Trying to use Windows defender Offline

[MAribaba2]

les (x86)\iWonIE\bar\1.bin\iddatact.dll   a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files (x86)\iWonIE\bar\1.bin\idhtml.dll   probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Program Files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll   probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files (x86)\iWonIE\bar\1.bin\idskin.dll   a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files (x86)\RealArcade\Installer\GameHouse-Installer_am-gamehousesudokuunlimited_gamehouse_.exe   Win32/OpenCandy application
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll   Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir   Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir   Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir   Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir   Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir   Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir   Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir   Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir   Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir   Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir   Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir   Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir   Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir   Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir   Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir   Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir   Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir   Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir   Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir   Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir   Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir   Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir   Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir   Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir   Win32/Toolbar.MyWebSearch application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddatact.dll   a variant of Win32/Toolbar.MyWebSearch.A application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtml.dll   probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll   probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idskin.dll   a variant of Win32/Toolbar.MyWebSearch.P application
C:\Users\Dale\AppData\Local\mwsauto.exe   a variant of Win32/Toolbar.MyWebSearch.K application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00021d30).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000251a8).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000257df).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000289c7).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000295c9).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000296d2).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002a6e8).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002b2da).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002b653).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002b911).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002bbfe).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002d7d7).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002dcf6).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0002e687).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000324ed).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00032f0b).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000338ea).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00040fe7).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000444eb).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000562a8).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0005a10f).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0006335f).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00071257).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000a0f4b).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(000b22eb).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(003340e7).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(003d38cc).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(003d4c2d).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00516bae).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(005da40d).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00710c13).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(007d0790).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00af9f8c).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00cc5535).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(00e00773).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0101d981).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(01699d4f).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(01a55346).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02270548).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02beb49d).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02bff9a8).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(02c414f5).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0304ea4e).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0312c86c).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0334d172).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03994397).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03c4c4a9).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03cafc8a).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(03ff7bc8).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0451a6b0).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(05763a4e).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(05a63041).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(06247a1e).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(066040f7).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(06a4c351).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(06cba45d).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(075931fe).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(07f2a675).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(08010170).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(082c552c).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0835b7b5).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0a3a257f).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0d090419).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0e1f35c9).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0e8e28c1).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(0fd2fecb).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\iWonIE\bar\setups\iWon Toolbar Installer(15a1ce47).exe   probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\11E9AC34.exe   a variant of Win32/Toolbar.MyWebSearch.K application

[Corrine]

Hi, Marie.

Even though the ESET log got cut off, what we have shows additional issues that need to be addressed. 

I need you to run ComboFix again.  Make sure that when it is running, you don't have any other programs running, that you close McAfee as you did during the first run, and do not click on the ComboFix window while it is running.  After I see the results of this next scan, we'll see where things stand.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below.  (Tip:  Clicking [Select] next to the Code tag will automatically select all the text):

Code Select Expand


DDS::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games

Folder::
C:\Program Files (x86)\iWonIE
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE
C:\Users\Dale\AppData\LocalLow\MyWebSearch

File:
GameHouse-Installer_am-gamehousesudokuunlimited_gamehouse_.exe
mwsauto.exe

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


• Save this as CFScript.txt and place it on your desktop.
• Close any open browsers.
• Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
  
  
  
  
  


• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[MAribaba2]

once again dumphive.3xe has stopped working correctly. windows will close the program and notify you if a solution is available. then inside square close program
now what?does this happen often to people using this program?

[Corrine]

Hi, Marie.

No, this is not a common error.  Please try running Combofix in SafeMode.

Restart your computer in SafeMode by doing the following:

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  
• Instead of Windows loading as normal, a menu should appear
  
• Select the first option, to run Windows in Safe Mode.

If you're like me, you may need to repeatedly click F8 as your computer is starting.  :)  Also, if you have not been in Safe Mode before, please note that limited drivers are loaded so it will look a bit strange.

[MAribaba2]

Now what? once i've run the combofix in safemode, do i have to be in safemode to get a repot or something?

[Corrine]

Hi, Maria.

Did your computer restart?  If so, it should have started in normal mode and a log presented.  If no log popped up, go to C:\Qoobox\ComboFix2.txt (Click Computer > OS (C:) > Qoobox and then double-click ComboFix2.txt.  It will open in Notepad.  Copy/paste the results as a reply.

Note:  ComboFix2.txt will have today's date and time that it was run, i.e., 2012-04-19 + time

[MAribaba2]

combofix2.txt is dated 4/7
there is another file but it is not under Qoobox, 4/19 date combofix / en-us but it wont open in notepad

[Corrine]

Ok, lets try this so I can get an idea of what has been removed.

Locate C:\Qoobox\ComboFix-quarantined-files.txt and check the date.  If it is dated 4/19, please copy/paste it as a reply.  If it is a different date, please just tell me what the date is.

In addition, let's see a fresh DDS log.

• Double-Click dds.scr and a command window will appear. This is normal
• After the log(s) appear, please save DDS.txt to a convenient location, such as your desktop
• Copy the contents of DDS.txt and post in your next reply.

[MAribaba2]

sorry the date of the combofix2.txt is 4/16
and how do i find the dds.scr? Have I done this before?

[Corrine]

Hi, Marie. 

This time I was looking for a different file but that's ok.  Let's see what shows in the DDS log.  It was back at the beginning so understandable that you forgot about it. :) 

You may have saved DDS to your download folder or on your desktop.  If you cannot find it, you can download a fresh copy.  See the original instructions here:  http://www.landzdown.com/analysis-and-malware-removal/trying-to-use-windows-defender-offline/msg152479/#msg152479

[MAribaba2]

Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Blue room at 20:17:48 on 2012-04-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2482 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\PROGRA~2\iWonIE\bar\1.bin\idbarsvc.exe
C:\Windows\system32\lxcicoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Verizon Games Player\GPlayer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iWonIE\bar\1.bin\idbrmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Exetender] "C:\Program Files (x86)\Verizon Games Player\GPlayer.exe" /runonstartup
uRun: [Facebook Update] "C:\Users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iWonIE Browser Plugin Loader] C:\PROGRA~2\iWonIE\bar\1.bin\idbrmon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Exetender] "C:\Program Files (x86)\Verizon Games Player\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\BLUERO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EXIFLA~1.LNK - C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE}
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{CA7634BD-5912-4500-A45B-10D578EB523B} : DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64:     0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64:     Canon Easy-WebPrint EX BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO-X64:     Updater For Verizon Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
BHO-X64:     Verizon Toolbar - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iWonIE Browser Plugin Loader] C:\PROGRA~2\iWonIE\bar\1.bin\idbrmon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-9-10 22072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 iWonIEService;iWon Toolbar Service;C:\PROGRA~2\iWonIE\bar\1.bin\idbarsvc.exe [2010-11-13 28766]
R2 lxci_device;lxci_device;C:\Windows\system32\lxcicoms.exe -service --> C:\Windows\system32\lxcicoms.exe -service [?]
R2 X5XSEx_Pr135;X5XSEx_Pr135;C:\Program Files (x86)\Verizon Games Player\X5XSEx.sys [2010-9-30 55328]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\DRIVERS\NW1950.sys --> C:\Windows\system32\DRIVERS\NW1950.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);C:\Users\BLUERO~1\AppData\Local\Temp\011514~1.EXE -cleanup -nolog --> C:\Users\BLUERO~1\AppData\Local\Temp\011514~1.EXE -cleanup -nolog [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-7 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-7 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-19 11:33:19   --------   d-----w-   C:\ComboFix
2012-04-18 23:34:37   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-04-18 10:44:04   --------   d-----w-   C:\Program Files (x86)\ESET
2012-04-17 11:56:02   8669240   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{227DB4FB-C460-4D7C-BAEB-941C8E75AC73}\mpengine.dll
2012-04-15 01:27:25   98816   ----a-w-   C:\Windows\sed.exe
2012-04-15 01:27:25   518144   ----a-w-   C:\Windows\SWREG.exe
2012-04-15 01:27:25   256000   ----a-w-   C:\Windows\PEV.exe
2012-04-15 01:27:25   208896   ----a-w-   C:\Windows\MBR.exe
2012-04-12 07:03:56   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:03:56   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03:56   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00:41   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:40   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:40   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:39   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:39   5120   ----a-w-   C:\Windows\System32\wmi.dll
2012-04-12 07:00:39   220672   ----a-w-   C:\Windows\System32\wintrust.dll
2012-04-12 07:00:39   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2012-04-03 11:07:02   --------   d-----w-   C:\Program Files\iPod
2012-04-03 11:07:01   --------   d-----w-   C:\Program Files\iTunes
2012-03-30 23:52:00   --------   d-----w-   C:\Program Files (x86)\McAfee.com
2012-03-30 23:51:43   --------   d-----w-   C:\Program Files (x86)\Common Files\McAfee
2012-03-30 23:50:48   --------   d-----w-   C:\Program Files\Common Files\McAfee
2012-03-30 23:50:47   --------   d-----w-   C:\Program Files\McAfee.com
2012-03-30 23:50:47   --------   d-----w-   C:\Program Files\McAfee
2012-03-30 23:50:45   --------   d-----w-   C:\Program Files (x86)\McAfee
2012-03-30 23:38:30   156792   ----a-r-   C:\Windows\System32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38:28   639216   ----a-r-   C:\Windows\System32\drivers\mfehidk.sys.e909.deleteme
2012-03-29 10:56:45   --------   d-----w-   C:\Users\Blue room\AppData\Local\{A5E677C8-E71E-4251-84F2-A98D7CE0939A}
2012-03-26 10:36:16   --------   d-----w-   C:\Users\Blue room\AppData\Local\{3B136ABB-AC30-41A3-A8FB-B286694E554E}
2012-03-26 10:36:05   --------   d-----w-   C:\Users\Blue room\AppData\Local\{C903A7AE-FDBA-4524-B09B-EE664DDA3220}
.
==================== Find3M  ====================
.
2012-02-28 06:56:48   2311168   ----a-w-   C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2012-02-28 06:48:57   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55   1799168   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-02-24 06:15:33   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36   279656   ------w-   C:\Windows\System32\MpSigStub.exe
2012-02-19 14:22:00   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-01-25 06:38:39   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:18:53.05 ===============
I sure hope this is what you wanted, i dont know how to zip the attach file that you want, or is it part of this?

[Corrine]

Hi, Marie.

This is what I needed.  It shows that ComboFix apparently didn't run in safe mode.  I need to be fresh to decide what I want you to do next.  If you are going to be connected to the Internet, be sure to reactive McAfee.   

[MAribaba2]

maybe it did run and i cant figure out how to save it and send it. I dont know. Not the brightest when it comes to computers, but i do try, really really hard to get it. Let me know if you have had enough of me or what i should do next.

[Corrine]

Hi, Marie.

No, I have not "had enough of you"!!!  We all have different experience levels.  Based on what shows in the DDS log you posted, I can see that ComboFix didn't run. 

To determine whether the issue that you are experiencing is caused by one or more system files that are used by Windows, run the System File Checker tool. The System File Checker tool scans system files and replaces incorrect versions of the system files by using the correct versions.

To run the System File Checker tool, follow these steps:

• Click Start, and then type cmd in the Start Search box.
  
• Right-click cmd in the Programs list, and then click Run as administrator.
  
• If you are prompted for an administrator password or confirmation, type your password or click Continue
  
• At the command prompt, type the following line, and then press ENTER:  sfc /scannow (note the space before the forward slash)
  
• When the scan is complete, please shutdown/restart your computer.
  

Let me know if any errors were found and fixed.

[MAribaba2]

I got as far as start then cmd then C:\User\Blue room came up so i typed in sfc \scannow
and it says "you must be an administrator running a console session in order to use the sfc utility
geez louise cant anything be easy, i guess not