
0x72b10000 - 0x72b23000 C:\Windows\system32\DWMAPI.DLL
0x6d230000 - 0x6d27f000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll
0x74240000 - 0x74248000 C:\Windows\system32\Secur32.dll
0x744d0000 - 0x74514000 C:\Windows\system32\dnsapi.DLL
0x74690000 - 0x746ac000 C:\Windows\system32\iphlpapi.DLL
0x74680000 - 0x74687000 C:\Windows\system32\WINNSI.DLL
0x74530000 - 0x74535000 C:\Windows\System32\wshtcpip.dll
0x6a0c0000 - 0x6a0e5000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
0x6a090000 - 0x6a0b7000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x74870000 - 0x74875000 C:\Windows\syswow64\PSAPI.DLL
0x6c2d0000 - 0x6c2d6000 C:\Windows\system32\rasadhlp.dll
0x6a050000 - 0x6a088000 C:\Windows\System32\fwpuclnt.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files (x86)\Java\jre6\bin\dcpr.dll
0x745d0000 - 0x745e6000 C:\Windows\system32\CRYPTSP.dll
0x74590000 - 0x745cb000 C:\Windows\system32\rsaenh.dll
0x72eb0000 - 0x72ec0000 C:\Windows\system32\NLAapi.dll
0x73470000 - 0x73480000 C:\Windows\system32\napinsp.dll
0x73450000 - 0x73462000 C:\Windows\system32\pnrpnsp.dll
0x73430000 - 0x7343d000 C:\Windows\system32\wshbth.dll
0x73420000 - 0x73428000 C:\Windows\System32\winrnr.dll
0x744b0000 - 0x744c2000 C:\Windows\system32\dhcpcsvc.DLL
0x744a0000 - 0x744ad000 C:\Windows\system32\dhcpcsvc6.DLL
0x69ec0000 - 0x69f36000 C:\Windows\system32\RICHED20.DLL
VM Arguments:
jvm_args: -D__jvm_launched=34375592340 -Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Dsun.plugin2.jvm.args=-D__jvm_launched=34375592340 "-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- --
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid6532_pipe3,read_pipe_name=jpi2_pid6532_pipe2
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\
USERNAME=Jason
OS=Windows_NT
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel

--------------- S Y S T E M ---------------
OS: Windows 7 , 64 bit Build 7601 Service Pack 1
CPU:total 4 (2 cores per cpu, 2 threads per core) family 6 model 37 stepping 5, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, ht
Memory: 4k page, physical 3985944k(1395976k free), swap 7970036k(4686464k free)
vm_info: Java HotSpot™ Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003)
time: Fri Jun 01 19:49:12 2012
elapsed time: 3370 seconds

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 June 2012 - 07:39 AM

How is it now and can you post the report from RogueKiller? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 03 June 2012 - 08:16 AM

How is it now and can you post the report from RogueKiller? MrC


Here is the report: I think this is all of it? I clicked "report" i still have this open on my comp but not running.
RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Jason [Admin rights]
Mode: Scan -- Date: 06/03/2012 00:36:54
¤¤¤ Bad processes: 6 ¤¤¤
[SUSP PATH] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc]
[SUSP PATH] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc]
[SUSP PATH] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 18 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND
[SUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND
[SUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : hesbr (rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath) -> FOUND
[SUSP PATH] HKCU\[...]\Run : tracCERT (rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : hesbr (rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : tracCERT (rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 979705b77092b10a27a5231dd6d6d32e
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 595377 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 June 2012 - 08:27 AM

Close out RogueKiller for now.

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 03 June 2012 - 10:44 AM

MC Charlie here is the latest information. Also as a side note, it found 6 malicious threats and the HP Digital Imaging is a Printer/Scanner/Copier hooked up through a wireless connection to my laptop with the problem we are diagnosing. In case that helps you at all with the below.

11:21:06.0620 8084 vwififlt - ok
11:21:06.0647 8084 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:21:06.0682 8084 vwifimp - ok
11:21:06.0744 8084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:21:06.0830 8084 W32Time - ok
11:21:06.0853 8084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:21:06.0878 8084 WacomPen - ok
11:21:06.0927 8084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:06.0989 8084 WANARP - ok
11:21:07.0017 8084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:07.0054 8084 Wanarpv6 - ok
11:21:07.0198 8084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:21:07.0282 8084 WatAdminSvc - ok
11:21:07.0400 8084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:21:07.0492 8084 wbengine - ok
11:21:07.0617 8084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:21:07.0662 8084 WbioSrvc - ok
11:21:07.0709 8084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:21:07.0779 8084 wcncsvc - ok
11:21:07.0808 8084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:21:07.0858 8084 WcsPlugInService - ok
11:21:07.0901 8084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:21:07.0925 8084 Wd - ok
11:21:07.0982 8084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:21:08.0046 8084 Wdf01000 - ok
11:21:08.0081 8084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:08.0162 8084 WdiServiceHost - ok
11:21:08.0165 8084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:08.0184 8084 WdiSystemHost - ok
11:21:08.0223 8084 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
11:21:08.0233 8084 wdkmd - ok
11:21:08.0267 8084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:21:08.0301 8084 WebClient - ok
11:21:08.0332 8084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:21:08.0387 8084 Wecsvc - ok
11:21:08.0423 8084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:21:08.0465 8084 wercplsupport - ok
11:21:08.0488 8084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:21:08.0530 8084 WerSvc - ok
11:21:08.0553 8084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:21:08.0591 8084 WfpLwf - ok
11:21:08.0634 8084 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:21:08.0660 8084 WimFltr - ok
11:21:08.0677 8084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:21:08.0689 8084 WIMMount - ok
11:21:08.0716 8084 WinDefend - ok
11:21:08.0731 8084 WinHttpAutoProxySvc - ok
11:21:08.0787 8084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:21:08.0831 8084 Winmgmt - ok
11:21:08.0952 8084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:21:09.0077 8084 WinRM - ok
11:21:09.0213 8084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:21:09.0237 8084 WinUsb - ok
11:21:09.0315 8084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:21:09.0380 8084 Wlansvc - ok
11:21:09.0451 8084 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:21:09.0470 8084 wlcrasvc - ok
11:21:09.0702 8084 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:21:09.0793 8084 wlidsvc - ok
11:21:09.0920 8084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:21:09.0937 8084 WmiAcpi - ok
11:21:09.0995 8084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:21:10.0013 8084 wmiApSrv - ok
11:21:10.0058 8084 WMPNetworkSvc - ok
11:21:10.0088 8084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:21:10.0108 8084 WPCSvc - ok
11:21:10.0143 8084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:21:10.0160 8084 WPDBusEnum - ok
11:21:10.0180 8084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:21:10.0229 8084 ws2ifsl - ok
11:21:10.0246 8084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:21:10.0275 8084 wscsvc - ok
11:21:10.0279 8084 WSearch - ok
11:21:10.0460 8084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:21:10.0598 8084 wuauserv - ok
11:21:10.0723 8084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:21:10.0779 8084 WudfPf - ok
11:21:10.0833 8084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:10.0900 8084 WUDFRd - ok
11:21:10.0948 8084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:21:10.0998 8084 wudfsvc - ok
11:21:11.0054 8084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:21:11.0121 8084 WwanSvc - ok
11:21:11.0240 8084 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:21:11.0269 8084 YahooAUService - ok
11:21:11.0309 8084 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
11:21:11.0320 8084 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
11:21:11.0355 8084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:21:12.0322 8084 \Device\Harddisk0\DR0 - ok
11:21:12.0329 8084 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0
11:21:12.0331 8084 \Device\Harddisk0\DR0\Partition0 - ok
11:21:12.0367 8084 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1
11:21:12.0371 8084 \Device\Harddisk0\DR0\Partition1 - ok
11:21:12.0372 8084 ============================================================
11:21:12.0372 8084 Scan finished
11:21:12.0372 8084 ============================================================
11:21:12.0393 3016 Detected object count: 6
11:21:12.0393 3016 Actual detected object count: 6
11:35:39.0712 3016 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:39.0712 3016 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:39.0712 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:39.0712 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:39.0713 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:39.0714 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:39.0715 3016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:39.0715 3016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:39.0717 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:39.0717 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:39.0718 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:39.0718 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 June 2012 - 10:48 AM

UnsignedFile.Multi.Generic


These are OK, just unsigned files...that's why we skip them.

Please do this......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 03 June 2012 - 01:04 PM

ok I downloaded the Combo Fix, got a small bluebox saying
----Administrator----
Please wait.
ComboFix is preparing to run.
Attempting to create a new restore point

Application Error
X Exception EAccess in module ERUNT.3EXE at 00003A62.
Access violation at address 00403A26 in module 'ERUNT.3EXE'. Read of address 0069005C.


"What should I do with this? it gives me an "OK"

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 03 June 2012 - 01:09 PM

Try it again, click OK if it gives you one, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 03 June 2012 - 07:48 PM

I ran the COMBO FIX but must have froze at the end... it said Preparing log for over an hour, also now NONE of my Flash Player works on any sites that require flash. :(

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 June 2012 - 06:13 AM

ComboFix creates a restore point just before it runs, so see if you can use it.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 04 June 2012 - 09:10 AM

ComboFix creates a restore point just before it runs, so see if you can use it.

Let me know, MrC

yeah i had to restart my computer... here is the COMBOFIX report

ComboFix 12-06-03.01 - Jason 06/04/2012 0:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2391 [GMT -4:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll
c:\users\Jason\AppData\Local\Temp\hesbr.dll
c:\users\Jason\AppData\Local\Temp\iscsKEYs64.dll
c:\users\Public\Desktop\weather.lnk
c:\windows\SysWow64\ccrpTmr6.dll
Y:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 04:51 . 2012-06-04 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Oracle
2012-06-02 23:25 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-02 23:25 . 2012-06-02 23:25 -------- d-----w- c:\program files (x86)\Java
2012-06-02 22:59 . 2012-06-02 22:59 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-02 12:18 . 2012-06-02 12:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll
2012-06-01 12:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll
2012-05-30 21:34 . 2012-05-30 21:34 -------- d-----w- c:\users\Jason\AppData\Roaming\Yahoo!
2012-05-28 13:17 . 2012-05-28 13:17 -------- d-----w- c:\users\Jason\AppData\Local\visi_coupon
2012-05-27 21:59 . 2012-05-27 21:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-27 21:59 . 2012-05-27 21:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-27 20:31 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Roaming\Imomku
2012-05-27 20:31 . 2012-05-27 20:41 -------- d-----w- c:\users\Jason\AppData\Roaming\Epvic
2012-05-27 20:26 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Local\ICM
2012-05-23 21:44 . 2012-05-23 21:47 -------- d-----w- c:\users\Jason\AppData\Roaming\ooVoo Details
2012-05-15 01:17 . 2012-05-26 01:31 96256 ----a-w- c:\programdata\compntui64.dll
2012-05-15 01:17 . 2012-05-26 01:31 84992 ----a-w- c:\programdata\compntui.dll
2012-05-13 18:47 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 18:47 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 18:47 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 18:47 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 18:47 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 18:47 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 20:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 20:55 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 20:55 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 20:55 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 20:55 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 19:39 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 19:39 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-07 18:41 . 2012-05-07 18:41 -------- d-----w- c:\users\Jason\AppData\Local\Facebook
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:59 . 2011-03-03 05:00 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-03-02 15:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-03_18.46.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-04 00:54 32950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-30 16:34 . 2012-06-04 00:54 11154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-988965696-3072713576-3310776537-1000_UserData.bin
- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-30 22:23 . 2012-06-04 00:13 311914 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-03 14:36 624864 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-04 00:15 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-03 14:36 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-04 00:15 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-04 00:50 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-01 13:19 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-30 00:21 . 2012-06-01 13:19 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-30 00:21 . 2012-06-04 00:50 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-12 07:18 . 2012-06-04 00:50 55974192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-988965696-3072713576-3310776537-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"sdApp.exe"="c:\program files (x86)\ShoppingDaisy\sdApp.exe" [BU]
"Facebook Update"="c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-07 137536]
"DWWISVCS"="compntui64.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-27 77824]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
KODAK Software Updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 22:35 146928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:59]
.
2012-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job
- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41]
.
2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job
- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00]
.
2012-05-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{64D7ECDD-7E88-4292-889B-046055145CD6}"=hex:51,66,7a,6c,4c,1d,38,12,b3,ef,c4,
60,ba,30,fc,07,f7,8d,47,20,50,4a,18,c2
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5E07EBD4-381E-4F32-8CB9-8280222D9009}"=hex:51,66,7a,6c,4c,1d,38,12,ba,e8,14,
5a,2c,76,5c,0a,f3,af,c1,c0,27,73,d4,1d
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,
b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a7,d1,5f,06,d4,3c,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 00:53:16
ComboFix-quarantined-files.txt 2012-06-04 04:53
.
Pre-Run: 560,353,710,080 bytes free
Post-Run: 560,161,476,608 bytes free
.
- - End Of File - - F70E9420DC80129344503706DAA1B653

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 June 2012 - 09:20 AM

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 04 June 2012 - 12:01 PM

out of the report above, this is the file that comes up after starting a computer up or restarting...
2012-05-15 01:17 . 2012-05-26 01:31 96256 ----a-w- c:\programdata\compntui64.dll
AND it gives me this error box:
There was a problem starting compntui64.dll
The specified module could not be found.


here is the report of MBAM (free version) Updated 6-4-12
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.04.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jason :: JASON-PC [administrator]
6/4/2012 12:53:22 PM
mbam-log-2012-06-04 (12-53-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216405
Time elapsed: 3 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 04 June 2012 - 12:38 PM

It's definitely there is your logs but I'm not sure what it is:

C:\ProgramData\compntui64.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWWISVCS"="compntui64.dll" [BU]

uRun: [DWWISVCS] rundll32 "compntui64.dll",CreateProcessNotify


--------------------------------------------

Please up load it to VirusTotal for a free scan, let me know the results, just copy back the url.

C:\ProgramData\compntui64.dll

http://www.virustotal.com/

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 fireman5214

fireman5214

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 107 posts
  • Gender:Male
  • Location:Nazareth, Pa
  • Interests:firefighting, NASCAR, model railroading, tropical fish, weather watching/forecasting, christmas decorating - computer controlled synchronized to music.

Posted 04 June 2012 - 01:35 PM

is this what u wanted? and you have to click additional notes?
https://www.virustot...sis/1338834711/





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users