fireman5214 Posted May 31, 2012 ID:556229 Share Posted May 31, 2012 I was told to come here and post, this is the original message:Hello all, I have recently gotten the following errors and I don't know how. I have done a malwarebytes scan and it found 1 i think 7 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9. The following error comes up when i boot my computer and I get 2 little boxes that state the following:compntui64.dllc:\users\MYNAME\appdata\local\temp\iscskeys.dllI have seen online that there are scan systems to fix these but I tried to download a fixcleaner.com and it wont download for me, also it clears my history and shuts down my comp with a blue screen and restarts it and I lose the saved usernames and passwords and now trying to use google.com every search I do i get this... Error ReffererIf i do a system restore would that help? Any good scans I could download for free and fix this myself once in a while my IE will say an error has occured and needs to reopen the tab.Thanks for any help. ****also i deleted QUICKTIME PLAYER because i thought that was the problem and it wasnt and i need it for a website,... is it ok to re-install quicktime?*** *******I DID A QUICK SCAN AND GOT THE FOLLOWING REPORT********URGENT! You must restart your system to remove all active threats properly. Click Yes to restart now. ( i have done this AFTER I finish this post) --also i changed my name on the files to NAME as I dont want my name all over the forum---Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.27.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421NAME :: NAME-PC [administrator]5/30/2012 9:26:41 PMmbam-log-2012-05-30 (21-26-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 214826Time elapsed: 4 minute(s), 48 second(s)Memory Processes Detected: 2C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> 2960 -> Delete on reboot.C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> 4524 -> Delete on reboot.Memory Modules Detected: 1C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 3HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ICMPrinter (Trojan.Agent.SZ) -> Data: "C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe" /u -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{341509DC-CA89-03E9-E5EE-63E3B109C582} (Trojan.Birele) -> Data: C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmsttugc (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll",CreateProcessNotify -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 9C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> Delete on reboot.C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> Delete on reboot.C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.C:\Users\NAME\AppData\Local\Temp\k8h0pp.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.C:\Users\NAME\AppData\Local\Temp\uoepougjrudefv.exe (Trojan.Agent.SZ) -> Quarantined and deleted successfully.C:\Users\NAME\AppData\Local\Temp\~!#755D.tmp (Trojan.Birele) -> Quarantined and deleted successfully.C:\Users\NAME\AppData\Local\Temp\~!#AB53.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Users\NAME\AppData\Local\Temp\~!#B352.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\Users\NAME\AppData\Local\Temp\~!#B641.tmp (Trojan.Agent.SZ) -> Quarantined and deleted successfully.(end)ok I am back after a restart and I still get this...error saying it has a problem starting up...compntui64.dllALSO it doesn not save any of my browser history,...this includes passwords with what i want to keep stored as well, like here I came back and it had no malwarebytes forum in the main URL bar and I had to sign in here as well. Link to post Share on other sites More sharing options...
MrCharlie Posted May 31, 2012 ID:556486 Share Posted May 31, 2012 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options, they're not all bad!)Post back the report.MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 2, 2012 Author ID:557027 Share Posted June 2, 2012 MRCharlie, here is what you requested... sorry we had some storms here yesterday and I am a part of the weather team as well for FB and was tied up and we lost some power as well so here is the delayed reply. Also what this does not show is I did an update to Adobe Flashplayer and installed OOVOO and have since uninstalled OOVOO because after i did these 2 things I noticed problems and uninstalled and re-installed adobe flashplayer. Post back the 2 logs.....DDS.txt and Attach.txtUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 3/29/2011 6:58:51 PMSystem Uptime: 6/1/2012 5:24:42 PM (22 hours ago).Motherboard: Dell Inc. | | 08VFX1Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | U2E1 | 911/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 581 GiB total, 519.41 GiB free.D: is CDROM ()Y: is FIXED (NTFS) - 15 GiB total, 6.771 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart Plus B209a-mDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart Plus B209a-mPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.==== System Restore Points ===================.RP232: 5/18/2012 7:23:59 AM - Windows UpdateRP233: 5/22/2012 11:13:34 AM - Windows UpdateRP234: 5/28/2012 9:15:22 AM - Removed ooVooRP235: 5/29/2012 12:10:42 PM - Windows UpdateRP237: 5/29/2012 12:16:44 PM - Windows Defender Checkpoint.==== Installed Programs ======================.Adobe Reader 9.1.2Adobe Shockwave Player 11.6Adobe SVG Viewer 3.0Advanced Audio FX EngineAsk ToolbarAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAudacity 1.3.13 (Unicode)B209a-mBufferChmCardRd81CashCrate ToolbarCCScoreCoziCR2D3DX10Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell DockDell Getting Started GuideDell Home Systems Service AgreementDell Product RegistrationDell Webcam CentralDestinationsDeviceDiscoveryEasyBits GOeBayEmergency 2012ESSBrwrESSCDBKESScoreESSCTESSguiESShelpESSiniESSPCDESSPDockESSSONICESSTOOLSESSTUTORESSvpahtESSvpotFacebook Video Calling 1.2.0.159Google Earth Plug-inGoogle Talk PluginGoogle Update HelperGoToAssist 8.0.0.514GPBaseService2HLPIndexHLPPDOCKHLPRFOHP UpdateHPDiagnosticAlertHPPhotoGadgethpPrintProjectsHPProductAssistantHPSSupplyhpWLPGInstallerIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsInternet ExplorerJava Auto UpdaterJava 6 Update 22Java 6 Update 29John Deere Drive GreenJunk Mail filter updateKodak EasyShare softwareKSULAME v3.98.3 for AudacityLight-O-RamaMalwarebytes Anti-Malware version 1.61.0.1400MarketResearchMesh RuntimeMessenger CompanionMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MySpaceIMNotifierNVIDIA PhysXOpenOffice.org 3.3OTtBPOTtBPSDKPowerDVD DXPrintMaster 2011 PlatinumPS_AIO_06_B209a-m_SW_MinQuickTimeRealtek High Definition Audio DriverRollerCoaster Tycoon 3 PlatinumRoxio BurnScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)SFRSHASTASKIN0001SKINXSDKSkype Click to CallSkype™ 5.7SmartWebPrintingSolutionCenterStatusswMSMTiVo Desktop 2.8.2ToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VPRINTOLWeatherWebRegWildTangent GamesWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWIRELESSYahoo! BrowserPlus 2.9.8Yahoo! MessengerYahoo! Software Update.==== Event Viewer Messages From Past Week ========.6/2/2012 8:17:08 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.6/2/2012 2:50:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll6/1/2012 9:22:23 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@010100046/1/2012 9:22:21 AM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).6/1/2012 9:22:19 AM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.5/30/2012 3:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048df060, 0xfffff80000ba2748, 0xfffffa80094af800). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-19484-01.5/30/2012 10:53:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.5/30/2012 10:45:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048e2a10, 0xfffff800049bf518, 0xfffffa800af36c60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-21730-01.5/28/2012 9:06:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048dca10, 0xfffff800049c6518, 0xfffffa8009dcfcf0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052812-18111-01..==== End Of File ===========================--------------------------------------------------------------------AND-----------------------------------------------------------------------DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Jason at 15:15:49 on 2012-06-02Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1518 [GMT -4:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exec:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files (x86)\TiVo\Desktop\TiVoServer.exeC:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exeC:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exeC:\Windows\System32\rundll32.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exec:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exec:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Dell\DellDock\DellDock.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\taskeng.exeC:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Dell Support Center\imstrayicon.exeC:\Program Files (x86)\Windows Live\Companion\companionuser.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Windows\system32\taskeng.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175uInternet Settings,ProxyOverride = *.localuURLSearchHooks: FCToolbarURLSearchHook Class: {93da556a-4376-4f66-a896-216daf31719e} - C:\Program Files (x86)\CashCrate Toolbar\Helper.dlluURLSearchHooks: H - No FilemURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: CashCrate Toolbar BHO: {5e07ebd4-381e-4f32-8cb9-8280222d9009} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: CashCrate Toolbar: {64d7ecdd-7e88-4292-889b-046055145cd6} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dlluRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServeruRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exeuRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotifyuRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exeuRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [sdApp.exe] C:\Program Files (x86)\ShoppingDaisy\sdApp.exeuRun: [Facebook Update] "C:\Users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [DWWISVCS] rundll32 "compntui64.dll",CreateProcessNotifyuRun: [hesbr] rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPathuRun: [tracCERT] rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotifymRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [<NO NAME>]mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exeStartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exeStartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKS~1.LNK - C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113} : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\34963736F68393734383 : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\C696E6B6379737 : DhcpNameServer = 208.59.247.45 208.59.247.46TCP: Interfaces\{F40578BB-8BCB-4CA6-88E8-CF2738CFCE17} : DhcpNameServer = 13.35.0.1 13.35.0.2Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: CashCrate Toolbar BHO: {5E07EBD4-381E-4F32-8CB9-8280222D9009} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dllBHO-X64: FCTBPos00Pos - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dllBHO-X64: DCA - No FileBHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO-X64: Ask Toolbar BHO - No FileBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB-X64: CashCrate Toolbar: {64D7ECDD-7E88-4292-889B-046055145CD6} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dllEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FileEB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No FilemRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exemRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottimemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun-x64: [(Default)]mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.============= SERVICES / DRIVERS ===============.R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29:10];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-3-3 146928]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-3 98208]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-3 705856]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2533400]R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-27 257696]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-06-02 12:18:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll2012-06-01 13:23:53 -------- d-----w- C:\Users\Jason\AppData\Local\{05AA42C4-EED9-4038-85AF-B01E7D319FEF}2012-06-01 13:23:41 -------- d-----w- C:\Users\Jason\AppData\Local\{2030A231-25C3-4E9F-88E6-C802299DE5E6}2012-06-01 12:52:54 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll2012-05-31 17:47:43 -------- d-----w- C:\Users\Jason\AppData\Local\{82848B80-141D-408B-814C-1C6F67E015A8}2012-05-31 17:47:33 -------- d-----w- C:\Users\Jason\AppData\Local\{9F7F8AA6-AF28-4003-A824-74357828423F}2012-05-31 01:49:02 -------- d-----w- C:\Users\Jason\AppData\Local\{27FC6D67-D067-40BF-83F7-ACBC5EE1DC00}2012-05-31 01:48:50 -------- d-----w- C:\Users\Jason\AppData\Local\{089414D0-E2D6-446A-84BE-3FB4B689434E}2012-05-30 19:38:11 -------- d-----w- C:\Users\Jason\AppData\Local\{9C6FE128-FA95-4CFC-A560-FCE5A9B7F6E3}2012-05-30 19:38:01 -------- d-----w- C:\Users\Jason\AppData\Local\{C9CDBC57-35EC-4DBA-854C-5349B99A6A08}2012-05-30 14:54:00 -------- d-----w- C:\Users\Jason\AppData\Local\{E3121394-7AF7-4140-85D5-CE26B9C5E394}2012-05-30 14:53:50 -------- d-----w- C:\Users\Jason\AppData\Local\{894C241B-7184-4559-9711-95B3CB25E6A5}2012-05-28 13:17:00 -------- d-----w- C:\Users\Jason\AppData\Local\visi_coupon2012-05-28 13:10:56 -------- d-----w- C:\Users\Jason\AppData\Local\{B5CCDA7A-14B2-47E8-BC07-6A5AFAF0CC48}2012-05-27 22:05:05 -------- d-----w- C:\Users\Jason\AppData\Local\{CF3F4022-DD88-4888-8BF6-BAA448F00D6C}2012-05-27 21:59:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-27 21:59:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-27 20:31:29 -------- d-----w- C:\Users\Jason\AppData\Roaming\Imomku2012-05-27 20:31:29 -------- d-----w- C:\Users\Jason\AppData\Roaming\Epvic2012-05-27 20:26:14 -------- d-----w- C:\Users\Jason\AppData\Local\ICM2012-05-27 13:18:53 -------- d-----w- C:\Users\Jason\AppData\Local\{84EF1222-9988-4B5F-88E1-3987A1238DCE}2012-05-27 13:18:42 -------- d-----w- C:\Users\Jason\AppData\Local\{9F4C1BDE-FDF8-453E-9387-953D11AC50EF}2012-05-25 20:40:44 -------- d-----w- C:\Users\Jason\AppData\Local\{9FEA8D35-8B76-4B19-8853-E6F9BF9AA037}2012-05-25 20:40:34 -------- d-----w- C:\Users\Jason\AppData\Local\{700A1318-A596-43C8-B81E-79D6892BCDFA}2012-05-23 21:44:16 -------- d-----w- C:\Users\Jason\AppData\Roaming\ooVoo Details2012-05-20 00:47:19 -------- d-----w- C:\Users\Jason\AppData\Local\{49477DDF-1F82-414E-9DD3-CA7D753A7315}2012-05-20 00:47:08 -------- d-----w- C:\Users\Jason\AppData\Local\{DED6FDA3-011C-4D59-BB35-F6306338B69B}2012-05-15 01:17:23 96256 ----a-w- C:\ProgramData\compntui64.dll2012-05-15 01:17:23 84992 ----a-w- C:\ProgramData\compntui.dll2012-05-14 07:21:21 -------- d-----w- C:\Users\Jason\AppData\Local\{F0ED5A5A-3D56-4111-988B-08BC46536171}2012-05-14 07:21:10 -------- d-----w- C:\Users\Jason\AppData\Local\{192801B4-13A0-4E0C-9A8E-89D96BD9D95A}2012-05-13 18:47:39 1544704 ----a-w- C:\Windows\System32\DWrite.dll2012-05-13 18:47:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll2012-05-13 18:47:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-13 18:47:36 3146240 ----a-w- C:\Windows\System32\win32k.sys2012-05-13 18:47:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-13 18:47:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-05-13 07:34:56 -------- d-----w- C:\Users\Jason\AppData\Local\{AC9CF85B-89D3-4C09-99E9-8D646A6BD71A}2012-05-13 07:34:46 -------- d-----w- C:\Users\Jason\AppData\Local\{54764B35-CA91-4085-84C8-3ACADD97D412}2012-05-12 20:55:55 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys2012-05-12 20:55:37 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2012-05-12 20:55:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2012-05-12 20:55:37 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2012-05-12 20:55:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2012-05-12 20:49:25 -------- d-----w- C:\Users\Jason\AppData\Local\{4A324FF3-E498-4E3E-8724-F0BA2B20BC97}2012-05-12 20:49:13 -------- d-----w- C:\Users\Jason\AppData\Local\{229C20B4-297D-4437-A440-0F6A48B90019}2012-05-12 18:48:01 -------- d-----w- C:\Users\Jason\AppData\Local\{4BB279B6-EB2B-41EF-8EAE-DE24FD2C64B6}2012-05-12 18:47:43 -------- d-----w- C:\Users\Jason\AppData\Local\{7CE29CA2-9981-4E59-BB62-6916227A081A}2012-05-11 13:42:36 -------- d-----w- C:\Users\Jason\AppData\Local\{1277A579-6F99-45B8-A5E9-E16BE8D7A66C}2012-05-11 13:42:25 -------- d-----w- C:\Users\Jason\AppData\Local\{82AE0526-3EBF-4A81-94A9-E0DBCD36D0F0}2012-05-11 13:04:24 -------- d-----w- C:\Users\Jason\AppData\Local\{8149658C-5944-4B54-980D-3A71DBDE2887}2012-05-11 13:04:13 -------- d-----w- C:\Users\Jason\AppData\Local\{673FF047-1FE1-49A0-830B-7D719D0C3082}2012-05-10 19:39:12 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys2012-05-10 19:39:08 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2012-05-09 17:14:01 -------- d-----w- C:\Users\Jason\AppData\Local\{19298873-3756-4B7B-B150-DB9D9BC02AB6}2012-05-09 17:13:51 -------- d-----w- C:\Users\Jason\AppData\Local\{5EBFAFF7-1841-4847-9AA7-F74A03135D2B}2012-05-07 18:41:22 -------- d-----w- C:\Users\Jason\AppData\Local\Facebook2012-05-06 01:31:03 -------- d-----w- C:\Users\Jason\AppData\Local\{28BBC22A-4670-4A48-A0D6-E1894CDDCA1B}2012-05-06 01:30:52 -------- d-----w- C:\Users\Jason\AppData\Local\{5BEB04E9-D4A7-4309-93F5-5C106A9C5DC0}2012-05-04 22:09:07 -------- d-----w- C:\Users\Jason\AppData\Local\{8E3B95D1-5003-41F5-9FC1-EBB6942F5BCC}2012-05-04 22:08:57 -------- d-----w- C:\Users\Jason\AppData\Local\{C288D7C2-57D9-4B95-98F5-7A32AC1D4226}.==================== Find3M ====================.2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys.============= FINISH: 15:16:48.91 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted June 2, 2012 ID:557035 Share Posted June 2, 2012 I highly suggest you uninstall these two toolbars:Ask ToolbarCashCrate ToolbarYou have out date Java on the system, older versions are vulnerable to malware.Also uninstall these:Java Auto UpdaterJava™ 6 Update 22Java™ 6 Update 29Then download and install the latest version Java™ 7 Update 4.http://www.java.com/...load/manual.jsp <---latest versionhttp://www.java.com/...d/installed.jsp <---verify your Java----------------------Can you run RogueKiller as I asked and post back the log:http://forums.malwar...ndpost&p=556486MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 2, 2012 Author ID:557065 Share Posted June 2, 2012 I highly suggest you uninstall these two toolbars:Ask ToolbarCashCrate ToolbarYou have out date Java on the system, older versions are vulnerable to malware.Also uninstall these:Java Auto UpdaterJava™ 6 Update 22Java™ 6 Update 29Then download and install the latest version Java™ 7 Update 4.http://www.java.com/...load/manual.jsp <---latest versionhttp://www.java.com/...d/installed.jsp <---verify your JavaI HAVE DELETED ALL THE ABOVE AND GOT THIS MESSAGE FROM THE JAVA VERIFY PAGE: Verified Java Version Congratulations!You have the recommended Java installed (Version 7 Update 4). -- I will run ROGUE KILLER tonight before bed and post information in the morning. Also I have deleted QUICKTIME PLAYER prior to this thread. WOULD IT BE OK TO RELOAD QUICKTIME? Thanks for the help so far.----------------------Can you run RogueKiller as I asked and post back the log:http://forums.malwar...ndpost&p=556486MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 3, 2012 Author ID:557074 Share Posted June 3, 2012 Since I downloaded the new java now my FaceBook runs extremely slow and i get an error and page goes blank grey saying that facebook is not responding due to a long running script. Is this facebook itself or my computer screwed up? it only does this on facebook so far that i noticed. but java runs fine now, the first time i got this on my desktop using the new java... A fatal error has been detected by the Java Runtime Environment:## EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x770e8dc9, pid=1312, tid=7452## JRE version: 6.0_29-b11# Java VM: Java HotSpot Client VM (20.4-b02 mixed mode, sharing windows-x86 )# Problematic frame:# C [ntdll.dll+0x38dc9]## If you would like to submit a bug report, please visit:# http://java.sun.com/webapps/bugreport/crash.jsp# The crash happened outside the Java Virtual Machine in native code.# See problematic frame for where to report the bug.#--------------- T H R E A D ---------------Current thread (0x050d9000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=7452, stack(0x04660000,0x04760000)]siginfo: ExceptionCode=0xc0000005, writing address 0x00000014Registers:EAX=0x00000000, EBX=0xfffffff8, ECX=0xfffffffc, EDX=0x00000004ESP=0x0475fa14, EBP=0x0475fa64, ESI=0x050e17b8, EDI=0x050e17bcEIP=0x770e8dc9, EFLAGS=0x00010213Top of Stack: (sp=0x0475fa14)0x0475fa14: 050e17b8 050e17bc 00000001 0000982c0x0475fa24: 002e002c 6d0c76d4 00a35708 000000000x0475fa34: 0475fa24 0475fa0c 00000000 6d102d8c0x0475fa44: 6d102d8c 6d102d70 6d102d8c 000000000x0475fa54: 00000000 00000000 7efd7000 000005600x0475fa64: 0475fa8c 770e8cd8 00000000 000000000x0475fa74: 00000001 050e17b8 050e1688 000000040x0475fa84: 00000000 00000001 0475facc 6d09d6ebInstructions: (pc=0x770e8dc9)0x770e8da9: c2 8b d8 8b c1 f0 0f b1 1f 3b c1 0f 85 58 fe ff0x770e8db9: ff 33 c0 89 45 0c 89 45 08 8b 06 83 f8 ff 74 030x770e8dc9: ff 40 14 8b 5d f4 8b 7d f0 80 3d 82 03 fe 7f 000x770e8dd9: 0f 85 da 99 04 00 8b 45 fc 57 6a 00 83 f8 ff 0fRegister to memory mapping:EAX=0x00000000 is an unknown valueEBX=0xfffffff8 is an unknown valueECX=0xfffffffc is an unknown valueEDX=0x00000004 is an unknown valueESP=0x0475fa14 is pointing into the stack for thread: 0x050d9000EBP=0x0475fa64 is pointing into the stack for thread: 0x050d9000ESI=0x050e17b8 is an unknown valueEDI=0x050e17bc is an unknown valueStack: [0x04660000,0x04760000], sp=0x0475fa14, free space=1022kNative frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)C [ntdll.dll+0x38dc9] RtlIntegerToUnicodeString+0x2fcC [ntdll.dll+0x38cd8] RtlIntegerToUnicodeString+0x20bC [awt.dll+0x9d6eb] Java_sun_awt_windows_WToolkit_init+0x1abC [uSER32.dll+0x162fa] gapfnScSendMessage+0x332C [uSER32.dll+0x16d3a] GetThreadDesktop+0xd7C [uSER32.dll+0x177c4] CharPrevW+0x138C [uSER32.dll+0x1788a] DispatchMessageW+0xfJava frames: (J=compiled Java code, j=interpreted, Vv=VM code)j sun.awt.windows.WToolkit.eventLoop()V+0j sun.awt.windows.WToolkit.run()V+52v ~StubRoutines::call_stub--------------- P R O C E S S ---------------Java Threads: ( => current thread ) 0x0510cc00 JavaThread "Timer-2" [_thread_blocked, id=5440, stack(0x05540000,0x05590000)] 0x0510f800 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=6108, stack(0x06f60000,0x06fb0000)] 0x0510f000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=6848, stack(0x057f0000,0x05840000)] 0x0510d800 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=2820, stack(0x05760000,0x057b0000)] 0x0510c400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2684, stack(0x06d60000,0x06db0000)] 0x0510b800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=3604, stack(0x059a0000,0x059f0000)] 0x0510b400 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=6240, stack(0x05910000,0x05960000)] 0x050e6000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=3020, stack(0x05880000,0x058d0000)] 0x01eb6800 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=2224, stack(0x052d0000,0x05320000)]=>0x050d9000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=7452, stack(0x04660000,0x04760000)] 0x050d8400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2616, stack(0x054b0000,0x05500000)] 0x050cf000 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=4280, stack(0x05360000,0x053b0000)] 0x01ea7c00 JavaThread "Timer-0" [_thread_blocked, id=8112, stack(0x05000000,0x05050000)] 0x01e7d400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=7536, stack(0x04e60000,0x04eb0000)] 0x01e5b000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1328, stack(0x04c40000,0x04c90000)] 0x01e48c00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=6208, stack(0x04bb0000,0x04c00000)] 0x01e47c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=7812, stack(0x04b20000,0x04b70000)] 0x01e44800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7752, stack(0x04a90000,0x04ae0000)] 0x01e3c400 JavaThread "Finalizer" daemon [_thread_blocked, id=6676, stack(0x04a00000,0x04a50000)] 0x01e3b000 JavaThread "Reference Handler" daemon [_thread_blocked, id=6324, stack(0x04970000,0x049c0000)] 0x01f8ac00 JavaThread "main" [_thread_in_native, id=1116, stack(0x00390000,0x003e0000)]Other Threads: 0x01dfe400 VMThread [stack: 0x04880000,0x048d0000] [id=3836] 0x01e64c00 WatcherThread [stack: 0x04cd0000,0x04d20000] [id=3720]VM state:not at safepoint (normal execution)VM Mutex/Monitor currently owned by a thread: NoneHeap def new generation total 5120K, used 3040K [0x24520000, 0x24aa0000, 0x29a70000) eden space 4608K, 64% used [0x24520000, 0x24808ec0, 0x249a0000) from space 512K, 11% used [0x24a20000, 0x24a2f400, 0x24aa0000) to space 512K, 0% used [0x249a0000, 0x249a0000, 0x24a20000) tenured generation total 11044K, used 7731K [0x29a70000, 0x2a539000, 0x34520000) the space 11044K, 70% used [0x29a70000, 0x2a1fce80, 0x2a1fd000, 0x2a539000) compacting perm gen total 12288K, used 4875K [0x34520000, 0x35120000, 0x38520000) the space 12288K, 39% used [0x34520000, 0x349e2e40, 0x349e3000, 0x35120000) ro space 10240K, 51% used [0x38520000, 0x38a4d0b8, 0x38a4d200, 0x38f20000) rw space 12288K, 54% used [0x38f20000, 0x395b9570, 0x395b9600, 0x39b20000)Code Cache [0x025c0000, 0x028c0000, 0x045c0000) total_blobs=1804 nmethods=1573 adapters=165 free_code_cache=30409984 largest_free_block=256Dynamic libraries:0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\java.exe0x770b0000 - 0x77230000 C:\Windows\SysWOW64\ntdll.dll0x752d0000 - 0x753e0000 C:\Windows\syswow64\kernel32.dll0x763d0000 - 0x76416000 C:\Windows\syswow64\KERNELBASE.dll0x753e0000 - 0x75480000 C:\Windows\syswow64\ADVAPI32.dll0x74d80000 - 0x74e2c000 C:\Windows\syswow64\msvcrt.dll0x75190000 - 0x751a9000 C:\Windows\SysWOW64\sechost.dll0x76420000 - 0x76510000 C:\Windows\syswow64\RPCRT4.dll0x74790000 - 0x747f0000 C:\Windows\syswow64\SspiCli.dll0x74780000 - 0x7478c000 C:\Windows\syswow64\CRYPTBASE.dll0x72c90000 - 0x72cdc000 C:\Windows\system32\apphelp.dll0x74020000 - 0x740ad000 C:\Windows\AppPatch\AcLayers.DLL0x74b20000 - 0x74c20000 C:\Windows\syswow64\USER32.dll0x74880000 - 0x74910000 C:\Windows\syswow64\GDI32.dll0x74910000 - 0x7491a000 C:\Windows\syswow64\LPK.dll0x75540000 - 0x755dd000 C:\Windows\syswow64\USP10.dll0x75780000 - 0x763ca000 C:\Windows\syswow64\SHELL32.dll0x74920000 - 0x74977000 C:\Windows\syswow64\SHLWAPI.dll0x74c20000 - 0x74d7c000 C:\Windows\syswow64\ole32.dll0x75480000 - 0x7550f000 C:\Windows\syswow64\OLEAUT32.dll0x74290000 - 0x742a7000 C:\Windows\system32\USERENV.dll0x74580000 - 0x7458b000 C:\Windows\system32\profapi.dll0x74430000 - 0x74481000 C:\Windows\system32\WINSPOOL.DRV0x728e0000 - 0x728f2000 C:\Windows\system32\MPR.dll0x74980000 - 0x749e0000 C:\Windows\system32\IMM32.DLL0x76690000 - 0x7675c000 C:\Windows\syswow64\MSCTF.dll0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll0x6d7f0000 - 0x6da9f000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll0x72b80000 - 0x72bb2000 C:\Windows\system32\WINMM.dll0x6d7a0000 - 0x6d7ac000 C:\Program Files (x86)\Java\jre6\bin\verify.dll0x6d320000 - 0x6d33f000 C:\Program Files (x86)\Java\jre6\bin\java.dll0x6d000000 - 0x6d14c000 C:\Program Files (x86)\Java\jre6\bin\awt.dll0x72970000 - 0x72b0e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll0x6d7e0000 - 0x6d7ef000 C:\Program Files (x86)\Java\jre6\bin\zip.dll0x72bc0000 - 0x72c40000 C:\Windows\system32\uxtheme.dll0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll0x749e0000 - 0x74afd000 C:\Windows\syswow64\CRYPT32.dll0x77080000 - 0x7708c000 C:\Windows\syswow64\MSASN1.dll0x75630000 - 0x7574b000 C:\Windows\syswow64\WININET.dll0x74b00000 - 0x74b03000 C:\Windows\syswow64\Normaliz.dll0x74e30000 - 0x74fe8000 C:\Windows\syswow64\iertutil.dll0x76570000 - 0x76681000 C:\Windows\syswow64\urlmon.dll0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll0x74490000 - 0x74499000 C:\Windows\system32\VERSION.dll0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll0x75270000 - 0x752a5000 C:\Windows\syswow64\WS2_32.dll0x74b10000 - 0x74b16000 C:\Windows\syswow64\NSI.dll0x74540000 - 0x7457c000 C:\Windows\system32\mswsock.dll0x74520000 - 0x74526000 C:\Windows\System32\wship6.dll0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll0x72b10000 - 0x72b23000 C:\Windows\system32\DWMAPI.DLL0x6d230000 - 0x6d27f000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll0x74240000 - 0x74248000 C:\Windows\system32\Secur32.dll0x744d0000 - 0x74514000 C:\Windows\system32\dnsapi.DLL0x74690000 - 0x746ac000 C:\Windows\system32\iphlpapi.DLL0x74680000 - 0x74687000 C:\Windows\system32\WINNSI.DLL0x74530000 - 0x74535000 C:\Windows\System32\wshtcpip.dll0x6a0c0000 - 0x6a0e5000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll0x6a090000 - 0x6a0b7000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL0x74870000 - 0x74875000 C:\Windows\syswow64\PSAPI.DLL0x6c2d0000 - 0x6c2d6000 C:\Windows\system32\rasadhlp.dll0x6a050000 - 0x6a088000 C:\Windows\System32\fwpuclnt.dll0x6d1a0000 - 0x6d1c3000 C:\Program Files (x86)\Java\jre6\bin\dcpr.dll0x745d0000 - 0x745e6000 C:\Windows\system32\CRYPTSP.dll0x74590000 - 0x745cb000 C:\Windows\system32\rsaenh.dll0x72eb0000 - 0x72ec0000 C:\Windows\system32\NLAapi.dll0x73470000 - 0x73480000 C:\Windows\system32\napinsp.dll0x73450000 - 0x73462000 C:\Windows\system32\pnrpnsp.dll0x73430000 - 0x7343d000 C:\Windows\system32\wshbth.dll0x73420000 - 0x73428000 C:\Windows\System32\winrnr.dll0x744b0000 - 0x744c2000 C:\Windows\system32\dhcpcsvc.DLL0x744a0000 - 0x744ad000 C:\Windows\system32\dhcpcsvc6.DLL0x69ec0000 - 0x69f36000 C:\Windows\system32\RICHED20.DLLVM Arguments:jvm_args: -D__jvm_launched=34375592340 -Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Dsun.plugin2.jvm.args=-D__jvm_launched=34375592340 "-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- --java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid6532_pipe3,read_pipe_name=jpi2_pid6532_pipe2Launcher Type: SUN_STANDARDEnvironment Variables:PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\USERNAME=JasonOS=Windows_NTPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel--------------- S Y S T E M ---------------OS: Windows 7 , 64 bit Build 7601 Service Pack 1CPU:total 4 (2 cores per cpu, 2 threads per core) family 6 model 37 stepping 5, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, htMemory: 4k page, physical 3985944k(1395976k free), swap 7970036k(4686464k free)vm_info: Java HotSpot Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003)time: Fri Jun 01 19:49:12 2012elapsed time: 3370 seconds Link to post Share on other sites More sharing options...
MrCharlie Posted June 3, 2012 ID:557146 Share Posted June 3, 2012 How is it now and can you post the report from RogueKiller? MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 3, 2012 Author ID:557149 Share Posted June 3, 2012 How is it now and can you post the report from RogueKiller? MrCHere is the report: I think this is all of it? I clicked "report" i still have this open on my comp but not running.RogueKiller V7.5.2 [05/30/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Jason [Admin rights]Mode: Scan -- Date: 06/03/2012 00:36:54¤¤¤ Bad processes: 6 ¤¤¤[sUSP PATH] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc][sUSP PATH] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc][sUSP PATH] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc][sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc][sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc][sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]¤¤¤ Registry Entries: 18 ¤¤¤[sUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND[sUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND[sUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND[sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND[bLACKLIST DLL] HKCU\[...]\Run : hesbr (rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath) -> FOUND[sUSP PATH] HKCU\[...]\Run : tracCERT (rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify) -> FOUND[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND[bLACKLIST DLL] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : hesbr (rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath) -> FOUND[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : tracCERT (rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9640320AS +++++--- User ---[MBR] 979705b77092b10a27a5231dd6d6d32e[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 595377 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 3, 2012 ID:557150 Share Posted June 3, 2012 Close out RogueKiller for now.Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 3, 2012 Author ID:557158 Share Posted June 3, 2012 MC Charlie here is the latest information. Also as a side note, it found 6 malicious threats and the HP Digital Imaging is a Printer/Scanner/Copier hooked up through a wireless connection to my laptop with the problem we are diagnosing. In case that helps you at all with the below.11:21:06.0620 8084 vwififlt - ok11:21:06.0647 8084 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys11:21:06.0682 8084 vwifimp - ok11:21:06.0744 8084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll11:21:06.0830 8084 W32Time - ok11:21:06.0853 8084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys11:21:06.0878 8084 WacomPen - ok11:21:06.0927 8084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:21:06.0989 8084 WANARP - ok11:21:07.0017 8084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:21:07.0054 8084 Wanarpv6 - ok11:21:07.0198 8084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe11:21:07.0282 8084 WatAdminSvc - ok11:21:07.0400 8084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe11:21:07.0492 8084 wbengine - ok11:21:07.0617 8084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll11:21:07.0662 8084 WbioSrvc - ok11:21:07.0709 8084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll11:21:07.0779 8084 wcncsvc - ok11:21:07.0808 8084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll11:21:07.0858 8084 WcsPlugInService - ok11:21:07.0901 8084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys11:21:07.0925 8084 Wd - ok11:21:07.0982 8084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys11:21:08.0046 8084 Wdf01000 - ok11:21:08.0081 8084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:21:08.0162 8084 WdiServiceHost - ok11:21:08.0165 8084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:21:08.0184 8084 WdiSystemHost - ok11:21:08.0223 8084 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys11:21:08.0233 8084 wdkmd - ok11:21:08.0267 8084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll11:21:08.0301 8084 WebClient - ok11:21:08.0332 8084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll11:21:08.0387 8084 Wecsvc - ok11:21:08.0423 8084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll11:21:08.0465 8084 wercplsupport - ok11:21:08.0488 8084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll11:21:08.0530 8084 WerSvc - ok11:21:08.0553 8084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys11:21:08.0591 8084 WfpLwf - ok11:21:08.0634 8084 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys11:21:08.0660 8084 WimFltr - ok11:21:08.0677 8084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys11:21:08.0689 8084 WIMMount - ok11:21:08.0716 8084 WinDefend - ok11:21:08.0731 8084 WinHttpAutoProxySvc - ok11:21:08.0787 8084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll11:21:08.0831 8084 Winmgmt - ok11:21:08.0952 8084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll11:21:09.0077 8084 WinRM - ok11:21:09.0213 8084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys11:21:09.0237 8084 WinUsb - ok11:21:09.0315 8084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll11:21:09.0380 8084 Wlansvc - ok11:21:09.0451 8084 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe11:21:09.0470 8084 wlcrasvc - ok11:21:09.0702 8084 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE11:21:09.0793 8084 wlidsvc - ok11:21:09.0920 8084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys11:21:09.0937 8084 WmiAcpi - ok11:21:09.0995 8084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe11:21:10.0013 8084 wmiApSrv - ok11:21:10.0058 8084 WMPNetworkSvc - ok11:21:10.0088 8084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll11:21:10.0108 8084 WPCSvc - ok11:21:10.0143 8084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll11:21:10.0160 8084 WPDBusEnum - ok11:21:10.0180 8084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys11:21:10.0229 8084 ws2ifsl - ok11:21:10.0246 8084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll11:21:10.0275 8084 wscsvc - ok11:21:10.0279 8084 WSearch - ok11:21:10.0460 8084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll11:21:10.0598 8084 wuauserv - ok11:21:10.0723 8084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys11:21:10.0779 8084 WudfPf - ok11:21:10.0833 8084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys11:21:10.0900 8084 WUDFRd - ok11:21:10.0948 8084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll11:21:10.0998 8084 wudfsvc - ok11:21:11.0054 8084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll11:21:11.0121 8084 WwanSvc - ok11:21:11.0240 8084 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe11:21:11.0269 8084 YahooAUService - ok11:21:11.0309 8084 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl11:21:11.0320 8084 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok11:21:11.0355 8084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR011:21:12.0322 8084 \Device\Harddisk0\DR0 - ok11:21:12.0329 8084 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition011:21:12.0331 8084 \Device\Harddisk0\DR0\Partition0 - ok11:21:12.0367 8084 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition111:21:12.0371 8084 \Device\Harddisk0\DR0\Partition1 - ok11:21:12.0372 8084 ============================================================11:21:12.0372 8084 Scan finished11:21:12.0372 8084 ============================================================11:21:12.0393 3016 Detected object count: 611:21:12.0393 3016 Actual detected object count: 611:35:39.0712 3016 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user11:35:39.0712 3016 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip11:35:39.0712 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user11:35:39.0712 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip11:35:39.0713 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user11:35:39.0714 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip11:35:39.0715 3016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user11:35:39.0715 3016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip11:35:39.0717 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user11:35:39.0717 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip11:35:39.0718 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user11:35:39.0718 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
MrCharlie Posted June 3, 2012 ID:557160 Share Posted June 3, 2012 UnsignedFile.Multi.GenericThese are OK, just unsigned files...that's why we skip them.Please do this......Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 3, 2012 Author ID:557190 Share Posted June 3, 2012 ok I downloaded the Combo Fix, got a small bluebox saying----Administrator----Please wait.ComboFix is preparing to run.Attempting to create a new restore pointApplication ErrorX Exception EAccess in module ERUNT.3EXE at 00003A62.Access violation at address 00403A26 in module 'ERUNT.3EXE'. Read of address 0069005C."What should I do with this? it gives me an "OK" Link to post Share on other sites More sharing options...
MrCharlie Posted June 3, 2012 ID:557191 Share Posted June 3, 2012 Try it again, click OK if it gives you one, MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 4, 2012 Author ID:557248 Share Posted June 4, 2012 I ran the COMBO FIX but must have froze at the end... it said Preparing log for over an hour, also now NONE of my Flash Player works on any sites that require flash. Link to post Share on other sites More sharing options...
MrCharlie Posted June 4, 2012 ID:557334 Share Posted June 4, 2012 ComboFix creates a restore point just before it runs, so see if you can use it.Let me know, MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 4, 2012 Author ID:557382 Share Posted June 4, 2012 ComboFix creates a restore point just before it runs, so see if you can use it.Let me know, MrC yeah i had to restart my computer... here is the COMBOFIX reportComboFix 12-06-03.01 - Jason 06/04/2012 0:44.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2391 [GMT -4:00]Running from: c:\users\Jason\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dllc:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dllc:\users\Jason\AppData\Local\Temp\hesbr.dllc:\users\Jason\AppData\Local\Temp\iscsKEYs64.dllc:\users\Public\Desktop\weather.lnkc:\windows\SysWow64\ccrpTmr6.dllY:\AUTORUN.INF..((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))..2012-06-04 04:51 . 2012-06-04 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Common Files\Java2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Oracle2012-06-02 23:25 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2012-06-02 23:25 . 2012-06-02 23:25 -------- d-----w- c:\program files (x86)\Java2012-06-02 22:59 . 2012-06-02 22:59 955848 ----a-w- c:\windows\system32\npDeployJava1.dll2012-06-02 12:18 . 2012-06-02 12:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll2012-06-01 12:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll2012-05-30 21:34 . 2012-05-30 21:34 -------- d-----w- c:\users\Jason\AppData\Roaming\Yahoo!2012-05-28 13:17 . 2012-05-28 13:17 -------- d-----w- c:\users\Jason\AppData\Local\visi_coupon2012-05-27 21:59 . 2012-05-27 21:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-27 21:59 . 2012-05-27 21:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-27 20:31 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Roaming\Imomku2012-05-27 20:31 . 2012-05-27 20:41 -------- d-----w- c:\users\Jason\AppData\Roaming\Epvic2012-05-27 20:26 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Local\ICM2012-05-23 21:44 . 2012-05-23 21:47 -------- d-----w- c:\users\Jason\AppData\Roaming\ooVoo Details2012-05-15 01:17 . 2012-05-26 01:31 96256 ----a-w- c:\programdata\compntui64.dll2012-05-15 01:17 . 2012-05-26 01:31 84992 ----a-w- c:\programdata\compntui.dll2012-05-13 18:47 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll2012-05-13 18:47 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-05-13 18:47 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-13 18:47 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys2012-05-13 18:47 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-13 18:47 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-12 20:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-12 20:55 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2012-05-12 20:55 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2012-05-12 20:55 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2012-05-12 20:55 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2012-05-10 19:39 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-05-10 19:39 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2012-05-07 18:41 . 2012-05-07 18:41 -------- d-----w- c:\users\Jason\AppData\Local\Facebook...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-02 22:59 . 2011-03-03 05:00 839112 ----a-w- c:\windows\system32\deployJava1.dll2012-04-04 19:56 . 2012-03-02 15:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((( SnapShot@2012-06-03_18.46.44 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 05:10 . 2012-06-04 00:54 32950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-03-30 16:34 . 2012-06-04 00:54 11154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-988965696-3072713576-3310776537-1000_UserData.bin- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-03-30 22:23 . 2012-06-04 00:13 311914 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2012-06-03 14:36 624864 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-06-04 00:15 624864 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-06-03 14:36 106950 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2012-06-04 00:15 106950 c:\windows\system32\perfc009.dat+ 2009-07-14 05:01 . 2012-06-04 00:50 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-06-01 13:19 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2011-03-30 00:21 . 2012-06-01 13:19 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2011-03-30 00:21 . 2012-06-04 00:50 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2011-05-12 07:18 . 2012-06-04 00:50 55974192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-988965696-3072713576-3310776537-1000-8192.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]"sdApp.exe"="c:\program files (x86)\ShoppingDaisy\sdApp.exe" [bU]"Facebook Update"="c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-07 137536]"DWWISVCS"="compntui64.dll" [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-27 77824]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376].c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]KODAK Software Updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 22:35 146928]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:59].2012-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41].2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02].2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00].2012-05-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11].2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 208.59.247.45 208.59.247.46.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Toolbar-Locked - (no file)Toolbar-10 - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54"{64D7ECDD-7E88-4292-889B-046055145CD6}"=hex:51,66,7a,6c,4c,1d,38,12,b3,ef,c4, 60,ba,30,fc,07,f7,8d,47,20,50,4a,18,c2"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{5E07EBD4-381E-4F32-8CB9-8280222D9009}"=hex:51,66,7a,6c,4c,1d,38,12,ba,e8,14, 5a,2c,76,5c,0a,f3,af,c1,c0,27,73,d4,1d"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85, b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:a7,d1,5f,06,d4,3c,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-06-04 00:53:16ComboFix-quarantined-files.txt 2012-06-04 04:53.Pre-Run: 560,353,710,080 bytes freePost-Run: 560,161,476,608 bytes free.- - End Of File - - F70E9420DC80129344503706DAA1B653 Link to post Share on other sites More sharing options...
MrCharlie Posted June 4, 2012 ID:557383 Share Posted June 4, 2012 Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how it is, MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 4, 2012 Author ID:557424 Share Posted June 4, 2012 out of the report above, this is the file that comes up after starting a computer up or restarting...2012-05-15 01:17 . 2012-05-26 01:31 96256 ----a-w- c:\programdata\compntui64.dllAND it gives me this error box:There was a problem starting compntui64.dllThe specified module could not be found.here is the report of MBAM (free version) Updated 6-4-12Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.04.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jason :: JASON-PC [administrator]6/4/2012 12:53:22 PMmbam-log-2012-06-04 (12-53-22).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 216405Time elapsed: 3 minute(s), 30 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted June 4, 2012 ID:557442 Share Posted June 4, 2012 It's definitely there is your logs but I'm not sure what it is:C:\ProgramData\compntui64.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DWWISVCS"="compntui64.dll" [bU]uRun: [DWWISVCS] rundll32 "compntui64.dll",CreateProcessNotify--------------------------------------------Please up load it to VirusTotal for a free scan, let me know the results, just copy back the url.C:\ProgramData\compntui64.dllhttp://www.virustotal.com/MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 4, 2012 Author ID:557464 Share Posted June 4, 2012 is this what u wanted? and you have to click additional notes?https://www.virustotal.com/file/fe8fbb0dfe0898dbcad734915c5ef809f0b5f9cc5e1553e5eef8912b02fc97e5/analysis/1338834711/ Link to post Share on other sites More sharing options...
MrCharlie Posted June 4, 2012 ID:557467 Share Posted June 4, 2012 That's what I wanted.I'm not sure what it belongs to but lets delete it and see....Using ComboFix:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:4. If ComboFix wants to update.....please allow it to.File::C:\ProgramData\compntui64.dllRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DWWISVCS"=-Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeCAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.After reboot, (in case it asks to reboot)......Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 5, 2012 Author ID:557603 Share Posted June 5, 2012 i think i did this right, let me know....boFix 12-06-04.02 - Jason 06/04/2012 18:06:04.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1911 [GMT -4:00]Running from: c:\users\Jason\Desktop\ComboFix.exeCommand switches used :: c:\users\Jason\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\programdata\compntui64.dll"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\compntui64.dllc:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll..((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))..2012-06-04 22:12 . 2012-06-04 22:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2012-06-04 22:12 . 2012-06-04 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp2012-06-04 22:12 . 2012-06-04 22:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Common Files\Java2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Oracle2012-06-02 23:25 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2012-06-02 23:25 . 2012-06-02 23:25 -------- d-----w- c:\program files (x86)\Java2012-06-02 22:59 . 2012-06-02 22:59 955848 ----a-w- c:\windows\system32\npDeployJava1.dll2012-06-02 12:18 . 2012-06-02 12:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll2012-06-01 12:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll2012-05-30 21:34 . 2012-05-30 21:34 -------- d-----w- c:\users\Jason\AppData\Roaming\Yahoo!2012-05-28 13:17 . 2012-05-28 13:17 -------- d-----w- c:\users\Jason\AppData\Local\visi_coupon2012-05-27 21:59 . 2012-05-27 21:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-05-27 21:59 . 2012-05-27 21:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-05-27 20:31 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Roaming\Imomku2012-05-27 20:31 . 2012-05-27 20:41 -------- d-----w- c:\users\Jason\AppData\Roaming\Epvic2012-05-27 20:26 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Local\ICM2012-05-23 21:44 . 2012-05-23 21:47 -------- d-----w- c:\users\Jason\AppData\Roaming\ooVoo Details2012-05-15 01:17 . 2012-05-26 01:31 84992 ----a-w- c:\programdata\compntui.dll2012-05-13 18:47 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll2012-05-13 18:47 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-05-13 18:47 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-13 18:47 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys2012-05-13 18:47 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2012-05-13 18:47 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2012-05-12 20:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-12 20:55 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2012-05-12 20:55 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2012-05-12 20:55 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2012-05-12 20:55 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2012-05-10 19:39 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-05-10 19:39 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2012-05-07 18:41 . 2012-05-07 18:41 -------- d-----w- c:\users\Jason\AppData\Local\Facebook...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-02 22:59 . 2011-03-03 05:00 839112 ----a-w- c:\windows\system32\deployJava1.dll2012-04-04 19:56 . 2012-03-02 15:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((( SnapShot@2012-06-03_18.46.44 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 05:10 . 2012-06-04 00:54 32950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-03-30 16:34 . 2012-06-04 00:54 11154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-988965696-3072713576-3310776537-1000_UserData.bin- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-03-30 22:23 . 2012-06-04 15:38 312500 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin- 2009-07-14 02:36 . 2012-06-03 14:36 624864 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-06-04 15:40 624864 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-06-03 14:36 106950 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2012-06-04 15:40 106950 c:\windows\system32\perfc009.dat+ 2009-07-14 05:01 . 2012-06-04 00:50 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-06-01 13:19 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2011-03-30 00:21 . 2012-06-01 13:19 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2011-03-30 00:21 . 2012-06-04 00:50 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat+ 2011-05-12 07:18 . 2012-06-04 00:50 55974192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-988965696-3072713576-3310776537-1000-8192.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]"sdApp.exe"="c:\program files (x86)\ShoppingDaisy\sdApp.exe" [bU]"Facebook Update"="c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-07 137536].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-27 77824]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376].c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]KODAK Software Updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 22:35 146928]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:59].2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41].2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00].2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00].2012-05-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11].2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 208.59.247.45 208.59.247.46.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54"{64D7ECDD-7E88-4292-889B-046055145CD6}"=hex:51,66,7a,6c,4c,1d,38,12,b3,ef,c4, 60,ba,30,fc,07,f7,8d,47,20,50,4a,18,c2"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{5E07EBD4-381E-4F32-8CB9-8280222D9009}"=hex:51,66,7a,6c,4c,1d,38,12,ba,e8,14, 5a,2c,76,5c,0a,f3,af,c1,c0,27,73,d4,1d"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85, b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:a7,d1,5f,06,d4,3c,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-06-04 18:15:07ComboFix-quarantined-files.txt 2012-06-04 22:15ComboFix2.txt 2012-06-04 04:53.Pre-Run: 560,081,915,904 bytes freePost-Run: 559,896,657,920 bytes free.- - End Of File - - EFF5212768384C53B84E4DB9E88B14FB Link to post Share on other sites More sharing options...
MrCharlie Posted June 5, 2012 ID:557608 Share Posted June 5, 2012 Yes...you did it right.How is it now?? MrC Link to post Share on other sites More sharing options...
fireman5214 Posted June 5, 2012 Author ID:557737 Share Posted June 5, 2012 Yes...you did it right.How is it now?? MrCthat error doesnt come up anymore upon restart, and also flash and java works, the only problem im still having is the yahoo messenger smileys stopped working about the same time the problem started in the first place, they just get frozen if they are animated, so i was thinking possibly uninstall and reinstall? see if that works? Link to post Share on other sites More sharing options...
MrCharlie Posted June 5, 2012 ID:557744 Share Posted June 5, 2012 OK, that's good news that the message no longer comes up.as far as Yahoo, click the link below and see if any of the solutions work, if not then reinstall.http://lmgtfy.com/?q...stopped+workingLet me know, MrC Link to post Share on other sites More sharing options...
Recommended Posts