how to fix a dll error

fireman5214 · May 31, 2012

I was told to come here and post, this is the original message:

Hello all, I have recently gotten the following errors and I don't know how. I have done a malwarebytes scan and it found 1 i think 7 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9. The following error comes up when i boot my computer and I get 2 little boxes that state the following:

compntui64.dll

c:\users\MYNAME\appdata\local\temp\iscskeys.dll

I have seen online that there are scan systems to fix these but I tried to download a fixcleaner.com and it wont download for me, also it clears my history and shuts down my comp with a blue screen and restarts it and I lose the saved usernames and passwords and now trying to use google.com every search I do i get this... Error Refferer

If i do a system restore would that help? Any good scans I could download for free and fix this myself once in a while my IE will say an error has occured and needs to reopen the tab.

Thanks for any help.

****also i deleted QUICKTIME PLAYER because i thought that was the problem and it wasnt and i need it for a website,... is it ok to re-install quicktime?***

*******I DID A QUICK SCAN AND GOT THE FOLLOWING REPORT********

URGENT! You must restart your system to remove all active threats properly. Click Yes to restart now. ( i have done this AFTER I finish this post) --also i changed my name on the files to NAME as I dont want my name all over the forum---

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.27.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

NAME :: NAME-PC [administrator]

5/30/2012 9:26:41 PM

mbam-log-2012-05-30 (21-26-41).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 214826

Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Detected: 2

C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> 2960 -> Delete on reboot.

C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> 4524 -> Delete on reboot.

Memory Modules Detected: 1

C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ICMPrinter (Trojan.Agent.SZ) -> Data: "C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe" /u -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{341509DC-CA89-03E9-E5EE-63E3B109C582} (Trojan.Birele) -> Data: C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmsttugc (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll",CreateProcessNotify -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 9

C:\Users\NAME\AppData\Local\ICM\ICMPrinter.exe (Trojan.Agent.SZ) -> Delete on reboot.

C:\Users\NAME\AppData\Roaming\Imomku\zezaes.exe (Trojan.Birele) -> Delete on reboot.

C:\Users\NAME\AppData\Local\Temp\iscsKEYs.dll (IPH.Trojan.Agent.CPN) -> Delete on reboot.

C:\Users\NAME\AppData\Local\Temp\k8h0pp.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.

C:\Users\NAME\AppData\Local\Temp\uoepougjrudefv.exe (Trojan.Agent.SZ) -> Quarantined and deleted successfully.

C:\Users\NAME\AppData\Local\Temp\~!#755D.tmp (Trojan.Birele) -> Quarantined and deleted successfully.

C:\Users\NAME\AppData\Local\Temp\~!#AB53.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Users\NAME\AppData\Local\Temp\~!#B352.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\NAME\AppData\Local\Temp\~!#B641.tmp (Trojan.Agent.SZ) -> Quarantined and deleted successfully.

(end)

ok I am back after a restart and I still get this...

error saying it has a problem starting up...

compntui64.dll

ALSO it doesn not save any of my browser history,...

this includes passwords with what i want to keep stored as well, like here I came back and it had no malwarebytes forum in the main URL bar and I had to sign in here as well.

MrCharlie · May 31, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

fireman5214 · June 2, 2012

MRCharlie, here is what you requested... sorry we had some storms here yesterday and I am a part of the weather team as well for FB and was tied up and we lost some power as well so here is the delayed reply. Also what this does not show is I did an update to Adobe Flashplayer and installed OOVOO and have since uninstalled OOVOO because after i did these 2 things I noticed problems and uninstalled and re-installed adobe flashplayer. Post back the 2 logs.....DDS.txt and Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/29/2011 6:58:51 PM

System Uptime: 6/1/2012 5:24:42 PM (22 hours ago)

.

Motherboard: Dell Inc. | | 08VFX1

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | U2E1 | 911/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 519.41 GiB free.

D: is CDROM ()

Y: is FIXED (NTFS) - 15 GiB total, 6.771 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Plus B209a-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Plus B209a-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP232: 5/18/2012 7:23:59 AM - Windows Update

RP233: 5/22/2012 11:13:34 AM - Windows Update

RP234: 5/28/2012 9:15:22 AM - Removed ooVoo

RP235: 5/29/2012 12:10:42 PM - Windows Update

RP237: 5/29/2012 12:16:44 PM - Windows Defender Checkpoint

.

==== Installed Programs ======================

.

Adobe Reader 9.1.2

Adobe Shockwave Player 11.6

Adobe SVG Viewer 3.0

Advanced Audio FX Engine

Ask Toolbar

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Audacity 1.3.13 (Unicode)

B209a-m

BufferChm

CardRd81

CashCrate Toolbar

CCScore

Cozi

CR2

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell Product Registration

Dell Webcam Central

Destinations

DeviceDiscovery

EasyBits GO

eBay

Emergency 2012

ESSBrwr

ESSCDBK

ESScore

ESSCT

ESSgui

ESShelp

ESSini

ESSPCD

ESSPDock

ESSSONIC

ESSTOOLS

ESSTUTOR

ESSvpaht

ESSvpot

Facebook Video Calling 1.2.0.159

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

GoToAssist 8.0.0.514

GPBaseService2

HLPIndex

HLPPDOCK

HLPRFO

HP Update

HPDiagnosticAlert

HPPhotoGadget

hpPrintProjects

HPProductAssistant

HPSSupply

hpWLPGInstaller

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Internet Explorer

Java Auto Updater

Java 6 Update 22

Java 6 Update 29

John Deere Drive Green

Junk Mail filter update

Kodak EasyShare software

KSU

LAME v3.98.3 for Audacity

Light-O-Rama

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySpaceIM

Notifier

NVIDIA PhysX

OpenOffice.org 3.3

OTtBP

OTtBPSDK

PowerDVD DX

PrintMaster 2011 Platinum

PS_AIO_06_B209a-m_SW_Min

QuickTime

Realtek High Definition Audio Driver

RollerCoaster Tycoon 3 Platinum

Roxio Burn

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

SFR

SHASTA

SKIN0001

SKINXSDK

Skype Click to Call

Skype™ 5.7

SmartWebPrinting

SolutionCenter

Status

swMSM

TiVo Desktop 2.8.2

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VPRINTOL

Weather

WebReg

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WIRELESS

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

6/2/2012 8:17:08 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

6/2/2012 2:50:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll

6/1/2012 9:22:23 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

6/1/2012 9:22:21 AM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

6/1/2012 9:22:19 AM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.

5/30/2012 3:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048df060, 0xfffff80000ba2748, 0xfffffa80094af800). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-19484-01.

5/30/2012 10:53:32 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

5/30/2012 10:45:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048e2a10, 0xfffff800049bf518, 0xfffffa800af36c60). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053012-21730-01.

5/28/2012 9:06:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80048dca10, 0xfffff800049c6518, 0xfffffa8009dcfcf0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052812-18111-01.

.

==== End Of File ===========================

--------------------------------------------------------------------AND-----------------------------------------------------------------------

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jason at 15:15:49 on 2012-06-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1518 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Dell Support Center\imstrayicon.exe

C:\Program Files (x86)\Windows Live\Companion\companionuser.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\taskeng.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: FCToolbarURLSearchHook Class: {93da556a-4376-4f66-a896-216daf31719e} - C:\Program Files (x86)\CashCrate Toolbar\Helper.dll

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CashCrate Toolbar BHO: {5e07ebd4-381e-4f32-8cb9-8280222d9009} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: CashCrate Toolbar: {64d7ecdd-7e88-4292-889b-046055145cd6} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer

uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sdApp.exe] C:\Program Files (x86)\ShoppingDaisy\sdApp.exe

uRun: [Facebook Update] "C:\Users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [DWWISVCS] rundll32 "compntui64.dll",CreateProcessNotify

uRun: [hesbr] rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath

uRun: [tracCERT] rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe

StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKS~1.LNK - C:\Program Files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 208.59.247.45 208.59.247.46

TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113} : DhcpNameServer = 208.59.247.45 208.59.247.46

TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\34963736F68393734383 : DhcpNameServer = 208.59.247.45 208.59.247.46

TCP: Interfaces\{D8ECD569-4B6C-4B4C-87CC-7CAE92F5A113}\C696E6B6379737 : DhcpNameServer = 208.59.247.45 208.59.247.46

TCP: Interfaces\{F40578BB-8BCB-4CA6-88E8-CF2738CFCE17} : DhcpNameServer = 13.35.0.1 13.35.0.2

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: CashCrate Toolbar BHO: {5E07EBD4-381E-4F32-8CB9-8280222D9009} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll

BHO-X64: FCTBPos00Pos - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll

BHO-X64: DCA - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: CashCrate Toolbar: {64D7ECDD-7E88-4292-889B-046055145CD6} - C:\Program Files (x86)\CashCrate Toolbar\Toolbar.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2004-9-23 26720]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29:10];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-3-3 146928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-3 98208]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-3 705856]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2533400]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-27 257696]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-9 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-02 12:18:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll

2012-06-01 13:23:53 -------- d-----w- C:\Users\Jason\AppData\Local\{05AA42C4-EED9-4038-85AF-B01E7D319FEF}

2012-06-01 13:23:41 -------- d-----w- C:\Users\Jason\AppData\Local\{2030A231-25C3-4E9F-88E6-C802299DE5E6}

2012-06-01 12:52:54 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll

2012-05-31 17:47:43 -------- d-----w- C:\Users\Jason\AppData\Local\{82848B80-141D-408B-814C-1C6F67E015A8}

2012-05-31 17:47:33 -------- d-----w- C:\Users\Jason\AppData\Local\{9F7F8AA6-AF28-4003-A824-74357828423F}

2012-05-31 01:49:02 -------- d-----w- C:\Users\Jason\AppData\Local\{27FC6D67-D067-40BF-83F7-ACBC5EE1DC00}

2012-05-31 01:48:50 -------- d-----w- C:\Users\Jason\AppData\Local\{089414D0-E2D6-446A-84BE-3FB4B689434E}

2012-05-30 19:38:11 -------- d-----w- C:\Users\Jason\AppData\Local\{9C6FE128-FA95-4CFC-A560-FCE5A9B7F6E3}

2012-05-30 19:38:01 -------- d-----w- C:\Users\Jason\AppData\Local\{C9CDBC57-35EC-4DBA-854C-5349B99A6A08}

2012-05-30 14:54:00 -------- d-----w- C:\Users\Jason\AppData\Local\{E3121394-7AF7-4140-85D5-CE26B9C5E394}

2012-05-30 14:53:50 -------- d-----w- C:\Users\Jason\AppData\Local\{894C241B-7184-4559-9711-95B3CB25E6A5}

2012-05-28 13:17:00 -------- d-----w- C:\Users\Jason\AppData\Local\visi_coupon

2012-05-28 13:10:56 -------- d-----w- C:\Users\Jason\AppData\Local\{B5CCDA7A-14B2-47E8-BC07-6A5AFAF0CC48}

2012-05-27 22:05:05 -------- d-----w- C:\Users\Jason\AppData\Local\{CF3F4022-DD88-4888-8BF6-BAA448F00D6C}

2012-05-27 21:59:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-27 21:59:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-27 20:31:29 -------- d-----w- C:\Users\Jason\AppData\Roaming\Imomku

2012-05-27 20:31:29 -------- d-----w- C:\Users\Jason\AppData\Roaming\Epvic

2012-05-27 20:26:14 -------- d-----w- C:\Users\Jason\AppData\Local\ICM

2012-05-27 13:18:53 -------- d-----w- C:\Users\Jason\AppData\Local\{84EF1222-9988-4B5F-88E1-3987A1238DCE}

2012-05-27 13:18:42 -------- d-----w- C:\Users\Jason\AppData\Local\{9F4C1BDE-FDF8-453E-9387-953D11AC50EF}

2012-05-25 20:40:44 -------- d-----w- C:\Users\Jason\AppData\Local\{9FEA8D35-8B76-4B19-8853-E6F9BF9AA037}

2012-05-25 20:40:34 -------- d-----w- C:\Users\Jason\AppData\Local\{700A1318-A596-43C8-B81E-79D6892BCDFA}

2012-05-23 21:44:16 -------- d-----w- C:\Users\Jason\AppData\Roaming\ooVoo Details

2012-05-20 00:47:19 -------- d-----w- C:\Users\Jason\AppData\Local\{49477DDF-1F82-414E-9DD3-CA7D753A7315}

2012-05-20 00:47:08 -------- d-----w- C:\Users\Jason\AppData\Local\{DED6FDA3-011C-4D59-BB35-F6306338B69B}

2012-05-15 01:17:23 96256 ----a-w- C:\ProgramData\compntui64.dll

2012-05-15 01:17:23 84992 ----a-w- C:\ProgramData\compntui.dll

2012-05-14 07:21:21 -------- d-----w- C:\Users\Jason\AppData\Local\{F0ED5A5A-3D56-4111-988B-08BC46536171}

2012-05-14 07:21:10 -------- d-----w- C:\Users\Jason\AppData\Local\{192801B4-13A0-4E0C-9A8E-89D96BD9D95A}

2012-05-13 18:47:39 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-13 18:47:39 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-13 18:47:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-13 18:47:36 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-13 18:47:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-13 18:47:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-13 07:34:56 -------- d-----w- C:\Users\Jason\AppData\Local\{AC9CF85B-89D3-4C09-99E9-8D646A6BD71A}

2012-05-13 07:34:46 -------- d-----w- C:\Users\Jason\AppData\Local\{54764B35-CA91-4085-84C8-3ACADD97D412}

2012-05-12 20:55:55 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-12 20:55:37 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 20:55:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-12 20:55:37 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-12 20:55:37 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 20:49:25 -------- d-----w- C:\Users\Jason\AppData\Local\{4A324FF3-E498-4E3E-8724-F0BA2B20BC97}

2012-05-12 20:49:13 -------- d-----w- C:\Users\Jason\AppData\Local\{229C20B4-297D-4437-A440-0F6A48B90019}

2012-05-12 18:48:01 -------- d-----w- C:\Users\Jason\AppData\Local\{4BB279B6-EB2B-41EF-8EAE-DE24FD2C64B6}

2012-05-12 18:47:43 -------- d-----w- C:\Users\Jason\AppData\Local\{7CE29CA2-9981-4E59-BB62-6916227A081A}

2012-05-11 13:42:36 -------- d-----w- C:\Users\Jason\AppData\Local\{1277A579-6F99-45B8-A5E9-E16BE8D7A66C}

2012-05-11 13:42:25 -------- d-----w- C:\Users\Jason\AppData\Local\{82AE0526-3EBF-4A81-94A9-E0DBCD36D0F0}

2012-05-11 13:04:24 -------- d-----w- C:\Users\Jason\AppData\Local\{8149658C-5944-4B54-980D-3A71DBDE2887}

2012-05-11 13:04:13 -------- d-----w- C:\Users\Jason\AppData\Local\{673FF047-1FE1-49A0-830B-7D719D0C3082}

2012-05-10 19:39:12 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 19:39:08 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-09 17:14:01 -------- d-----w- C:\Users\Jason\AppData\Local\{19298873-3756-4B7B-B150-DB9D9BC02AB6}

2012-05-09 17:13:51 -------- d-----w- C:\Users\Jason\AppData\Local\{5EBFAFF7-1841-4847-9AA7-F74A03135D2B}

2012-05-07 18:41:22 -------- d-----w- C:\Users\Jason\AppData\Local\Facebook

2012-05-06 01:31:03 -------- d-----w- C:\Users\Jason\AppData\Local\{28BBC22A-4670-4A48-A0D6-E1894CDDCA1B}

2012-05-06 01:30:52 -------- d-----w- C:\Users\Jason\AppData\Local\{5BEB04E9-D4A7-4309-93F5-5C106A9C5DC0}

2012-05-04 22:09:07 -------- d-----w- C:\Users\Jason\AppData\Local\{8E3B95D1-5003-41F5-9FC1-EBB6942F5BCC}

2012-05-04 22:08:57 -------- d-----w- C:\Users\Jason\AppData\Local\{C288D7C2-57D9-4B95-98F5-7A32AC1D4226}

.

==================== Find3M ====================

.

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 15:16:48.91 ===============

MrCharlie · June 2, 2012

I highly suggest you uninstall these two toolbars:

Ask Toolbar

CashCrate Toolbar

You have out date Java on the system, older versions are vulnerable to malware.

Also uninstall these:

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 29

Then download and install the latest version Java™ 7 Update 4.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

----------------------

Can you run RogueKiller as I asked and post back the log:

http://forums.malwar...ndpost&p=556486

MrC

fireman5214 · June 2, 2012

I highly suggest you uninstall these two toolbars:
Ask Toolbar
CashCrate Toolbar
You have out date Java on the system, older versions are vulnerable to malware.
Also uninstall these:
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Then download and install the latest version Java™ 7 Update 4.
http://www.java.com/...load/manual.jsp <---latest version
http://www.java.com/...d/installed.jsp <---verify your Java
I HAVE DELETED ALL THE ABOVE AND GOT THIS MESSAGE FROM THE JAVA VERIFY PAGE:
Verified Java Version Congratulations!
You have the recommended Java installed (Version 7 Update 4). -- I will run ROGUE KILLER tonight before bed and post information in the morning. Also I have deleted QUICKTIME PLAYER prior to this thread. WOULD IT BE OK TO RELOAD QUICKTIME? Thanks for the help so far.
----------------------
Can you run RogueKiller as I asked and post back the log:
http://forums.malwar...ndpost&p=556486
MrC

fireman5214 · June 3, 2012

Since I downloaded the new java now my FaceBook runs extremely slow and i get an error and page goes blank grey saying that facebook is not responding due to a long running script. Is this facebook itself or my computer screwed up? it only does this on facebook so far that i noticed. but java runs fine now, the first time i got this on my desktop using the new java...

A fatal error has been detected by the Java Runtime Environment:

#

# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x770e8dc9, pid=1312, tid=7452

#

# JRE version: 6.0_29-b11

# Java VM: Java HotSpot Client VM (20.4-b02 mixed mode, sharing windows-x86 )

# Problematic frame:

# C [ntdll.dll+0x38dc9]

#

# If you would like to submit a bug report, please visit:

# http://java.sun.com/webapps/bugreport/crash.jsp

# The crash happened outside the Java Virtual Machine in native code.

# See problematic frame for where to report the bug.

#

--------------- T H R E A D ---------------

Current thread (0x050d9000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=7452, stack(0x04660000,0x04760000)]

siginfo: ExceptionCode=0xc0000005, writing address 0x00000014

Registers:

EAX=0x00000000, EBX=0xfffffff8, ECX=0xfffffffc, EDX=0x00000004

ESP=0x0475fa14, EBP=0x0475fa64, ESI=0x050e17b8, EDI=0x050e17bc

EIP=0x770e8dc9, EFLAGS=0x00010213

Top of Stack: (sp=0x0475fa14)

0x0475fa14: 050e17b8 050e17bc 00000001 0000982c

0x0475fa24: 002e002c 6d0c76d4 00a35708 00000000

0x0475fa34: 0475fa24 0475fa0c 00000000 6d102d8c

0x0475fa44: 6d102d8c 6d102d70 6d102d8c 00000000

0x0475fa54: 00000000 00000000 7efd7000 00000560

0x0475fa64: 0475fa8c 770e8cd8 00000000 00000000

0x0475fa74: 00000001 050e17b8 050e1688 00000004

0x0475fa84: 00000000 00000001 0475facc 6d09d6eb

Instructions: (pc=0x770e8dc9)

0x770e8da9: c2 8b d8 8b c1 f0 0f b1 1f 3b c1 0f 85 58 fe ff

0x770e8db9: ff 33 c0 89 45 0c 89 45 08 8b 06 83 f8 ff 74 03

0x770e8dc9: ff 40 14 8b 5d f4 8b 7d f0 80 3d 82 03 fe 7f 00

0x770e8dd9: 0f 85 da 99 04 00 8b 45 fc 57 6a 00 83 f8 ff 0f

Register to memory mapping:

EAX=0x00000000 is an unknown value

EBX=0xfffffff8 is an unknown value

ECX=0xfffffffc is an unknown value

EDX=0x00000004 is an unknown value

ESP=0x0475fa14 is pointing into the stack for thread: 0x050d9000

EBP=0x0475fa64 is pointing into the stack for thread: 0x050d9000

ESI=0x050e17b8 is an unknown value

EDI=0x050e17bc is an unknown value

Stack: [0x04660000,0x04760000], sp=0x0475fa14, free space=1022k

Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)

C [ntdll.dll+0x38dc9] RtlIntegerToUnicodeString+0x2fc

C [ntdll.dll+0x38cd8] RtlIntegerToUnicodeString+0x20b

C [awt.dll+0x9d6eb] Java_sun_awt_windows_WToolkit_init+0x1ab

C [uSER32.dll+0x162fa] gapfnScSendMessage+0x332

C [uSER32.dll+0x16d3a] GetThreadDesktop+0xd7

C [uSER32.dll+0x177c4] CharPrevW+0x138

C [uSER32.dll+0x1788a] DispatchMessageW+0xf

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)

j sun.awt.windows.WToolkit.eventLoop()V+0

j sun.awt.windows.WToolkit.run()V+52

v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )

0x0510cc00 JavaThread "Timer-2" [_thread_blocked, id=5440, stack(0x05540000,0x05590000)]

0x0510f800 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=6108, stack(0x06f60000,0x06fb0000)]

0x0510f000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=6848, stack(0x057f0000,0x05840000)]

0x0510d800 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=2820, stack(0x05760000,0x057b0000)]

0x0510c400 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=2684, stack(0x06d60000,0x06db0000)]

0x0510b800 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=3604, stack(0x059a0000,0x059f0000)]

0x0510b400 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=6240, stack(0x05910000,0x05960000)]

0x050e6000 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=3020, stack(0x05880000,0x058d0000)]

0x01eb6800 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=2224, stack(0x052d0000,0x05320000)]

=>0x050d9000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=7452, stack(0x04660000,0x04760000)]

0x050d8400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2616, stack(0x054b0000,0x05500000)]

0x050cf000 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=4280, stack(0x05360000,0x053b0000)]

0x01ea7c00 JavaThread "Timer-0" [_thread_blocked, id=8112, stack(0x05000000,0x05050000)]

0x01e7d400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=7536, stack(0x04e60000,0x04eb0000)]

0x01e5b000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1328, stack(0x04c40000,0x04c90000)]

0x01e48c00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=6208, stack(0x04bb0000,0x04c00000)]

0x01e47c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=7812, stack(0x04b20000,0x04b70000)]

0x01e44800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7752, stack(0x04a90000,0x04ae0000)]

0x01e3c400 JavaThread "Finalizer" daemon [_thread_blocked, id=6676, stack(0x04a00000,0x04a50000)]

0x01e3b000 JavaThread "Reference Handler" daemon [_thread_blocked, id=6324, stack(0x04970000,0x049c0000)]

0x01f8ac00 JavaThread "main" [_thread_in_native, id=1116, stack(0x00390000,0x003e0000)]

Other Threads:

0x01dfe400 VMThread [stack: 0x04880000,0x048d0000] [id=3836]

0x01e64c00 WatcherThread [stack: 0x04cd0000,0x04d20000] [id=3720]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap

def new generation total 5120K, used 3040K [0x24520000, 0x24aa0000, 0x29a70000)

eden space 4608K, 64% used [0x24520000, 0x24808ec0, 0x249a0000)

from space 512K, 11% used [0x24a20000, 0x24a2f400, 0x24aa0000)

to space 512K, 0% used [0x249a0000, 0x249a0000, 0x24a20000)

tenured generation total 11044K, used 7731K [0x29a70000, 0x2a539000, 0x34520000)

the space 11044K, 70% used [0x29a70000, 0x2a1fce80, 0x2a1fd000, 0x2a539000)

compacting perm gen total 12288K, used 4875K [0x34520000, 0x35120000, 0x38520000)

the space 12288K, 39% used [0x34520000, 0x349e2e40, 0x349e3000, 0x35120000)

ro space 10240K, 51% used [0x38520000, 0x38a4d0b8, 0x38a4d200, 0x38f20000)

rw space 12288K, 54% used [0x38f20000, 0x395b9570, 0x395b9600, 0x39b20000)

Code Cache [0x025c0000, 0x028c0000, 0x045c0000)

total_blobs=1804 nmethods=1573 adapters=165 free_code_cache=30409984 largest_free_block=256

Dynamic libraries:

0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\java.exe

0x770b0000 - 0x77230000 C:\Windows\SysWOW64\ntdll.dll

0x752d0000 - 0x753e0000 C:\Windows\syswow64\kernel32.dll

0x763d0000 - 0x76416000 C:\Windows\syswow64\KERNELBASE.dll

0x753e0000 - 0x75480000 C:\Windows\syswow64\ADVAPI32.dll

0x74d80000 - 0x74e2c000 C:\Windows\syswow64\msvcrt.dll

0x75190000 - 0x751a9000 C:\Windows\SysWOW64\sechost.dll

0x76420000 - 0x76510000 C:\Windows\syswow64\RPCRT4.dll

0x74790000 - 0x747f0000 C:\Windows\syswow64\SspiCli.dll

0x74780000 - 0x7478c000 C:\Windows\syswow64\CRYPTBASE.dll

0x72c90000 - 0x72cdc000 C:\Windows\system32\apphelp.dll

0x74020000 - 0x740ad000 C:\Windows\AppPatch\AcLayers.DLL

0x74b20000 - 0x74c20000 C:\Windows\syswow64\USER32.dll

0x74880000 - 0x74910000 C:\Windows\syswow64\GDI32.dll

0x74910000 - 0x7491a000 C:\Windows\syswow64\LPK.dll

0x75540000 - 0x755dd000 C:\Windows\syswow64\USP10.dll

0x75780000 - 0x763ca000 C:\Windows\syswow64\SHELL32.dll

0x74920000 - 0x74977000 C:\Windows\syswow64\SHLWAPI.dll

0x74c20000 - 0x74d7c000 C:\Windows\syswow64\ole32.dll

0x75480000 - 0x7550f000 C:\Windows\syswow64\OLEAUT32.dll

0x74290000 - 0x742a7000 C:\Windows\system32\USERENV.dll

0x74580000 - 0x7458b000 C:\Windows\system32\profapi.dll

0x74430000 - 0x74481000 C:\Windows\system32\WINSPOOL.DRV

0x728e0000 - 0x728f2000 C:\Windows\system32\MPR.dll

0x74980000 - 0x749e0000 C:\Windows\system32\IMM32.DLL

0x76690000 - 0x7675c000 C:\Windows\syswow64\MSCTF.dll

0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll

0x6d7f0000 - 0x6da9f000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll

0x72b80000 - 0x72bb2000 C:\Windows\system32\WINMM.dll

0x6d7a0000 - 0x6d7ac000 C:\Program Files (x86)\Java\jre6\bin\verify.dll

0x6d320000 - 0x6d33f000 C:\Program Files (x86)\Java\jre6\bin\java.dll

0x6d000000 - 0x6d14c000 C:\Program Files (x86)\Java\jre6\bin\awt.dll

0x72970000 - 0x72b0e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

0x6d7e0000 - 0x6d7ef000 C:\Program Files (x86)\Java\jre6\bin\zip.dll

0x72bc0000 - 0x72c40000 C:\Windows\system32\uxtheme.dll

0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll

0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll

0x749e0000 - 0x74afd000 C:\Windows\syswow64\CRYPT32.dll

0x77080000 - 0x7708c000 C:\Windows\syswow64\MSASN1.dll

0x75630000 - 0x7574b000 C:\Windows\syswow64\WININET.dll

0x74b00000 - 0x74b03000 C:\Windows\syswow64\Normaliz.dll

0x74e30000 - 0x74fe8000 C:\Windows\syswow64\iertutil.dll

0x76570000 - 0x76681000 C:\Windows\syswow64\urlmon.dll

0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll

0x74490000 - 0x74499000 C:\Windows\system32\VERSION.dll

0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll

0x75270000 - 0x752a5000 C:\Windows\syswow64\WS2_32.dll

0x74b10000 - 0x74b16000 C:\Windows\syswow64\NSI.dll

0x74540000 - 0x7457c000 C:\Windows\system32\mswsock.dll

0x74520000 - 0x74526000 C:\Windows\System32\wship6.dll

0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll

0x72b10000 - 0x72b23000 C:\Windows\system32\DWMAPI.DLL

0x6d230000 - 0x6d27f000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll

0x74240000 - 0x74248000 C:\Windows\system32\Secur32.dll

0x744d0000 - 0x74514000 C:\Windows\system32\dnsapi.DLL

0x74690000 - 0x746ac000 C:\Windows\system32\iphlpapi.DLL

0x74680000 - 0x74687000 C:\Windows\system32\WINNSI.DLL

0x74530000 - 0x74535000 C:\Windows\System32\wshtcpip.dll

0x6a0c0000 - 0x6a0e5000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll

0x6a090000 - 0x6a0b7000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

0x74870000 - 0x74875000 C:\Windows\syswow64\PSAPI.DLL

0x6c2d0000 - 0x6c2d6000 C:\Windows\system32\rasadhlp.dll

0x6a050000 - 0x6a088000 C:\Windows\System32\fwpuclnt.dll

0x6d1a0000 - 0x6d1c3000 C:\Program Files (x86)\Java\jre6\bin\dcpr.dll

0x745d0000 - 0x745e6000 C:\Windows\system32\CRYPTSP.dll

0x74590000 - 0x745cb000 C:\Windows\system32\rsaenh.dll

0x72eb0000 - 0x72ec0000 C:\Windows\system32\NLAapi.dll

0x73470000 - 0x73480000 C:\Windows\system32\napinsp.dll

0x73450000 - 0x73462000 C:\Windows\system32\pnrpnsp.dll

0x73430000 - 0x7343d000 C:\Windows\system32\wshbth.dll

0x73420000 - 0x73428000 C:\Windows\System32\winrnr.dll

0x744b0000 - 0x744c2000 C:\Windows\system32\dhcpcsvc.DLL

0x744a0000 - 0x744ad000 C:\Windows\system32\dhcpcsvc6.DLL

0x69ec0000 - 0x69f36000 C:\Windows\system32\RICHED20.DLL

VM Arguments:

jvm_args: -D__jvm_launched=34375592340 -Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Dsun.plugin2.jvm.args=-D__jvm_launched=34375592340 "-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- --

java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid6532_pipe3,read_pipe_name=jpi2_pid6532_pipe2

Launcher Type: SUN_STANDARD

Environment Variables:

PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\

USERNAME=Jason

OS=Windows_NT

PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows 7 , 64 bit Build 7601 Service Pack 1

CPU:total 4 (2 cores per cpu, 2 threads per core) family 6 model 37 stepping 5, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, ht

Memory: 4k page, physical 3985944k(1395976k free), swap 7970036k(4686464k free)

vm_info: Java HotSpot Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003)

time: Fri Jun 01 19:49:12 2012

elapsed time: 3370 seconds

MrCharlie · June 3, 2012

How is it now and can you post the report from RogueKiller? MrC

fireman5214 · June 3, 2012

How is it now and can you post the report from RogueKiller? MrC

Here is the report: I think this is all of it? I clicked "report" i still have this open on my comp but not running.

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Jason [Admin rights]

Mode: Scan -- Date: 06/03/2012 00:36:54

¤¤¤ Bad processes: 6 ¤¤¤

[sUSP PATH] TiVoServer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe -> KILLED [TermProc]

[sUSP PATH] TiVoTransfer.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe -> KILLED [TermProc]

[sUSP PATH] TiVoNotify.exe -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 18 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND

[sUSP PATH] HKCU\[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND

[sUSP PATH] HKCU\[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND

[sUSP PATH] HKCU\[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND

[bLACKLIST DLL] HKCU\[...]\Run : hesbr (rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath) -> FOUND

[sUSP PATH] HKCU\[...]\Run : tracCERT (rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoServer (C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoTransfer (C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TivoNotify (C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : TranscodingService (C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : hesbr (rundll32.exe "C:\Users\Jason\AppData\Local\Temp\hesbr.dll",SteamAPI_GetSteamInstallPath) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-988965696-3072713576-3310776537-1000[...]\Run : tracCERT (rundll32 "C:\Users\Jason\AppData\Local\Temp\iscsKEYs64.dll",CreateProcessNotify) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9640320AS +++++

--- User ---

[MBR] 979705b77092b10a27a5231dd6d6d32e

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 595377 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · June 3, 2012

Close out RogueKiller for now.

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

fireman5214 · June 3, 2012

MC Charlie here is the latest information. Also as a side note, it found 6 malicious threats and the HP Digital Imaging is a Printer/Scanner/Copier hooked up through a wireless connection to my laptop with the problem we are diagnosing. In case that helps you at all with the below.

11:21:06.0620 8084 vwififlt - ok

11:21:06.0647 8084 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:21:06.0682 8084 vwifimp - ok

11:21:06.0744 8084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:21:06.0830 8084 W32Time - ok

11:21:06.0853 8084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:21:06.0878 8084 WacomPen - ok

11:21:06.0927 8084 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:21:06.0989 8084 WANARP - ok

11:21:07.0017 8084 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:21:07.0054 8084 Wanarpv6 - ok

11:21:07.0198 8084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:21:07.0282 8084 WatAdminSvc - ok

11:21:07.0400 8084 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:21:07.0492 8084 wbengine - ok

11:21:07.0617 8084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:21:07.0662 8084 WbioSrvc - ok

11:21:07.0709 8084 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:21:07.0779 8084 wcncsvc - ok

11:21:07.0808 8084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:21:07.0858 8084 WcsPlugInService - ok

11:21:07.0901 8084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:21:07.0925 8084 Wd - ok

11:21:07.0982 8084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:21:08.0046 8084 Wdf01000 - ok

11:21:08.0081 8084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:21:08.0162 8084 WdiServiceHost - ok

11:21:08.0165 8084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:21:08.0184 8084 WdiSystemHost - ok

11:21:08.0223 8084 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys

11:21:08.0233 8084 wdkmd - ok

11:21:08.0267 8084 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:21:08.0301 8084 WebClient - ok

11:21:08.0332 8084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:21:08.0387 8084 Wecsvc - ok

11:21:08.0423 8084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:21:08.0465 8084 wercplsupport - ok

11:21:08.0488 8084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:21:08.0530 8084 WerSvc - ok

11:21:08.0553 8084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:21:08.0591 8084 WfpLwf - ok

11:21:08.0634 8084 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

11:21:08.0660 8084 WimFltr - ok

11:21:08.0677 8084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:21:08.0689 8084 WIMMount - ok

11:21:08.0716 8084 WinDefend - ok

11:21:08.0731 8084 WinHttpAutoProxySvc - ok

11:21:08.0787 8084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:21:08.0831 8084 Winmgmt - ok

11:21:08.0952 8084 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:21:09.0077 8084 WinRM - ok

11:21:09.0213 8084 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:21:09.0237 8084 WinUsb - ok

11:21:09.0315 8084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:21:09.0380 8084 Wlansvc - ok

11:21:09.0451 8084 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

11:21:09.0470 8084 wlcrasvc - ok

11:21:09.0702 8084 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:21:09.0793 8084 wlidsvc - ok

11:21:09.0920 8084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:21:09.0937 8084 WmiAcpi - ok

11:21:09.0995 8084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:21:10.0013 8084 wmiApSrv - ok

11:21:10.0058 8084 WMPNetworkSvc - ok

11:21:10.0088 8084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:21:10.0108 8084 WPCSvc - ok

11:21:10.0143 8084 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:21:10.0160 8084 WPDBusEnum - ok

11:21:10.0180 8084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:21:10.0229 8084 ws2ifsl - ok

11:21:10.0246 8084 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

11:21:10.0275 8084 wscsvc - ok

11:21:10.0279 8084 WSearch - ok

11:21:10.0460 8084 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

11:21:10.0598 8084 wuauserv - ok

11:21:10.0723 8084 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:21:10.0779 8084 WudfPf - ok

11:21:10.0833 8084 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:21:10.0900 8084 WUDFRd - ok

11:21:10.0948 8084 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:21:10.0998 8084 wudfsvc - ok

11:21:11.0054 8084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:21:11.0121 8084 WwanSvc - ok

11:21:11.0240 8084 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

11:21:11.0269 8084 YahooAUService - ok

11:21:11.0309 8084 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl

11:21:11.0320 8084 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok

11:21:11.0355 8084 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

11:21:12.0322 8084 \Device\Harddisk0\DR0 - ok

11:21:12.0329 8084 Boot (0x1200) (968d613a98673a9b1e5aff3358e72170) \Device\Harddisk0\DR0\Partition0

11:21:12.0331 8084 \Device\Harddisk0\DR0\Partition0 - ok

11:21:12.0367 8084 Boot (0x1200) (ec7a06e888a1b22ccdee0d0b2ee5ec30) \Device\Harddisk0\DR0\Partition1

11:21:12.0371 8084 \Device\Harddisk0\DR0\Partition1 - ok

11:21:12.0372 8084 ============================================================

11:21:12.0372 8084 Scan finished

11:21:12.0372 8084 ============================================================

11:21:12.0393 3016 Detected object count: 6

11:21:12.0393 3016 Actual detected object count: 6

11:35:39.0712 3016 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

11:35:39.0712 3016 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:35:39.0712 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

11:35:39.0712 3016 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:35:39.0713 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

11:35:39.0714 3016 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:35:39.0715 3016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

11:35:39.0715 3016 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:35:39.0717 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:35:39.0717 3016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:35:39.0718 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:35:39.0718 3016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrCharlie · June 3, 2012

UnsignedFile.Multi.Generic

These are OK, just unsigned files...that's why we skip them.

Please do this......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

fireman5214 · June 3, 2012

ok I downloaded the Combo Fix, got a small bluebox saying

----Administrator----

Please wait.

ComboFix is preparing to run.

Attempting to create a new restore point

Application Error

X Exception EAccess in module ERUNT.3EXE at 00003A62.

Access violation at address 00403A26 in module 'ERUNT.3EXE'. Read of address 0069005C.

"What should I do with this? it gives me an "OK"

MrCharlie · June 3, 2012

Try it again, click OK if it gives you one, MrC

fireman5214 · June 4, 2012

I ran the COMBO FIX but must have froze at the end... it said Preparing log for over an hour, also now NONE of my Flash Player works on any sites that require flash.

MrCharlie · June 4, 2012

ComboFix creates a restore point just before it runs, so see if you can use it.

Let me know, MrC

fireman5214 · June 4, 2012

ComboFix creates a restore point just before it runs, so see if you can use it.
Let me know, MrC

yeah i had to restart my computer... here is the COMBOFIX report

ComboFix 12-06-03.01 - Jason 06/04/2012 0:44.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2391 [GMT -4:00]

Running from: c:\users\Jason\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll

c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll

c:\users\Jason\AppData\Local\Temp\hesbr.dll

c:\users\Jason\AppData\Local\Temp\iscsKEYs64.dll

c:\users\Public\Desktop\weather.lnk

c:\windows\SysWow64\ccrpTmr6.dll

Y:\AUTORUN.INF

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

2012-06-04 04:51 . 2012-06-04 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-02 23:26 . 2012-06-02 23:26 -------- d-----w- c:\program files (x86)\Oracle

2012-06-02 23:25 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-06-02 23:25 . 2012-06-02 23:25 -------- d-----w- c:\program files (x86)\Java

2012-06-02 22:59 . 2012-06-02 22:59 955848 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-02 12:18 . 2012-06-02 12:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\offreg.dll

2012-06-01 12:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D165635-EB67-46C4-AD39-071D3AA4B009}\mpengine.dll

2012-05-30 21:34 . 2012-05-30 21:34 -------- d-----w- c:\users\Jason\AppData\Roaming\Yahoo!

2012-05-28 13:17 . 2012-05-28 13:17 -------- d-----w- c:\users\Jason\AppData\Local\visi_coupon

2012-05-27 21:59 . 2012-05-27 21:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-27 21:59 . 2012-05-27 21:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-27 20:31 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Roaming\Imomku

2012-05-27 20:31 . 2012-05-27 20:41 -------- d-----w- c:\users\Jason\AppData\Roaming\Epvic

2012-05-27 20:26 . 2012-05-31 01:45 -------- d-----w- c:\users\Jason\AppData\Local\ICM

2012-05-23 21:44 . 2012-05-23 21:47 -------- d-----w- c:\users\Jason\AppData\Roaming\ooVoo Details

2012-05-15 01:17 . 2012-05-26 01:31 96256 ----a-w- c:\programdata\compntui64.dll

2012-05-15 01:17 . 2012-05-26 01:31 84992 ----a-w- c:\programdata\compntui.dll

2012-05-13 18:47 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-13 18:47 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-13 18:47 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-13 18:47 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-13 18:47 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-13 18:47 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-12 20:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-12 20:55 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-12 20:55 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-12 20:55 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-12 20:55 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 19:39 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 19:39 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-07 18:41 . 2012-05-07 18:41 -------- d-----w- c:\users\Jason\AppData\Local\Facebook

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 22:59 . 2011-03-03 05:00 839112 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-04 19:56 . 2012-03-02 15:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-06-03_18.46.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-06-04 00:54 32950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-03-30 16:34 . 2012-06-04 00:54 11154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-988965696-3072713576-3310776537-1000_UserData.bin

- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-04 00:51 . 2012-06-04 00:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-01 13:20 . 2012-06-01 13:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-30 22:23 . 2012-06-04 00:13 311914 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-06-03 14:36 624864 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-04 00:15 624864 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-03 14:36 106950 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-06-04 00:15 106950 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-06-04 00:50 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-01 13:19 446924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-03-30 00:21 . 2012-06-01 13:19 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-03-30 00:21 . 2012-06-04 00:50 1813336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-05-12 07:18 . 2012-06-04 00:50 55974192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-988965696-3072713576-3310776537-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]

"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]

"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]

"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]

"sdApp.exe"="c:\program files (x86)\ShoppingDaisy\sdApp.exe" [bU]

"Facebook Update"="c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-07 137536]

"DWWISVCS"="compntui64.dll" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-27 77824]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]

.

c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

KODAK Software Updater.lnk - c:\program files (x86)\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

2;2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 257696]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/02 23:29];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 22:35 146928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-27 21:59]

.

2012-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job

- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41]

.

2012-06-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job

- c:\users\Jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-07 18:41]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 02:02]

.

2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000Core.job

- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-988965696-3072713576-3310776537-1000UA.job

- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 07:00]

.

2012-05-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.facebook.com/pages/Eastern-PA-Weather-Authority/240517726049175

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 208.59.247.45 208.59.247.46

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{64D7ECDD-7E88-4292-889B-046055145CD6}"=hex:51,66,7a,6c,4c,1d,38,12,b3,ef,c4,

60,ba,30,fc,07,f7,8d,47,20,50,4a,18,c2

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{5E07EBD4-381E-4F32-8CB9-8280222D9009}"=hex:51,66,7a,6c,4c,1d,38,12,ba,e8,14,

5a,2c,76,5c,0a,f3,af,c1,c0,27,73,d4,1d

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,

b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a7,d1,5f,06,d4,3c,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,04,fa,8a,7a,ef,3c,45,b5,43,ee,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-04 00:53:16

ComboFix-quarantined-files.txt 2012-06-04 04:53

.

Pre-Run: 560,353,710,080 bytes free

Post-Run: 560,161,476,608 bytes free

.

- - End Of File - - F70E9420DC80129344503706DAA1B653

MrCharlie · June 4, 2012

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

fireman5214 · June 4, 2012

out of the report above, this is the file that comes up after starting a computer up or restarting...

2012-05-15 01:17 . 2012-05-26 01:31 96256 ----a-w- c:\programdata\compntui64.dll

AND it gives me this error box:

There was a problem starting compntui64.dll

The specified module could not be found.

here is the report of MBAM (free version) Updated 6-4-12

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.04.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jason :: JASON-PC [administrator]

6/4/2012 12:53:22 PM

mbam-log-2012-06-04 (12-53-22).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 216405

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · June 4, 2012

It's definitely there is your logs but I'm not sure what it is:

C:\ProgramData\compntui64.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWWISVCS"="compntui64.dll" [bU]
uRun: [DWWISVCS] rundll32 "compntui64.dll",CreateProcessNotify

--------------------------------------------

Please up load it to VirusTotal for a free scan, let me know the results, just copy back the url.

C:\ProgramData\compntui64.dll

http://www.virustotal.com/

MrC

fireman5214 · June 4, 2012

is this what u wanted? and you have to click additional notes?

https://www.virustotal.com/file/fe8fbb0dfe0898dbcad734915c5ef809f0b5f9cc5e1553e5eef8912b02fc97e5/analysis/1338834711/

MrCharlie · June 4, 2012

That's what I wanted.

I'm not sure what it belongs to but lets delete it and see....

Using ComboFix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::
C:\ProgramData\compntui64.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWWISVCS"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

fireman5214 · June 5, 2012

i think i did this right, let me know....

boFix 12-06-04.02 - Jason 06/04/2012 18:06:04.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1911 [GMT -4:00]

Running from: c:\users\Jason\Desktop\ComboFix.exe

Command switches used :: c:\users\Jason\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\compntui64.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\compntui64.dll

c:\programdata\PCDr\5907\Downloads\d2475db4-153a-4cdd-a84a-1f6c794325f4.dll

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

2012-06-04 22:12 . 2012-06-04 22:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-06-04 22:12 . 2012-06-04 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-04 22:12 . 2012-06-04 22:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp