Of course right this second I cant remember what the heck I was going to ask,darn it, i will try again later, maybe my memory will be more with it. Oh oh oh, i was trying to use Mbam? and it wouldnt let me choose the language i wanted it to use to download, the choice scroll bar was scrolling up and down and wouldnt stop on english. Man o Man Computers give me a headache. Help if you think of something that will help me. Marie
MAribaba2,
Try uninstalling it then I recomend that you download LandzDown (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Save it to your desktop.
Now double-click thge ATF-Cleaner.exe to run it and under 'Main' tick the 'Select All' ( To keep yopur Passwords un-tick the password box)
then click 'Empty Selected' button.
Note
if you are using Firefox then after you have ticked the 'Select All' click on the 'NO' to keep your passwords.
Now after you have used ATF-Cleaner can you re-Boot (Re-Start) your PC then go and re-download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php).
GR@PH;<'S :Hammys pint:
@GR@PH;<'S -- Marie wasn't able to install Windows Defender Offline and also had problems with MBAM so I suggested she register & post here so we cold help.
Hi, Marie.
Let's take a look at what is on your computer. Please do the following:
Download
DDS.scr by sUBs and save it to your desktop:
Link (http://download.bleepingcomputer.com/sUBs/dds.scr)
- Double-Click dds.scr and a command window will appear. This is normal
- Shortly after two logs will appear, DDS.txt & Attach.txt
- A window will open instructing you save & post the logs
- Save the logs to a convenient place such as your desktop
- Copy the contents of both DDS.txt and Attach.txt logs and post in your next reply.
After DDS runs, there will be two logs. Click the Reply button and copy/paste both logs in a new reply here in this topic. When you click the Post button, the logs will appear below my comments here.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Blue room at 9:18:37 on 2012-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2378 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\PROGRA~2\iWonIE\bar\1.bin\idbarsvc.exe
C:\Windows\system32\lxcicoms.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Verizon Games Player\GPlayer.exe
C:\Users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iWonIE\bar\1.bin\idbrmon.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {70bd8aab-ad49-42f5-b1bd-240f078c1a11} - C:\Program Files (x86)\iWonIE\bar\1.bin\idSrcAs.dll
uURLSearchHooks: Maps Bar Toolbar: {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files (x86)\Maps_Bar\prxtbMap0.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mURLSearchHooks: Maps Bar Toolbar: {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files (x86)\Maps_Bar\prxtbMap0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No File
BHO: Search Assistant BHO: {6ddd1607-02d6-46b8-94a4-dc371e78bca1} - C:\Program Files (x86)\iWonIE\bar\1.bin\idSrcAs.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120330195145.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO: Toolbar BHO: {fc130ee2-5a2a-45a7-8e09-d2ca06c795a8} - C:\PROGRA~2\iWonIE\bar\1.bin\idbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: Maps Bar Toolbar: {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files (x86)\Maps_Bar\prxtbMap0.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: iWon Toolbar: {44843b6e-d44a-4b4f-bca4-559c86633dc6} - C:\Program Files (x86)\iWonIE\bar\1.bin\idbar.dll
TB: Maps Bar Toolbar: {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files (x86)\Maps_Bar\prxtbMap0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Exetender] "C:\Program Files (x86)\Verizon Games Player\GPlayer.exe" /runonstartup
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iWonIE Browser Plugin Loader] C:\PROGRA~2\iWonIE\bar\1.bin\idbrmon.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NWEReboot]
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Exetender] "C:\Program Files (x86)\Verizon Games Player\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\BLUERO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EXIFLA~1.LNK - C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE}
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{CA7634BD-5912-4500-A45B-10D578EB523B} : DhcpNameServer = 192.168.1.1 71.243.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-X64: MyWebSearch Search Assistant BHO - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO-X64: mwsBar BHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Search Assistant BHO: {6ddd1607-02d6-46b8-94a4-dc371e78bca1} - C:\Program Files (x86)\iWonIE\bar\1.bin\idSrcAs.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120330195145.dll
BHO-X64: scriptproxy - No File
BHO-X64: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO-X64: Updater For Verizon Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO-X64: Verizon Toolbar - No File
BHO-X64: Toolbar BHO: {fc130ee2-5a2a-45a7-8e09-d2ca06c795a8} - C:\PROGRA~2\iWonIE\bar\1.bin\idbar.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: Maps Bar Toolbar: {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files (x86)\Maps_Bar\prxtbMap0.dll
BHO-X64: Maps Bar - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: iWon Toolbar: {44843b6e-d44a-4b4f-bca4-559c86633dc6} - C:\Program Files (x86)\iWonIE\bar\1.bin\idbar.dll
TB-X64: Maps Bar Toolbar: {fe337d7b-1447-4780-9a52-48bdac438235} - C:\Program Files (x86)\Maps_Bar\prxtbMap0.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB-X64: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iWonIE Browser Plugin Loader] C:\PROGRA~2\iWonIE\bar\1.bin\idbrmon.exe
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NWEReboot]
mRun-x64: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun-x64: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 iWonIEService;iWon Toolbar Service;C:\PROGRA~2\iWonIE\bar\1.bin\idbarsvc.exe [2010-11-13 28766]
R2 lxci_device;lxci_device;C:\Windows\system32\lxcicoms.exe -service --> C:\Windows\system32\lxcicoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-30 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-30 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-30 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-30 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-30 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-30 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2011-7-4 34320]
R2 X5XSEx_Pr135;X5XSEx_Pr135;C:\Program Files (x86)\Verizon Games Player\X5XSEx.sys [2010-9-30 55328]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\DRIVERS\NW1950.sys --> C:\Windows\system32\DRIVERS\NW1950.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-7 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-7 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-3-30 225216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-30 249936]
.
=============== Created Last 30 ================
.
2012-04-13 13:13:48 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{409ECC40-0E48-433D-B1D0-27527F2B0E06}\mpengine.dll
2012-04-12 07:03:56 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:03:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00:41 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:40 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:40 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:39 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:00:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:00:39 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-07 09:27:35 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-06 01:30:04 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8DBA613-DC2A-4101-971B-6418B2D09E32}\gapaengine.dll
2012-04-06 01:28:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-06 01:28:21 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-03 11:07:02 -------- d-----w- C:\Program Files\iPod
2012-04-03 11:07:01 -------- d-----w- C:\Program Files\iTunes
2012-03-30 23:52:00 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-03-30 23:51:43 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-03-30 23:51:43 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-03-30 23:50:58 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-03-30 23:50:58 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-03-30 23:50:58 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-03-30 23:50:58 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-03-30 23:50:58 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-03-30 23:50:58 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-03-30 23:50:58 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-03-30 23:50:58 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-03-30 23:50:48 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-03-30 23:50:47 -------- d-----w- C:\Program Files\McAfee.com
2012-03-30 23:50:47 -------- d-----w- C:\Program Files\McAfee
2012-03-30 23:50:45 -------- d-----w- C:\Program Files (x86)\McAfee
2012-03-30 23:38:30 156792 ----a-r- C:\Windows\System32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38:28 639216 ----a-r- C:\Windows\System32\drivers\mfehidk.sys.e909.deleteme
2012-03-29 10:56:45 -------- d-----w- C:\Users\Blue room\AppData\Local\{A5E677C8-E71E-4251-84F2-A98D7CE0939A}
2012-03-26 10:36:16 -------- d-----w- C:\Users\Blue room\AppData\Local\{3B136ABB-AC30-41A3-A8FB-B286694E554E}
2012-03-26 10:36:05 -------- d-----w- C:\Users\Blue room\AppData\Local\{C903A7AE-FDBA-4524-B09B-EE664DDA3220}
2012-03-16 11:32:24 -------- d-----w- C:\ProgramData\Recovery
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 06:15:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-19 14:22:00 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 9:20:20.10 ===============
Hi, Marie.
Thank you for the log. Good job.
I know from what you have told me that you are not comfortable making changes to your computer. Please don't hesitate to stop and ask questions if at any time you don't understand my instructions.
1. Although you mentioned AVG (and I see signs of AVG on your computer) when you asked for help in the Microsoft Group, it appears from your log that McAfee is your regular antivirus software package. However, you also have Microsoft Security Essentials installed. If McAfee is your normal antivirus program, you need to uninstall Microsoft Security Essentials.
Please go to Control Panel > All Control Panel Items > Programs and Features. Wait for the list to populate and then scroll down the list and click
Microsoft Security Essentials. Click
Uninstall, located at the top of the list of programs.
Note: If McAfee is NOT your regular antivirus software, and you use a different program, please indicate in your next reply which program you want to keep.
2. After you have done the above, please download
Security Check by screen317 from
here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or
here (http://screen317.changelog.fr/SecurityCheck.exe).
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
3. Did you save a copy of
Attach.txt? If so, please locate that file, double-click to open it and copy/paste it in your next reply.
We need to do more steps to get your computer cleaned but let's take it one step at at time. Please let me know if you have any questions about the above instructions.
hello corinne
i have no problem making changes to the computer, its just not letting me or i dont know what to do, i will try and explain what happened, we had AVG as antivirus software and because that didnt work, we bought the McAfee software and since the computer was still misbehaving that is why i went to the microsoft thing on facebook i thought i'd give it a try, thinking this would help then i met you and here we are. i will try to find the attach.text.i thought it was with the other thing i sent you. i thought i had removed the avg and downloaded mcafee. is microsoft sec essential part of microsoft7? i will uninstall now
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee AntiVirus Plus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
Hi, Marie.
Yes, Microsoft Security Essentials is a free antivirus software provided by Microsoft. However, since you purchased McAfee, you have antivirus protection.
The Attach.txt is a separate log. If you don't see it, don't worry about it now. Instead, I am going to give you instructions for a very powerful program that will help us take care of the undesirable adware and browser highjacks on your computer.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
how do i save to desktop
Hi, Marie.
Since you use Internet Explorer, right-click Link1 above and when the prompt opens, click "Save target as". When the "Save as" box opens, it will probably show your Downloads folder. Click on your username and when the list appears, scroll down the "Name" column until you see Desktop. When the Desktop folder opens, click the Save button.
my user name isnt in the downloads folder and now the darn key board isnt working, thank goodness for touch screen
Hi, Marie.
You are looking for C:\Users\Blue room\Desktop
darn it it says to dis-able mcafee and i cant figure out how do that should i just uninstall it
Hi, Marie.
The reason for that is because antivirus programs interfere with ComboFix's removal process. See the instructions at McAfee Communities: How to Disable Mcaffee Antivirus Plus? (https://community.mcafee.com/thread/43708?start=0&tstart=0). As I recall you are using the Windows Firewall, the second section of those instructions will not likely apply to you.
i removed mcafee and ran combofix and this is message i got
almost done.. this window will close in a short while. please wait a few seconds for the report log to pop up combofix's log shall be located at c:\combofix.txt
dumphive.3xe has stopped working
A problem caused the program to stop workingcorrectly. Windows will close the program and notify you if a solution is available
then ina box it said close program
so now what?
Hi, Marie.
Look on your computer to see if there is a c:\combofix.txt. If so, please open it and copy/paste it as a reply. If it isn't there, restart the computer and check again to see if it was created.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2664 [GMT -4:00]
Running from: c:\users\Blue room\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\iWonIE\bar\1.bin\idBAr.dll
c:\program files (x86)\FunWebProducts
c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
c:\program files (x86)\iWonIE\bar\1.bin\idBAr.dll
c:\program files (x86)\iWonIE\bar\1.bin\idSRcas.dll
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\SPL1064.tmp
c:\programdata\SPL2CF9.tmp
c:\programdata\SPLA3D.tmp
c:\programdata\SPLFCCD.tmp
c:\windows\SysWow64\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Dale\AppData\Local\temp
2012-04-14 22:11 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C09B0600-C8AE-4A10-850C-387BACC0ADA4}\mpengine.dll
2012-04-12 07:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iPod
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iTunes
2012-03-30 23:51 . 2012-04-15 01:50 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-30 23:50 . 2012-04-15 01:50 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-30 23:50 . 2012-03-30 23:52 -------- d-----w- c:\program files\McAfee
2012-03-30 23:50 . 2012-04-02 10:02 -------- d-----w- c:\program files (x86)\McAfee
2012-03-30 23:38 . 2011-03-13 15:20 156792 ----a-r- c:\windows\system32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38 . 2011-03-13 15:20 639216 ----a-r- c:\windows\system32\drivers\mfehidk.sys.e909.deleteme
2012-03-16 11:32 . 2012-03-16 11:32 -------- d-----w- c:\programdata\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 06:15 . 2011-05-17 11:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-09-25 00:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 14:22 . 2010-10-05 12:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 10:44 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:44 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 10:44 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 10:44 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 10:44 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fe337d7b-1447-4780-9a52-48bdac438235}"= "c:\program files (x86)\Maps_Bar\prxtbMap0.dll" [2011-01-17 175912]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2011-03-06 356864]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{fe337d7b-1447-4780-9a52-48bdac438235}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ----a-w- c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-03-06 16:45 1528320 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ----a-w- c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fe337d7b-1447-4780-9a52-48bdac438235}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Maps_Bar\prxtbMap0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fe337d7b-1447-4780-9a52-48bdac438235}"= "c:\program files (x86)\Maps_Bar\prxtbMap0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2011-03-06 1528320]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{fe337d7b-1447-4780-9a52-48bdac438235}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-05 39408]
"Facebook Update"="c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-09 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"iWonIE Browser Plugin Loader"="c:\progra~2\iWonIE\bar\1.bin\idbrmon.exe" [2010-11-13 20480]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
.
c:\users\Blue room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-7 293950]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-6 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);c:\users\BLUERO~1\AppData\Local\Temp\011514~1.EXE
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 iWonIEService;iWon Toolbar Service;c:\progra~2\iWonIE\bar\1.bin\idbarsvc.exe [2010-11-13 28766]
S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
S2 X5XSEx_Pr135;X5XSEx_Pr135;c:\program files (x86)\Verizon Games Player\X5XSEx.Sys [2010-03-11 55328]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000Core.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000UA.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-11 c:\windows\Tasks\HPCeeScheduleForBlue room.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-04-14 c:\windows\Tasks\HPCeeScheduleForDale.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-06-22 3866624]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"combofix"="c:\combofix\CF30285.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FE337D7B-1447-4780-9A52-48BDAC438235} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-14 21:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 01:59
.
Pre-Run: 657,341,628,416 bytes free
Post-Run: 657,123,930,112 bytes free
.
- - End Of File - - 39CDDED31204061C7726F0164E230212
Great job, Marie!
I have some things to tend to and it will take me a bit of time to completely review your log. In the meantime, please provide the following:
Please provide an extra ComboFix report
- Push the "Windows Key" + "R" (between the "Ctrl" button and "Alt" Button) or click the Start Orb and type run in the search box.
- Please copy and past the following into the box: C:\Qoobox\Add-Remove Programs.txt
- click Ok
Copy and paste the report into this topic for me to review.
Hi, Marie.
One more thing -- as I examine your log, there are a lot of IE toolbars, most of which have "trackware" capabilities. In other words, they track what you do on the internet. A couple of the worst offenders have already been removed by ComboFix but, in addition to remnants, are there any toolbars you actually use that you don't want me to have removed?
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bejeweled 3
Bejeweled(R) 3
Big Fish Games: Game Manager
Buttons & OSDs control application gen3
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.1
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Conduit Engine
CopyTrans Suite Remove Only
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
DirectX for Managed Code Update (Summer 2004)
Dogpile Bundle Toolbar
DVD Menu Pack for HP TouchSmart Video
Evernote v. 4.1
Facebook Messenger 2.0.4478.0
FinePixViewer Ver.5.5
Forgotten Places - Lost Circus
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
Hidden Expedition ® - Devil's Triangle
Hoyle Word Games
HP Advisor
HP Customer Experience Enhancements
HP Desktop Keyboard
HP Games
HP MediaSmart DVD
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart
HP TouchSmart Browser
HP TouchSmart Calendar
HP TouchSmart Canvas
HP TouchSmart Clock
HP TouchSmart Music/Photo/Video
HP TouchSmart Notes
HP TouchSmart RecipeBox
HP TouchSmart RSS
HP TouchSmart Tutorials
HP TouchSmart Twitter
HP TouchSmart Weather
HP TouchSmart Webcam
HP Update
Hulu Desktop
iWin Games (remove only)
iWon Toolbar
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LabelPrint
Maps Bar Toolbar
Mesh Runtime
Messenger Companion
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Movie Theme Pack for HP TouchSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files ®: 13th Skull ™ Collector's Edition
Mystery Case Files: 13th Skull (remove only)
Nightmare on the Pacific
OverDrive Media Console
Power2Go
PowerDirector
Presto! PageManager 7.12.10
Print to Fax
QuickTime
Recovery Manager
Rhapsody
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
SoundMAX
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Verizon Games Player
Verizon Toolbar
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar
Hi, Marie.
Most likely, all of these were added as third-party downloads:
Ask Toolbar
ConduitEngine
Dogpile Bundle Toolbar
Google Toolbar for Internet Explorer
iWon Toolbar
Maps Bar Toolbar
Yahoo! Toolbar
i would like to keep google toolbar for internet explorer, thank you
Thank you, Marie.
Let's start by removing the toolbars that have entries in Add/Remove programs. Please go to Control Panel > All Control Panel Items > Programs and Features. Wait for the list to populate and then scroll down the list. Start with the first listed below, click Uninstall, located at the top of the list of programs, following the same procedure with each of the others:
Ask Toolbar
Ask Toolbar Updater
Conduit Engine
Dogpile Bundle Toolbar
iWon Toolbar
Maps Bar Toolbar
Yahoo! Toolbar
After you have done the above, please do the following:
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 12-04-14.03 - Blue room 04/14/2012 21:31:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2664 [GMT -4:00]
Running from: c:\users\Blue room\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\iWonIE\bar\1.bin\idBAr.dll
c:\program files (x86)\FunWebProducts
c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
c:\program files (x86)\iWonIE\bar\1.bin\idBAr.dll
c:\program files (x86)\iWonIE\bar\1.bin\idSRcas.dll
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\SPL1064.tmp
c:\programdata\SPL2CF9.tmp
c:\programdata\SPLA3D.tmp
c:\programdata\SPLFCCD.tmp
c:\windows\SysWow64\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Dale\AppData\Local\temp
2012-04-14 22:11 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C09B0600-C8AE-4A10-850C-387BACC0ADA4}\mpengine.dll
2012-04-12 07:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iPod
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iTunes
2012-03-30 23:51 . 2012-04-15 01:50 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-30 23:50 . 2012-04-15 01:50 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-30 23:50 . 2012-03-30 23:52 -------- d-----w- c:\program files\McAfee
2012-03-30 23:50 . 2012-04-02 10:02 -------- d-----w- c:\program files (x86)\McAfee
2012-03-30 23:38 . 2011-03-13 15:20 156792 ----a-r- c:\windows\system32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38 . 2011-03-13 15:20 639216 ----a-r- c:\windows\system32\drivers\mfehidk.sys.e909.deleteme
2012-03-16 11:32 . 2012-03-16 11:32 -------- d-----w- c:\programdata\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 06:15 . 2011-05-17 11:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-09-25 00:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 14:22 . 2010-10-05 12:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 10:44 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:44 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 10:44 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 10:44 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 10:44 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fe337d7b-1447-4780-9a52-48bdac438235}"= "c:\program files (x86)\Maps_Bar\prxtbMap0.dll" [2011-01-17 175912]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2011-03-06 356864]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{fe337d7b-1447-4780-9a52-48bdac438235}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ----a-w- c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-03-06 16:45 1528320 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ----a-w- c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fe337d7b-1447-4780-9a52-48bdac438235}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Maps_Bar\prxtbMap0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fe337d7b-1447-4780-9a52-48bdac438235}"= "c:\program files (x86)\Maps_Bar\prxtbMap0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2011-03-06 1528320]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{fe337d7b-1447-4780-9a52-48bdac438235}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-05 39408]
"Facebook Update"="c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-09 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"iWonIE Browser Plugin Loader"="c:\progra~2\iWonIE\bar\1.bin\idbrmon.exe" [2010-11-13 20480]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
.
c:\users\Blue room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-7 293950]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-6 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);c:\users\BLUERO~1\AppData\Local\Temp\011514~1.EXE
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 iWonIEService;iWon Toolbar Service;c:\progra~2\iWonIE\bar\1.bin\idbarsvc.exe [2010-11-13 28766]
S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
S2 X5XSEx_Pr135;X5XSEx_Pr135;c:\program files (x86)\Verizon Games Player\X5XSEx.Sys [2010-03-11 55328]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000Core.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000UA.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-11 c:\windows\Tasks\HPCeeScheduleForBlue room.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-04-14 c:\windows\Tasks\HPCeeScheduleForDale.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-06-22 3866624]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"combofix"="c:\combofix\CF30285.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FE337D7B-1447-4780-9A52-48BDAC438235} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-14 21:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 01:59
.
Pre-Run: 657,341,628,416 bytes free
Post-Run: 657,123,930,112 bytes free
.
- - End Of File - - 39CDDED31204061C7726F0164E230212
yesterday when i threw the CFScript into the combofix and then i couldnt use the internet any which way i threw my hands up and turned the computer off, and was truly horrified , i felt totally let down, i was going to take itto the store to see if the could do anything with it this morning . so i thought i would turn it on one last time this am, to see if it would do anything, when i started getting instant messages from facebook, then things began to look up, i realised the internet must still be connected somehow, oh man, that was truly frightening yesterday .. so heres the log that nearly gave me a heart attack
Hi, Marie.
There was nothing in the script that I gave you that would have resulted in not being able to connect to the Internet.
The log you posted is the log from the first run of ComboFix, not from running ComboFix yesterday. Hold down the Windows Key and the "R" key. A run box will appear. Copy and paste the following: C:\Qoobox\ComboFix2.txt then click OK
Notepad will open with a log. Post the contents of that log in your next reply.
it will not allow me to put the copied info ito the run spot
Hi, Marie.
In that case, just navigate to C:\Qoobox\ComboFix2.txt (Click Computer > OS (C:) > Qoobox and then double-click ComboFix2.txt. It will open in Notepad. Copy/paste the results as a reply.)
Thanks!
ComboFix 12-04-14.03 - Blue room 04/14/2012 21:31:46.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2664 [GMT -4:00]
Running from: c:\users\Blue room\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\iWonIE\bar\1.bin\idBAr.dll
c:\program files (x86)\FunWebProducts
c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
c:\program files (x86)\iWonIE\bar\1.bin\idBAr.dll
c:\program files (x86)\iWonIE\bar\1.bin\idSRcas.dll
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\SPL1064.tmp
c:\programdata\SPL2CF9.tmp
c:\programdata\SPLA3D.tmp
c:\programdata\SPLFCCD.tmp
c:\windows\SysWow64\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 01:49 . 2012-04-15 01:49 -------- d-----w- c:\users\Dale\AppData\Local\temp
2012-04-14 22:11 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C09B0600-C8AE-4A10-850C-387BACC0ADA4}\mpengine.dll
2012-04-12 07:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iPod
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iTunes
2012-03-30 23:51 . 2012-04-15 01:50 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-30 23:50 . 2012-04-15 01:50 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-30 23:50 . 2012-03-30 23:52 -------- d-----w- c:\program files\McAfee
2012-03-30 23:50 . 2012-04-02 10:02 -------- d-----w- c:\program files (x86)\McAfee
2012-03-30 23:38 . 2011-03-13 15:20 156792 ----a-r- c:\windows\system32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38 . 2011-03-13 15:20 639216 ----a-r- c:\windows\system32\drivers\mfehidk.sys.e909.deleteme
2012-03-16 11:32 . 2012-03-16 11:32 -------- d-----w- c:\programdata\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 06:15 . 2011-05-17 11:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-09-25 00:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 14:22 . 2010-10-05 12:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 10:44 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:44 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 10:44 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 10:44 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 10:44 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fe337d7b-1447-4780-9a52-48bdac438235}"= "c:\program files (x86)\Maps_Bar\prxtbMap0.dll" [2011-01-17 175912]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2011-03-06 356864]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{fe337d7b-1447-4780-9a52-48bdac438235}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ----a-w- c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-03-06 16:45 1528320 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ----a-w- c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fe337d7b-1447-4780-9a52-48bdac438235}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Maps_Bar\prxtbMap0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fe337d7b-1447-4780-9a52-48bdac438235}"= "c:\program files (x86)\Maps_Bar\prxtbMap0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2011-03-06 1528320]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{fe337d7b-1447-4780-9a52-48bdac438235}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-05 39408]
"Facebook Update"="c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-09 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"iWonIE Browser Plugin Loader"="c:\progra~2\iWonIE\bar\1.bin\idbrmon.exe" [2010-11-13 20480]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
.
c:\users\Blue room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-7 293950]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-6 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);c:\users\BLUERO~1\AppData\Local\Temp\011514~1.EXE
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2011-04-08 176848]
S2 iWonIEService;iWon Toolbar Service;c:\progra~2\iWonIE\bar\1.bin\idbarsvc.exe [2010-11-13 28766]
S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
S2 X5XSEx_Pr135;X5XSEx_Pr135;c:\program files (x86)\Verizon Games Player\X5XSEx.Sys [2010-03-11 55328]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000Core.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000UA.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-11 c:\windows\Tasks\HPCeeScheduleForBlue room.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-04-14 c:\windows\Tasks\HPCeeScheduleForDale.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-06-22 3866624]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"combofix"="c:\combofix\CF30285.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{FE337D7B-1447-4780-9A52-48BDAC438235} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-14 21:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 01:59
.
Pre-Run: 657,341,628,416 bytes free
Post-Run: 657,123,930,112 bytes free
.
- - End Of File - - 39CDDED31204061C7726F0164E230212
Hi, Marie.
That isn't
C:\Qoobox\ComboFix2.txt. If that was the only log, it appears that ComboFix never ran or didn't complete running.
Let's see what an online scan shows, please. Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
les (x86)\iWonIE\bar\1.bin\iddatact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\iWonIE\bar\1.bin\idhtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Program Files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files (x86)\iWonIE\bar\1.bin\idskin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\RealArcade\Installer\GameHouse-Installer_am-gamehousesudokuunlimited_gamehouse_.exe Win32/OpenCandy application
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddatact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idskin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Users\Dale\AppData\Local\mwsauto.exe a variant of Win32/Toolbar.MyWebSearch.K application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00021d30).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000251a8).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000257df).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000289c7).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000295c9).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000296d2).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002a6e8).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002b2da).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002b653).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002b911).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002bbfe).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002d7d7).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002dcf6).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002e687).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000324ed).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00032f0b).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000338ea).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00040fe7).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000444eb).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000562a8).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0005a10f).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0006335f).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00071257).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000a0f4b).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000b22eb).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(003340e7).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(003d38cc).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(003d4c2d).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00516bae).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(005da40d).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00710c13).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(007d0790).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00af9f8c).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00cc5535).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00e00773).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0101d981).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(01699d4f).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(01a55346).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02270548).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02beb49d).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02bff9a8).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02c414f5).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0304ea4e).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0312c86c).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0334d172).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03994397).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03c4c4a9).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03cafc8a).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03ff7bc8).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0451a6b0).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(05763a4e).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(05a63041).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(06247a1e).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(066040f7).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(06a4c351).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(06cba45d).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(075931fe).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(07f2a675).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(08010170).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(082c552c).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0835b7b5).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0a3a257f).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0d090419).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0e1f35c9).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0e8e28c1).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0fd2fecb).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(15a1ce47).exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\11E9AC34.exe a variant of Win32/Toolbar.MyWebSearch.K application
Hi, Marie.
Even though the ESET log got cut off, what we have shows additional issues that need to be addressed.
I need you to run ComboFix again. Make sure that when it is running, you don't have any other programs running, that you close McAfee as you did during the first run, and do not click on the ComboFix window while it is running. After I see the results of this next scan, we'll see where things stand.
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below. (Tip: Clicking [Select] next to the Code tag will automatically select all the text):
DDS::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
Folder::
C:\Program Files (x86)\iWonIE
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE
C:\Users\Dale\AppData\LocalLow\MyWebSearch
File:
GameHouse-Installer_am-gamehousesudokuunlimited_gamehouse_.exe
mwsauto.exe
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
once again dumphive.3xe has stopped working correctly. windows will close the program and notify you if a solution is available. then inside square close program
now what?does this happen often to people using this program?
Hi, Marie.
No, this is not a common error. Please try running Combofix in SafeMode.
Restart your computer in
SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
If you're like me, you may need to repeatedly click F8 as your computer is starting. :) Also, if you have not been in Safe Mode before, please note that limited drivers are loaded so it will look a bit strange.
Now what? once i've run the combofix in safemode, do i have to be in safemode to get a repot or something?
Hi, Maria.
Did your computer restart? If so, it should have started in normal mode and a log presented. If no log popped up, go to C:\Qoobox\ComboFix2.txt (Click Computer > OS (C:) > Qoobox and then double-click ComboFix2.txt. It will open in Notepad. Copy/paste the results as a reply.
Note: ComboFix2.txt will have today's date and time that it was run, i.e., 2012-04-19 + time
combofix2.txt is dated 4/7
there is another file but it is not under Qoobox, 4/19 date combofix / en-us but it wont open in notepad
Ok, lets try this so I can get an idea of what has been removed.
Locate
C:\Qoobox\ComboFix-quarantined-files.txt and check the date. If it is dated 4/19, please copy/paste it as a reply. If it is a different date, please just tell me what the date is.
In addition, let's see a fresh DDS log.
- Double-Click dds.scr and a command window will appear. This is normal
- After the log(s) appear, please save DDS.txt to a convenient location, such as your desktop
- Copy the contents of DDS.txt and post in your next reply.
sorry the date of the combofix2.txt is 4/16
and how do i find the dds.scr? Have I done this before?
Hi, Marie.
This time I was looking for a different file but that's ok. Let's see what shows in the DDS log. It was back at the beginning so understandable that you forgot about it. :)
You may have saved DDS to your download folder or on your desktop. If you cannot find it, you can download a fresh copy. See the original instructions here: http://www.landzdown.com/analysis-and-malware-removal/trying-to-use-windows-defender-offline/msg152479/#msg152479
Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Blue room at 20:17:48 on 2012-04-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2482 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\PROGRA~2\iWonIE\bar\1.bin\idbarsvc.exe
C:\Windows\system32\lxcicoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Verizon Games Player\GPlayer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iWonIE\bar\1.bin\idbrmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Exetender] "C:\Program Files (x86)\Verizon Games Player\GPlayer.exe" /runonstartup
uRun: [Facebook Update] "C:\Users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iWonIE Browser Plugin Loader] C:\PROGRA~2\iWonIE\bar\1.bin\idbrmon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Exetender] "C:\Program Files (x86)\Verizon Games Player\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\BLUERO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EXIFLA~1.LNK - C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE}
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{CA7634BD-5912-4500-A45B-10D578EB523B} : DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO-X64: Updater For Verizon Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO-X64: Verizon Toolbar - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iWonIE Browser Plugin Loader] C:\PROGRA~2\iWonIE\bar\1.bin\idbrmon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 iWonIEService;iWon Toolbar Service;C:\PROGRA~2\iWonIE\bar\1.bin\idbarsvc.exe [2010-11-13 28766]
R2 lxci_device;lxci_device;C:\Windows\system32\lxcicoms.exe -service --> C:\Windows\system32\lxcicoms.exe -service [?]
R2 X5XSEx_Pr135;X5XSEx_Pr135;C:\Program Files (x86)\Verizon Games Player\X5XSEx.sys [2010-9-30 55328]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\DRIVERS\NW1950.sys --> C:\Windows\system32\DRIVERS\NW1950.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);C:\Users\BLUERO~1\AppData\Local\Temp\011514~1.EXE -cleanup -nolog --> C:\Users\BLUERO~1\AppData\Local\Temp\011514~1.EXE -cleanup -nolog [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-7 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-7 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-19 11:33:19 -------- d-----w- C:\ComboFix
2012-04-18 23:34:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-18 10:44:04 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-17 11:56:02 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{227DB4FB-C460-4D7C-BAEB-941C8E75AC73}\mpengine.dll
2012-04-15 01:27:25 98816 ----a-w- C:\Windows\sed.exe
2012-04-15 01:27:25 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-15 01:27:25 256000 ----a-w- C:\Windows\PEV.exe
2012-04-15 01:27:25 208896 ----a-w- C:\Windows\MBR.exe
2012-04-12 07:03:56 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:03:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00:41 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:40 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:40 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:39 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:00:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:00:39 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-03 11:07:02 -------- d-----w- C:\Program Files\iPod
2012-04-03 11:07:01 -------- d-----w- C:\Program Files\iTunes
2012-03-30 23:52:00 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-03-30 23:51:43 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-03-30 23:50:48 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-03-30 23:50:47 -------- d-----w- C:\Program Files\McAfee.com
2012-03-30 23:50:47 -------- d-----w- C:\Program Files\McAfee
2012-03-30 23:50:45 -------- d-----w- C:\Program Files (x86)\McAfee
2012-03-30 23:38:30 156792 ----a-r- C:\Windows\System32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38:28 639216 ----a-r- C:\Windows\System32\drivers\mfehidk.sys.e909.deleteme
2012-03-29 10:56:45 -------- d-----w- C:\Users\Blue room\AppData\Local\{A5E677C8-E71E-4251-84F2-A98D7CE0939A}
2012-03-26 10:36:16 -------- d-----w- C:\Users\Blue room\AppData\Local\{3B136ABB-AC30-41A3-A8FB-B286694E554E}
2012-03-26 10:36:05 -------- d-----w- C:\Users\Blue room\AppData\Local\{C903A7AE-FDBA-4524-B09B-EE664DDA3220}
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 06:15:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 14:22:00 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:18:53.05 ===============
I sure hope this is what you wanted, i dont know how to zip the attach file that you want, or is it part of this?
Hi, Marie.
This is what I needed. It shows that ComboFix apparently didn't run in safe mode. I need to be fresh to decide what I want you to do next. If you are going to be connected to the Internet, be sure to reactive McAfee.
maybe it did run and i cant figure out how to save it and send it. I dont know. Not the brightest when it comes to computers, but i do try, really really hard to get it. Let me know if you have had enough of me or what i should do next.
Hi, Marie.
No, I have not "had enough of you"!!! We all have different experience levels. Based on what shows in the DDS log you posted, I can see that ComboFix didn't run.
To determine whether the issue that you are experiencing is caused by one or more system files that are used by Windows, run the System File Checker tool. The System File Checker tool scans system files and replaces incorrect versions of the system files by using the correct versions.
To run the System File Checker tool, follow these steps:
- Click Start, and then type cmd in the Start Search box.
- Right-click cmd in the Programs list, and then click Run as administrator.
- If you are prompted for an administrator password or confirmation, type your password or click Continue
- At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the forward slash)
- When the scan is complete, please shutdown/restart your computer.
Let me know if any errors were found and fixed.
I got as far as start then cmd then C:\User\Blue room came up so i typed in sfc \scannow
and it says "you must be an administrator running a console session in order to use the sfc utility
geez louise cant anything be easy, i guess not
Hi, Marie.
You need to right-click cmd and select Run as Administrator. When you receive the UAC prompt asking if you wish to allow it, click Continue. When the black box comes up, next to C:\Windows\system32> type sfc \scannow
Windows Resource Protection did not find any integrity violations
Good job, Marie!
Ok, let's try a fresh copy of ComboFix. What I want you to do is right-click the ComboFix icon on your desktop and select "delete". download a new copy of ComboFix from
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
!!! IMPORTANT !!! Save ComboFix.exe to your Desktop -- Previous instructions: right-click Link1 above and when the prompt opens, click "Save target as". When the "Save as" box opens, it will probably show your Downloads folder. Click on your username and when the list appears, scroll down the "Name" column until you see Desktop. When the Desktop folder opens, click the Save button.
Next, please run ComboFix again. Make sure that when it is running, you don't have any other programs running, that you close McAfee as you did during the first run, and
do not click on the ComboFix window while it is running.
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below. (Tip: Clicking [Select] next to the Code tag will automatically select all the text):
DDS::
mRun: [iWonIE Browser Plugin Loader]
mRun-x64: [iWonIE Browser Plugin Loader]
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
Folder::
C:\Program Files (x86)\iWonIE
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE
C:\Users\Dale\AppData\LocalLow\MyWebSearch
File:
GameHouse-Installer_am-gamehousesudokuunlimited_gamehouse_.exe
mwsauto.exe
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
i cannot get it save the code stuff in notepad
Hi, Marie.
You can do it!
- Open Notepad.
- With Internet Explorer, click Select from the code box in the above instructions, as illustrated in the image below.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FSelectTxt.jpg&hash=d529bf512e14c044f21feb86d434ce16e65fa1b3)
- With your mouse in the box, right-click with your mouse and select copy as shown:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FCopy.jpg&hash=c3f73c2a7774b76a68587f2d2af9f6871f38f6a9)
- Then return to Notepad and right-click your mouse in the open space and select paste.
- In Notepad, select File, Save as.
- In the file name, it should read CFScript.txt
- Save the file to C:\Users\Blue room\Desktop
- As indicated in the screenshot above, drag CFScript.txt onto ComboFix.exe.
ComboFix 12-04-20.03 - Blue room 04/20/2012 21:05:43.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2574 [GMT -4:00]
Running from: c:\users\Blue room\Desktop\ComboFix.exe
Command switches used :: c:\users\Blue room\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iWonIE
c:\program files (x86)\iWonIE\bar\1.bin\idauxstb.dll
c:\program files (x86)\iWonIE\bar\1.bin\idbarsvc.exe
c:\program files (x86)\iWonIE\bar\1.bin\idbrmon.exe
c:\program files (x86)\iWonIE\bar\1.bin\idbrstub.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddatact.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddlghk.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddyn.dll
c:\program files (x86)\iWonIE\bar\1.bin\idfeedmg.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhighin.exe
c:\program files (x86)\iWonIE\bar\1.bin\idhtml.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhttpct.dll
c:\program files (x86)\iWonIE\bar\1.bin\ididle.dll
c:\program files (x86)\iWonIE\bar\1.bin\idimpipe.exe
c:\program files (x86)\iWonIE\bar\1.bin\idmedint.exe
c:\program files (x86)\iWonIE\bar\1.bin\idmlbtn.dll
c:\program files (x86)\iWonIE\bar\1.bin\idmsg.dll
c:\program files (x86)\iWonIE\bar\1.bin\idradio.dll
c:\program files (x86)\iWonIE\bar\1.bin\idregiet.dll
c:\program files (x86)\iWonIE\bar\1.bin\idscript.dll
c:\program files (x86)\iWonIE\bar\1.bin\idskin.dll
c:\program files (x86)\iWonIE\bar\1.bin\idskplay.exe
c:\program files (x86)\iWonIE\bar\1.bin\LOGO.BMP
c:\program files (x86)\iWonIE\bar\Message\COMMON.T8S
c:\program files (x86)\iWonIE\bar\Settings\s_pid.dat
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idauxstb.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbar.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbarsvc.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbrmon.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbrstub.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddatact.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddlghk.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddyn.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idfeedmg.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhighin.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtml.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhttpct.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\ididle.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idimpipe.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idmedint.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idmlbtn.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idmsg.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idradio.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idregiet.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idscript.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idskin.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idskplay.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idSrcAs.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\LOGO.BMP
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\Message\COMMON.T8S
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\Settings\s_pid.dat
c:\users\Dale\AppData\LocalLow\MyWebSearch
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03344A2A
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03344FE4
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\033451A8.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\033455AE.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03345715.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\033458AA.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03345A50.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA6FF.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA7AB.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA866.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA99E.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FAA0B.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\11E9AC34.exe
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\History\search3
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 01:22 . 2012-04-21 01:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-21 01:22 . 2012-04-21 01:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-21 01:22 . 2012-04-21 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-21 01:22 . 2012-04-21 01:22 -------- d-----w- c:\users\Dale\AppData\Local\temp
2012-04-20 20:29 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1154B277-D685-401A-98FF-625E992EE00C}\mpengine.dll
2012-04-18 10:44 . 2012-04-18 10:44 -------- d-----w- c:\program files (x86)\ESET
2012-04-12 07:03 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:03 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iPod
2012-04-03 11:07 . 2012-04-03 11:07 -------- d-----w- c:\program files\iTunes
2012-03-30 23:51 . 2012-04-15 01:50 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-30 23:50 . 2012-04-15 01:50 -------- d-----w- c:\program files\Common Files\McAfee
2012-03-30 23:50 . 2012-03-30 23:52 -------- d-----w- c:\program files\McAfee
2012-03-30 23:50 . 2012-04-02 10:02 -------- d-----w- c:\program files (x86)\McAfee
2012-03-30 23:38 . 2011-03-13 15:20 156792 ----a-r- c:\windows\system32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38 . 2011-03-13 15:20 639216 ----a-r- c:\windows\system32\drivers\mfehidk.sys.e909.deleteme
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 06:15 . 2011-05-17 11:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-09-25 00:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 14:22 . 2010-10-05 12:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 10:44 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:44 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 10:44 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 10:44 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 10:44 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-20_20.04.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 07:50 . 2012-04-20 20:30 64568 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-20 20:30 51576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-25 00:03 . 2012-04-20 20:30 20914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-160595772-3988206056-4187848903-1000_UserData.bin
+ 2012-04-21 01:23 . 2012-04-21 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 20:03 . 2012-04-20 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 20:03 . 2012-04-20 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-21 01:23 . 2012-04-21 01:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-20 20:03 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-21 01:22 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-25 00:24 . 2012-04-21 01:22 3774000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-25 00:24 . 2012-04-20 20:03 3774000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-08 01:17 . 2012-04-21 01:22 7166364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-160595772-3988206056-4187848903-1000-8192.dat
- 2010-12-08 01:17 . 2012-04-20 20:03 7166364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-160595772-3988206056-4187848903-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ----a-w- c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ----a-w- c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
"Facebook Update"="c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-09 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
.
c:\users\Blue room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-7 293950]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-6 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);c:\users\BLUERO~1\AppData\Local\Temp\011514~1.EXE
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 iWonIEService;iWon Toolbar Service;c:\progra~2\iWonIE\bar\1.bin\idbarsvc.exe
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
S2 X5XSEx_Pr135;X5XSEx_Pr135;c:\program files (x86)\Verizon Games Player\X5XSEx.Sys [2010-03-11 55328]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000Core.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000UA.job
- c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleForBlue room.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-04-20 c:\windows\Tasks\HPCeeScheduleForDale.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-20 21:36:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 01:36
ComboFix2.txt 2012-04-20 20:17
ComboFix3.txt 2012-04-16 22:04
ComboFix4.txt 2012-04-15 01:59
.
Pre-Run: 654,452,219,904 bytes free
Post-Run: 654,166,188,032 bytes free
.
- - End Of File - - 39BE9D7A70F9A555BCC833FE65EFB2B2
Yippee!!! :dance:
Great job, Marie! Seeing as how its getting late for me, I'll take a fresh look at the new log tomorrow. In the meantime, how is your computer running?
Make sure you restart McAfee.
Thank you, it seems to be running better, do you know how to make the sound come back on so i can listen to my itunes? it says i dont have a driver, but i had to have had one before, because i did listen to music on here before.
I thought it was better til i tried to reinstall mcafee.
Hi, Marie.
No changes were made to iTunes or any of the audio files.
1) Is the volume icon in the "notification area" (system tray)? If yes, proceed to #2. If no, right-click in the task bar near the time display and you will get a pop up menu.
-- Click on properties.
-- Under system icons to always show, check volume.
-- Click Apply.
2) Is it only iTunes or all sound? If you can hear http://www.youtube.com/watch?v=Nl9WMIPzd6w&feature=related please proceed to #3.
3) Try re-installing iTunes, being careful to UNcheck the two optional e-mails if you don't want them: http://www.apple.com/itunes/download/
Let me know how you make out.
Hi Corrine the sound went out as soon as we started having problems with the darn computer. so do you have any more ideas for how to fix the computer? and how I can get the scroll bar to stop bouncing up and down so I can choose an option if i wanted?
Hi, Marie.
1) Sound: Please confirm whether it is only iTunes or if you have no sound when playing the YouTube I linked to above.
2) Scroll bar: Please provide specific details about your HP computer and the mouse. Is your computer a desktop or laptop and what model is it? What type of mouse do you use (make/model). Is it wireless? Is it plugged in to a USB port?
ok no sound with itunes or youtube that you linked me to.
HP touchsmart 300 desktop logitech wireless
i dont know if i answered you correctly or not
Hi, Marie.
Since we've moved beyond malware issues -- and your computer appears clean now, let's finish remove ComboFix and reinstall McAfee.
Please do the following to implement cleanup procedures and also to reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).
SoundAfter doing that, please see the instructions at HP for your computer that addresses "no sound":
No Sound from the Speakers (Windows 7) HP TouchSmart 300-1025 Desktop PC - HP Customer Care (United States - English) (http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01884922&lc=en&dlc=en&cc=us&product=4007378&lang=en).
Erratic ScrollFor the scroll problem, I found this at HP (http://h30434.www3.hp.com/t5/TouchSmart-PC/Touchsmart-300-rapid-screen-scrolling/td-p/629923):
QuoteIt is possible that the TouchSmart is interpreting certain touches as 'flicks'. You can turn these off by going to Control
Panel > Pen and Touch and click on the tab called "Flicks" and uncheck the box that says "Use flicks to perform common actions quickly and easily" then click OK.
Please let me know how make out.
Hi Corrine i have tried to put combofix/Uninstall in the box in run and it will not allow it.
Hi, Marie.
Make sure that there is a space after combofix.
In the run box is C:\qoobox\add-remove programs.txt and it will not let me put anything else in the box
Click in the run box and delete the text that is there. Then type in combofix /uninstall
It will not allow me to delete
Marie,
Try it again.
Click Start
Type run
When Run shows up in the list, click it to launch the window
When the window opens, the existing text in the box will be highlighted
Click the delete key on your keyboard
Then type combofix /uninstall
Click ok
I cannot delete with the keyboard or the mouse with a right click. :thud:
In searching, I see that this is apparently an issue others have faced so take a deep breath and follow the instructions here: http://windows.microsoft.com/en-US/windows-vista/Clear-the-Run-history-on-the-Start-menu
Please let me know after you do that if it worked.
ok i have uninstalled the combofix,
i have checked sound it sort of works, but the volume scroll bar wont stick to a certain level and just goes down to quiet. I will try again in the morning, man does this computer agravate the heck out of me. also i will try and install McAfee in the AM too. Computer is just a pain in the neck, i need a break. i will let you know tomorrow what the scoop is. Thank you
I'm glad that worked. Thanks for letting me know.
Look how much you've done already. Relax, have a nice evening and we'll get to the bottom of this -- one way or another!
ok the sound works because i did a sound check with that testing thing you gave me. since the sound doesnt work with the itunes, if i uninstall itunes and reinstall it, am i going to lose all my music?
hi corrine i got the McAfee program to install, just need to figure out what is wrong with the scroll bar now, yippee things are finally coming along
Hi, Marie.
I've never used iTunes so do not know how it works but located this help topic: Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7 (http://support.apple.com/kb/HT1923).
The current version of iTunes is 10.6.1, unfortunately I can't find in any of the previous logs what version you have installed.
Launch iTunes, and click on the Help button at the upper left, then "Check for Updates". If there is a newer version, install it over the top of the one you have. All of your library will be preserved, so don't worry about losing your music!
If there isn't a newer version, we can download a fresh copy and install, or try to "repair" the one you have via Add/Remove Programs.
MAribaba2,
If your Apple device is upto date then you can backup from iCloud (https://www.icloud.com/)
GR@PH;<'S :Hammys pint:
i tried to back up the computer to a usb drive, but it has some kind of problem doing it, and i am not that good at understanding it anyways. I did find that i had the most up to date version of itunes, but it still doesnt make sound. The sound does work for every thing else though, which is nice to hear after so long being without it at all.
Just to cross off the obvious ... check the volume slider bar at the top is to the right, not all the way muted ...
cross off because it is in the middle of that
Quote from: winchester73 on April 22, 2012, 05:05:45 PM
If there isn't a newer version, we can download a fresh copy and install, or try to "repair" the one you have via Add/Remove Programs.
Did you try installing a fresh copy over the top of the current install?
(Advice: before making changes to your computer, create a fresh System Restore point. Instructions at Create a restore point (http://windows.microsoft.com/en-US/windows7/Create-a-restore-point))
0k it says it created a system restore point, now do i uninstall previous version of Itunes or repair the one i have via add/remove, does it matter and what happens to all my music?
i dont know how to put it all on icloud.
First, try moving the volume slider all the way to the right, and see if that makes any difference. If not, I wouldn't bother uninstalling or repairing, I'd first try downloading a fresh copy and installing over the top of what you have.
it says there is a later version of it already on the computer and that download had a problem anyways. Geesh
:thud:
Quote from: MAribaba2 on April 24, 2012, 05:06:13 PM
it says there is a later version of it already on the computer and that download had a problem anyways. Geesh
:thud:
Did you use this link?
http://www.apple.com/itunes/download/
That will install the latest version of iTunes.
What was the problem with the download?
ok i tried to download it twice, it says a later version of itunes is already installed on this computer, and i click ok, cause that is the only option it gives you, and then it says The installer encountered errors before itunes could be configured. Errors occured during installation. Your system has not been modified. Runn installer again( thats the 2nd time, now) No dice and then it says or finish to exit. Well alrighty then? Im confused.
ok so what do i do with the scroll bar not behaving properly, anyone have any ideas?
Quote from: MAribaba2 on April 26, 2012, 05:25:26 PM
ok so what do i do with the scroll bar not behaving properly, anyone have any ideas?
Do you mean the iTunes volume bar isn't moving, or that moving it doesn't do any good?
Researching your error message, it seems that some of the cures are worse than the problem. Sometimes complete removal of all Apple components allows a reinstall, but sometimes there is a registry problem that prevents iTunes from running at all. I'm hesitant to uninstall iTunes at this point ... I think the next step would be to try to repair the existing installation.
Do you know how to use Add/Remove programs? When you click on the iTunes item, you will be given a repair option.
Hi, Marie.
Perhaps you missed this that I posted previously:
Erratic ScrollFor the scroll problem, I found this at HP (http://h30434.www3.hp.com/t5/TouchSmart-PC/Touchsmart-300-rapid-screen-scrolling/td-p/629923):
QuoteIt is possible that the TouchSmart is interpreting certain touches as 'flicks'. You can turn these off by going to Control
Panel > Pen and Touch and click on the tab called "Flicks" and uncheck the box that says "Use flicks to perform common actions quickly and easily" then click OK.
Hi Corrine, there is nothing that says pen and touch
Hi, Marie.
It appears that the original HP link I located left out the entire path. From HP TouchSmart 300-1100 Desktop PC series - HP TouchSmart 300 and 600 Series PCs - Touch Techniques - c01956595 - HP Business Support Center (http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=4079688&prodTypeId=12454&prodSeriesId=4079688&objectID=c01956595) it appears that the following is the correct location:
-- Click Start, and then tap Control Panel .
-- Select the Hardware and Sound category.
-- Select Pen and Touch .
-- Select the Touch tab.
-- Select the Flicks tab.
Uncheck the box that says "Use flicks to perform common actions quickly and easily" then click OK.
I was hoping this was going to take care of the scroll bar being uncooperative, but i was wrong,
Let me see if I can explain what it is doing.
say i am trying to check on the sound, and i touch the sound button in the bottom right hand side of the computer screen, and up comes the picture with the scroll bar so i try to put the sound up to say 20, well it goes up but it slides back down, or i press the start button and i put in run then i try to write in the box something i want to go to, but it wont stay on the item i want , it scrolls up and down, by its self. Royal pain the you know what.
Well, that is completely different from what I thought you were experiencing. It was my impression that it was the browser scroll bar when using the mouse, not touch.
You may need to adjust the touch settings, on the same page that I linked to before (HP TouchSmart 300-1100 Desktop PC series - HP TouchSmart 300 and 600 Series PCs - Touch Techniques - c01956595 - HP Business Support Center (http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=120&prodSeriesId=4079688&prodTypeId=12454&prodSeriesId=4079688&objectID=c01956595)).
If that doesn't help, there is a link at the bottom of the page to "Contact HP if you need technical assistance."
Hello Corrine, more problems have arisen, lucky me, I was wondering if you would be able to steer me in the right direction, I am still having a problem with this blasted computer, let me try to explain, see if you understand this totally ignorant person.
If I touch the start button, then I put run in the dialog box, and then I choose run, I find that the choices jump around so that i cannot choose the one I am looking for.
Also my computer keeps trying to download a fix and it keeps failing.
If I could just figure out the correct words for things i might be able to explain myself better is there a place on line that shows the name of things on a computer screen if you dont know what the thing is called?
The sound for everything on my computer except itunes works, except if i try to push the volume slider up, then it slides its way down and then it doesnt work so i have to restore to a previous date. is there something else to do?
Hi, Marie.
Have you tried adjusting the volume using the Volume button on the side of the computer?
Why are you trying to use the Run command?
Do you have the same problems when you use the mouse & keyboard that you have with "touch"?
What "fix" is your computer trying to download? Do you receive a "fail" message?
The youth of today certainly have an advantage with computer knowledge, most having practically been born with a mouse in their hands! You might take a look at this site to see if it helps you: Senior's Guide to Computers - A Beginner's Tutorial for the Microsoft Windows PC, hardware, software, security, accessibility, internet, backup and email (http://www.seniorsguidetocomputers.com/default.asp)
Did you see my previous reply here: http://www.landzdown.com/analysis-and-malware-removal/trying-to-use-windows-defender-offline/msg152862/#msg152862 There is a link at the bottom of the HP page for getting help from HP.
QuoteHave you tried adjusting the volume using the Volume button on the side of the computer?
Found an image of the side showing the volume control, No. 5:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fh10025.www1.hp.com%2Fewfrf-JAVA%2FDoc%2Fimages%2Fc01986818.jpg&hash=7bd9a27d9b75b78d787cda5f30239fc43a9a2aa5)
Although this refers to the TouchSmart 600, from the documentation I found on the 300, there is a similar button, although it may be on the opposite site. Source: Setting Up Your TouchSmart Computer HP TouchSmart 600-1155 Desktop PC - HP Customer Care (United States - English) (http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01955511&tmp_task=setupCategory&lc=en&dlc=en&cc=us&lang=en&product=4176608)
Have you tried adjusting the volume using the Volume button on the side of the computer? This I have tried, and the speaker icon at the bottom of the computer screen on the right.
Why are you trying to use the Run command? I was trying to explain what i meant by the only place i could easily explain it to you.
Do you have the same problems when you use the mouse & keyboard that you have with "touch"? I dont have a problem with touch? I have a problem with the information in the dialog box skipping around so that i cant get what i want accomplished.
What "fix" is your computer trying to download? Do you receive a "fail" message? yes to the fail message. When i go to shut down the computer for the night, it tells me not shut down until it updates and then it says the fix failed. I will look the next time i do this to see if it tells me what the fix is.
The youth of today certainly have an advantage with computer knowledge, most having practically been born with a mouse in their hands! You might take a look at this site to see if it helps you: Senior's Guide to Computers - A Beginner's Tutorial for the Microsoft Windows PC, hardware, software, security, accessibility, internet, backup and email. Your telling me. Man o man!
Did you see my previous reply here: http://www.landzdown.com/analysis-and-malware-removal/trying-to-use-windows-defender-offline/msg152862/#msg152862 There is a link at the bottom of the HP page for getting help from HP. I have seen this, but dont know how to explain what my problem is, since i cant explain myself to you I dont know how to explain myself to any one else, i will give the Seniors guide a whirl. Thank you
I looked up "How do I tell if my computer is up to date?
Start
In search box type "update"
and every day for i dont know how long
Security up date for Microsoft Works 9 (2680317) failed
Definition update for windows defender KB915597 (definition 1.125.1137.0) failed
Hi, Marie.
I'm still thinking about your previous comments but can at least provide suggestions for the failed updates. (Good job describing the steps you followed!)
Please go to You receive error code: 0x80070646, error code: 646, or error code: 1606 when you use Windows Update or Microsoft Update (http://support.microsoft.com/kb/2258121) and scroll down the page to Microsoft Fix it 50461. Click the Fix it icon and follow the instructions.
You will need to restart the computer after running the Fix it. If you still cannot get the updates, please follow the instructions to run the Windows Update troubleshooter (http://windows.microsoft.com/en-US/windows7/Open-the-Windows-Update-troubleshooter?SignedIn=1).
I have been trying to reply to the previous message to tell you that i'm really glad you have been helping me, I think they error has been corrected because when i shut the computer down, it doesnt say i need to update and it will shut down after that. Thank you, another problem bites the dust. LOL yeah Corrine.
Hi, Marie.
I can't figure out why you weren't able to respond before but am glad that is no longer a problem.
You did the work, Marie. I just sent you in the right direction. :) Did you only have to run the Microsoft Fix it to solve the update problem?
yes i did. Were you able to think of any other ways to fix the other things that are wrong with my computer. Or maybe I should just live the problems, I mean there are a lot fewer than before i started working with you, really
Hi, Marie.
You said recently:
QuoteThe sound for everything on my computer except itunes works, except if i try to push the volume slider up, then it slides its way down and then it doesnt work so i have to restore to a previous date. is there something else to do?
It didn't occur to me to ask at that time whether it is
only with iTunes that the volume slider does not work properly.
No if i fiddle with the volume slider then the sound doesnt work for anything unless i restore to an earlier time, and then the only thing that doesnt work is itunes
Hi, Marie.
Hopefully, I'll be chatting with Aaron this evening. I'm hoping he may have a suggestion about the volume slider.
Thank you!
Hi, Marie.
We didn't have much time to chat, although he mentioned the audio driver. That reminded me of the Microsoft Troubleshooter, which I'd like to try first before we get into driver updates.
Please go to No sound in Windows (http://windows.microsoft.com/en-US/windows/help/no-sound-in-windows). I realize that the title refers to "No sound", but there are two Microsoft Fix it solutions there that may detect the problem.
As always, please create a System Restore point prior to making any changes. This will make it easier to undo any changes.
Then, run the first Fix it troubleshooter (To run a sound playback troubleshooter). If that doesn't help, run the second troubleshooter (To run a hardware and devices troubleshooter).
Let me know the results. If you still have problems, we'll move on to Step 3 (Update drivers).
This may be the same thing Corrine mentioned, but here is something perhaps worth trying ...
Click the Start button, and then Control Panel.
In the search box, type troubleshooter, and then click Troubleshooting.
Under Hardware and Sound, click Troubleshoot audio playback.
Ok Corrine seems The device is (supposedly) working properly, but its not. And Winchester I tried what you said and it says. trouble shooting couldnt identify the problem, just wonderful. :thud:
Hi, Marie.
Since the troubleshooter didn't help, let's see if there are any audio driver updates for your computer. From Step 3, Update Drivers at No sound in Windows (http://windows.microsoft.com/en-US/windows/help/no-sound-in-windows), which includes a video you may want to watch.
QuoteYou must be logged on as an administrator to perform these steps.
Open Device Manager by clicking the Start button, clicking Control Panel, clicking System and Security, and then, under System, clicking Device Manager. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
- In the list of hardware categories, find the device that you want to update, and then double-click the device name.
- Click the Driver tab, click Update Driver, and then follow the instructions. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
I think it is easier to get there by clicking the
Start button and typing
device manager in the search box. :) The device driver you are looking for is
Sound, video and game controllers.
I don't know which device you have, but it may show something like "Analog Devices SoundMAX Digital HD Audio Driver".
(
Note: For part of your "learning", drivers can be rolled back if the update is unsatisfactory. All you need to do is click the Driver tab, and then click Roll Back Driver. If there is no previous version of the driver installed, the Roll Back Driver button will not be available.)
It says: The best driver software for your device is already installed. Windows has determined the driver software for your device is up to date.
Ok, let's see if I can get you to the right page on the HP website. First, I need the exact model of your computer. Here's the instructions from HP:
QuoteIn Windows, press and hold the Ctrl and Alt keys, and then press the S key on the keyboard.
An Information screen appears in the display showing the Model number and serial number.
You can also find the model number and serial number on an information label attatched to the back of the TouchSmart PC.
Figure 1: Serial number location for IQ 500 Series
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fh10025.www1.hp.com%2Fewfrf-JAVA%2FDoc%2Fimages%2Fc01495646.jpg&hash=3d6b155191fbf6ed79d367f5de156fc14c213110)
After that, we'll see if we can find updates or troubleshoot from here: http://www8.hp.com/us/en/support-drivers.html?pageDisplay=drivers
Model #300-1120
Hi, Marie.
I'm not finding an update for the HP TouchSmart 300-1120 Desktop PC. However, it may help to reinstall the "Original Analog Devices SoundMAX Digital HD Audio Driver".
Installation Instructions
Click the Download Only button.
At the File Download screen, click the Save button.
At the Save As screen, save the file to your Desktop.
If a message appears stating that the file already exists, click YES to overwrite file.
Double-click the icon for the update downloaded to your desktop, and then click NEXT.
Follow on-screen instructions.
If prompted to restart the system upon completion of the update, click YES and allow system to restart.
Download page: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=pv-78361-1&cc=us&dlc=en&lc=en&os=4063&product=4174137&sw_lang=