Trying to use Windows defender Offline

Started by MAribaba2, April 13, 2012, 01:27:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4 5 6 ... 8
User actions

Corrine

#45
April 20, 2012, 04:48:18 PM
Hi, Marie.

You need to right-click cmd and select Run as Administrator.  When you receive the UAC prompt asking if you wish to allow it, click Continue.  When the black box comes up, next to C:\Windows\system32> type sfc \scannow


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#46
April 20, 2012, 06:29:58 PM
Windows Resource Protection did not find any integrity violations

Corrine

#47
April 20, 2012, 07:24:18 PM
Good job, Marie! 

Ok, let's try a fresh copy of ComboFix.  What I want you to do is right-click the ComboFix icon on your desktop and select "delete".  download a new copy of ComboFix from Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop -- Previous instructions:  right-click Link1 above and when the prompt opens, click "Save target as".  When the "Save as" box opens, it will probably show your Downloads folder.  Click on your username and when the list appears, scroll down the "Name" column until you see Desktop.  When the Desktop folder opens, click the Save button.

Next, please run ComboFix again.  Make sure that when it is running, you don't have any other programs running, that you close McAfee as you did during the first run, and do not click on the ComboFix window while it is running. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below.  (Tip:  Clicking [Select] next to the Code tag will automatically select all the text):

Code Select

DDS::
mRun: [iWonIE Browser Plugin Loader]
mRun-x64: [iWonIE Browser Plugin Loader]
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: yahoo.com\games

Folder::
C:\Program Files (x86)\iWonIE
C:\Users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE
C:\Users\Dale\AppData\LocalLow\MyWebSearch

File:
GameHouse-Installer_am-gamehousesudokuunlimited_gamehouse_.exe
mwsauto.exe

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#48
April 20, 2012, 08:39:27 PM
i cannot get it save the code stuff in notepad

Corrine

#49
April 20, 2012, 10:06:55 PM
Hi, Marie.

You can do it! 

  • Open Notepad. 
  • With Internet Explorer, click Select from the code box in the above instructions, as illustrated in the image below. 

  • With your mouse in the box, right-click with your mouse and select copy as shown:

  • Then return to Notepad and right-click your mouse in the open space and select paste
  • In Notepad, select File, Save as.
  • In the file name, it should read CFScript.txt
  • Save the file to C:\Users\Blue room\Desktop
  • As indicated in the screenshot above, drag CFScript.txt onto ComboFix.exe.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#50
April 21, 2012, 01:45:47 AM
ComboFix 12-04-20.03 - Blue room 04/20/2012  21:05:43.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2574 [GMT -4:00]
Running from: c:\users\Blue room\Desktop\ComboFix.exe
Command switches used :: c:\users\Blue room\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\iWonIE
c:\program files (x86)\iWonIE\bar\1.bin\idauxstb.dll
c:\program files (x86)\iWonIE\bar\1.bin\idbarsvc.exe
c:\program files (x86)\iWonIE\bar\1.bin\idbrmon.exe
c:\program files (x86)\iWonIE\bar\1.bin\idbrstub.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddatact.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddlghk.dll
c:\program files (x86)\iWonIE\bar\1.bin\iddyn.dll
c:\program files (x86)\iWonIE\bar\1.bin\idfeedmg.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhighin.exe
c:\program files (x86)\iWonIE\bar\1.bin\idhtml.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll
c:\program files (x86)\iWonIE\bar\1.bin\idhttpct.dll
c:\program files (x86)\iWonIE\bar\1.bin\ididle.dll
c:\program files (x86)\iWonIE\bar\1.bin\idimpipe.exe
c:\program files (x86)\iWonIE\bar\1.bin\idmedint.exe
c:\program files (x86)\iWonIE\bar\1.bin\idmlbtn.dll
c:\program files (x86)\iWonIE\bar\1.bin\idmsg.dll
c:\program files (x86)\iWonIE\bar\1.bin\idradio.dll
c:\program files (x86)\iWonIE\bar\1.bin\idregiet.dll
c:\program files (x86)\iWonIE\bar\1.bin\idscript.dll
c:\program files (x86)\iWonIE\bar\1.bin\idskin.dll
c:\program files (x86)\iWonIE\bar\1.bin\idskplay.exe
c:\program files (x86)\iWonIE\bar\1.bin\LOGO.BMP
c:\program files (x86)\iWonIE\bar\Message\COMMON.T8S
c:\program files (x86)\iWonIE\bar\Settings\s_pid.dat
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idauxstb.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbar.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbarsvc.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbrmon.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idbrstub.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddatact.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddlghk.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\iddyn.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idfeedmg.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhighin.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtml.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhtmlmu.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idhttpct.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\ididle.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idimpipe.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idmedint.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idmlbtn.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idmsg.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idradio.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idregiet.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idscript.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idskin.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idskplay.exe
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\idSrcAs.dll
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\1.bin\LOGO.BMP
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\Message\COMMON.T8S
c:\users\Blue room\AppData\Local\Microsoft\Windows\Burn\Burn\Program Files (x86)\iWonIE\bar\Settings\s_pid.dat
c:\users\Dale\AppData\LocalLow\MyWebSearch
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03344A2A
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03344FE4
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\033451A8.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\033455AE.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03345715.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\033458AA.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\03345A50.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA6FF.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA7AB.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA866.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FA99E.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\047FAA0B.bin
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\11E9AC34.exe
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\History\search3
c:\users\Dale\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-21 to 2012-04-21  )))))))))))))))))))))))))))))))
.
.
2012-04-21 01:22 . 2012-04-21 01:22   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-21 01:22 . 2012-04-21 01:22   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2012-04-21 01:22 . 2012-04-21 01:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-21 01:22 . 2012-04-21 01:22   --------   d-----w-   c:\users\Dale\AppData\Local\temp
2012-04-20 20:29 . 2012-04-13 08:46   8917360   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{1154B277-D685-401A-98FF-625E992EE00C}\mpengine.dll
2012-04-18 10:44 . 2012-04-18 10:44   --------   d-----w-   c:\program files (x86)\ESET
2012-04-12 07:03 . 2012-03-06 06:53   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-12 07:03 . 2012-03-06 05:59   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:03 . 2012-03-06 05:59   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-04-03 11:07 . 2012-04-03 11:07   --------   d-----w-   c:\program files\iPod
2012-04-03 11:07 . 2012-04-03 11:07   --------   d-----w-   c:\program files\iTunes
2012-03-30 23:51 . 2012-04-15 01:50   --------   d-----w-   c:\program files (x86)\Common Files\McAfee
2012-03-30 23:50 . 2012-04-15 01:50   --------   d-----w-   c:\program files\Common Files\McAfee
2012-03-30 23:50 . 2012-03-30 23:52   --------   d-----w-   c:\program files\McAfee
2012-03-30 23:50 . 2012-04-02 10:02   --------   d-----w-   c:\program files (x86)\McAfee
2012-03-30 23:38 . 2011-03-13 15:20   156792   ----a-r-   c:\windows\system32\drivers\mfeapfk.sys.7d99.deleteme
2012-03-30 23:38 . 2011-03-13 15:20   639216   ----a-r-   c:\windows\system32\drivers\mfehidk.sys.e909.deleteme
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 06:15 . 2011-05-17 11:07   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-09-25 00:43   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-19 14:22 . 2010-10-05 12:35   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-14 10:43   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 10:43   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 10:43   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 10:43   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 10:44   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 10:44   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 10:44   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 10:44   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 10:44   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 10:44   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-04-20_20.04.32   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 07:50 . 2012-04-20 20:30   64568              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-20 20:30   51576              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-25 00:03 . 2012-04-20 20:30   20914              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-160595772-3988206056-4187848903-1000_UserData.bin
+ 2012-04-21 01:23 . 2012-04-21 01:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 20:03 . 2012-04-20 20:03   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 20:03 . 2012-04-20 20:03   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-21 01:23 . 2012-04-21 01:23   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-20 20:03   288976              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-21 01:22   288976              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-25 00:24 . 2012-04-21 01:22   3774000              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-25 00:24 . 2012-04-20 20:03   3774000              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-08 01:17 . 2012-04-21 01:22   7166364              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-160595772-3988206056-4187848903-1000-8192.dat
- 2010-12-08 01:17 . 2012-04-20 20:03   7166364              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-160595772-3988206056-4187848903-1000-8192.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56   262312   ----a-w-   c:\program files (x86)\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56   86696   ----a-w-   c:\program files (x86)\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files (x86)\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
"Facebook Update"="c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-09 137536]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2009-10-19 715776]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"Buttons & OSDs control application gen3"="c:\program files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe" [2009-11-17 212992]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Verizon Games Player\GPlayer.exe" [2010-10-05 4752896]
.
c:\users\Blue room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Blue room\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-7 293950]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-6 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0115141334453082mcinstcleanup;McAfee Application Installer Cleanup (0115141334453082);c:\users\BLUERO~1\AppData\Local\Temp\011514~1.EXE

  • R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 iWonIEService;iWon Toolbar Service;c:\progra~2\iWonIE\bar\1.bin\idbarsvc.exe

  • R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 136176]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

  • R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

  • R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

  • R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

  • S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

  • S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-09-11 22072]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe [2007-02-02 566192]
    S2 X5XSEx_Pr135;X5XSEx_Pr135;c:\program files (x86)\Verizon Games Player\X5XSEx.Sys [2010-03-11 55328]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS

  • S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys

  • S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

  • S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys

  • S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

  • S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys

  • S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

  • S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys

  • S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

  • .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000Core.job
    - c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
    .
    2012-04-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160595772-3988206056-4187848903-1000UA.job
    - c:\users\Blue room\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-09 11:00]
    .
    2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
    .
    2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 17:35]
    .
    2012-04-18 c:\windows\Tasks\HPCeeScheduleForBlue room.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2012-04-20 c:\windows\Tasks\HPCeeScheduleForDale.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    DPF: {F46BD8B1-DE4C-4A4F-B6F6-8FB68D25342D} - hxxp://vztimg.exent.com/Prem/verizon/webGames/528150/MahjongRoadshowWeb.1.0.0.18.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-160595772-3988206056-4187848903-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-20  21:36:35 - machine was rebooted
    ComboFix-quarantined-files.txt  2012-04-21 01:36
    ComboFix2.txt  2012-04-20 20:17
    ComboFix3.txt  2012-04-16 22:04
    ComboFix4.txt  2012-04-15 01:59
    .
    Pre-Run: 654,452,219,904 bytes free
    Post-Run: 654,166,188,032 bytes free
    .
    - - End Of File - - 39BE9D7A70F9A555BCC833FE65EFB2B2

Corrine

#51
April 21, 2012, 01:53:26 AM
Yippee!!! :dance:

Great job, Marie!  Seeing as how its getting late for me, I'll take a fresh look at the new log tomorrow.  In the meantime, how is your computer running?

Make sure you restart McAfee.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#52
April 21, 2012, 10:53:45 AM
Thank you, it seems to be running better, do you know how to make the sound come back on so i can listen to my itunes? it says i dont have a driver, but i had to have had one before, because i did listen to music on here before.

MAribaba2

#53
April 21, 2012, 11:05:47 AM
I thought it was better til i tried to reinstall mcafee.

Corrine

#54
April 21, 2012, 06:06:13 PM
Hi, Marie.

No changes were made to iTunes or any of the audio files. 

1)  Is the volume icon in the "notification area" (system tray)?  If yes, proceed to #2.  If no, right-click in the task bar near the time display and you will get a pop up menu.

-- Click on properties.
-- Under system icons to always show, check volume.
-- Click Apply. 

2)  Is it only iTunes or all sound?  If you can hear http://www.youtube.com/watch?v=Nl9WMIPzd6w&feature=related please proceed to #3.

3)  Try re-installing iTunes, being careful to UNcheck the two optional e-mails if you don't want them:  http://www.apple.com/itunes/download/

Let me know how you make out.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#55
April 21, 2012, 07:15:12 PM
Hi Corrine the sound went out as soon as we started having problems with the darn computer.  so do you have any more ideas for how to fix the computer? and how I can get the scroll bar to stop bouncing up and down so I can choose an option if i wanted?

Corrine

#56
April 21, 2012, 07:27:22 PM
Hi, Marie.

1)  Sound:  Please confirm whether it is only iTunes or if you have no sound when playing the YouTube I linked to above.

2)  Scroll bar:  Please provide specific details about your HP computer and the mouse.  Is your computer a desktop or laptop and what model is it?  What type of mouse do you use (make/model).  Is it wireless?  Is it plugged in to a USB port?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#57
April 21, 2012, 07:47:52 PM
ok no sound with itunes or youtube that you linked me to.

HP touchsmart 300 desktop logitech wireless

i dont know if i answered you correctly or not

Corrine

#58
April 21, 2012, 10:45:25 PM
Hi, Marie.

Since we've moved beyond malware issues -- and your computer appears clean now, let's finish remove ComboFix and reinstall McAfee.

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Sound

After doing that, please see the instructions at HP for your computer that addresses "no sound":

No Sound from the Speakers (Windows 7) HP TouchSmart 300-1025 Desktop PC - HP Customer Care (United States - English).

Erratic Scroll

For the scroll problem, I found this at HP:

QuoteIt is possible that the TouchSmart is interpreting certain touches as 'flicks'.  You can turn these off by going to Control
Panel > Pen and Touch and click on the tab called "Flicks" and uncheck the box that says "Use flicks to perform common actions quickly and easily" then click OK.

Please let me know how make out.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

MAribaba2

#59
April 22, 2012, 12:09:01 AM
Hi Corrine i have tried to put combofix/Uninstall in the box in run and it will not allow it.
Print
Go Up Pages 1 2 3 4 5 6 ... 8
User actions