Jump to content

malwarebytes keeps sending notifications of a blocked potentially malicious website


Recommended Posts

Hi and thanks for the help. Well, my computer had a trojan a week ago so I downloaded malwarebytes to help clean it. It detected a few trojans but it said that it successfully removed all the trojans. BUT after that, i noticed that every few minutes or so when I open a browser (Firefox, IE or chrome) malwarebytes pops up with a notification of:

"Successfully blocked a potentially malicious website: 95.168.173.224 (also 95.168.173.224 occasionally pops up as well)

Type: Outgoing

Port: 51800

Process: rundlle 32.exe"

So, after that i downloaded spybot search and destroy as well as comodo firewall. anyway, ive scanned using all of those but still the notifications are still popping up and i dont know wat to do anymore. also, i notice that sometimes when i am web browsing i am redirected to other sites. also, my windows security center doesnt work and i tried downloading microsoft security essentials as well but that wont even open. just wondering if that has anything to do with my computer having mcaffee? sorry if im not making much sense, i am not a very technical person..... so yeah, just wondering if anyone can help me solve my problem. o btw, i have a dell computer with windows 7. thankyou i really appreciate anyones help

this is the log of my last scan btw:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7424

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/08/2011 11:09:10 PM

mbam-log-2011-08-10 (23-09-10).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 378885

Time elapsed: 58 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7431

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/08/2011 2:10:19 PM

mbam-log-2011-08-11 (14-10-19).txt

Scan type: Quick scan

Objects scanned: 181692

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Krista Fenix at 14:08:20 on 2011-08-11

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2106 [GMT 9.5:30]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\ehome\mcGlidHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell Support Center\pcdrcui.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\Dell Support Center\updater\appupdater.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509132847.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

uRun: [<NO NAME>]

uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

StartupFolder: C:\Users\KRISTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\KRISTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA}\24967605F6E64683737393 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{8A6A6D7D-6A41-49C4-9825-70C777979B99}\24967605F6E64683737393 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{E2D94A44-AA45-4D5D-8247-A3F3162C0A6E} : NameServer = 156.154.70.22,156.154.71.22

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509132847.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Krista Fenix\AppData\Roaming\Mozilla\Firefox\Profiles\gbp70c47.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Krista Fenix\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-13 25072]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys --> C:\Windows\system32\DRIVERS\wg111v2.sys [?]

R3 uxkx164;ASUS My Cinema U3100 Mini DVBT;C:\Windows\system32\DRIVERS\uxkx164.sys --> C:\Windows\system32\DRIVERS\uxkx164.sys [?]

S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\system32\Drivers\usbVM31b.sys --> C:\Windows\system32\Drivers\usbVM31b.sys [?]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-08-07 06:58:26 -------- d-----w- C:\ProgramData\Comodo

2011-08-07 06:58:21 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2011-08-07 06:58:21 -------- d-----w- C:\Program Files\COMODO

2011-08-07 06:57:40 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-08-06 08:48:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-08-06 08:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-08-06 08:25:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-08-06 08:25:37 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-08-04 09:02:41 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-08-04 07:49:09 -------- d-----w- C:\Users\Krista Fenix\AppData\Roaming\Malwarebytes

2011-08-04 07:49:04 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-04 07:49:03 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-04 07:49:00 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-04 07:49:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-04 06:56:09 65536 --sha-r- C:\Windows\SysWow64\xwizards5.dll

2011-07-31 06:37:28 -------- d-----w- C:\Users\Krista Fenix\AppData\Local\etax2011

2011-07-31 06:36:43 -------- d-----w- C:\Program Files (x86)\etax2011

2011-07-28 05:34:44 -------- d-----w- C:\MYOBODBCAU9

2011-07-28 05:34:44 -------- d-----w- C:\MYOBODBC

2011-07-28 05:33:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wintertree

2011-07-28 05:33:33 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-07-28 05:32:22 -------- d-----w- C:\Program Files (x86)\MYOB

2011-07-28 05:32:22 -------- d-----w- C:\myob185ED

2011-07-14 02:14:06 -------- d-----w- C:\ProgramData\Fugazo

2011-07-14 01:31:43 -------- d-----w- C:\ProgramData\Oberon Media

.

==================== Find3M ====================

.

2011-07-06 11:24:55 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-30 00:08:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-06-30 00:08:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-06-30 00:08:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-06-30 00:07:26 363560 ----a-w- C:\Windows\System32\guard64.dll

2011-06-30 00:07:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

.

============= FINISH: 14:10:55.76 ===============

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

hi, i did the combo fix thing but i noticed that before completing each stage this popped up "Windows cannot find the file 'NIRKMD'. Make sure you typed the name correctly, and then try again." Is that normal? Anyway, heres my ComboFix log:

ComboFix 11-08-11.06 - Krista Fenix 12/08/2011 14:48:02.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2643 [GMT 9.5:30]

Running from: c:\users\Krista Fenix\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Krista Fenix\ia_remove.sh4371.tmp

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))

.

.

2011-08-12 05:26 . 2011-08-12 05:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-11 14:56 . 2011-08-11 14:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-08-11 14:52 . 2011-08-11 14:52 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-08-11 04:52 . 2011-06-21 05:35 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-08-11 04:52 . 2011-06-21 05:34 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2011-08-11 04:52 . 2011-06-21 05:05 482816 ----a-w- c:\windows\system32\html.iec

2011-08-11 04:52 . 2011-06-21 04:26 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-08-11 04:52 . 2011-07-22 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-11 04:52 . 2011-07-22 04:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-11 04:45 . 2011-07-16 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-08-11 04:44 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-11 04:44 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-11 04:44 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-07 06:58 . 2011-08-07 07:06 -------- d-----w- c:\programdata\Comodo

2011-08-07 06:58 . 2011-08-07 06:59 -------- d-----w- c:\program files\COMODO

2011-08-07 06:58 . 2011-08-07 06:58 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2011-08-07 06:57 . 2011-08-07 06:58 -------- d-----w- c:\programdata\Comodo Downloader

2011-08-06 08:48 . 2011-08-06 09:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-06 08:48 . 2011-08-06 08:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-08-06 08:25 . 2011-08-06 08:25 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-08-06 08:25 . 2011-08-06 08:26 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-04 09:02 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\users\Krista Fenix\AppData\Roaming\Malwarebytes

2011-08-04 07:49 . 2011-07-06 10:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\programdata\Malwarebytes

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-04 07:49 . 2011-07-06 10:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-04 07:11 . 2011-08-04 07:11 -------- d-----w- c:\users\Krista Fenix\AppData\Roaming\Yahoo!

2011-08-04 06:56 . 2011-08-04 06:56 65536 --sha-r- c:\windows\SysWow64\xwizards5.dll

2011-07-31 06:37 . 2011-07-31 06:37 -------- d-----w- c:\users\Krista Fenix\AppData\Local\etax2011

2011-07-31 06:36 . 2011-07-31 06:37 -------- d-----w- c:\program files (x86)\etax2011

2011-07-28 05:34 . 2011-07-28 05:34 -------- d-----w- C:\MYOBODBC

2011-07-28 05:33 . 2011-07-28 05:33 -------- d-----w- c:\program files (x86)\Common Files\Wintertree

2011-07-28 05:32 . 2011-07-28 05:33 -------- d-----w- C:\myob185ED

2011-07-28 05:32 . 2011-07-28 05:32 -------- d-----w- c:\program files (x86)\MYOB

2011-07-14 02:14 . 2011-07-14 02:14 -------- d-----w- c:\programdata\Fugazo

2011-07-14 01:31 . 2011-07-14 01:31 -------- d-----w- c:\programdata\Oberon Media

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 04:41 . 2011-06-01 04:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 04:32 . 2011-08-11 04:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-02 06:30 . 2010-01-19 06:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-07-02 06:30 . 2010-01-19 06:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-30 00:08 . 2011-06-30 00:08 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 00:08 . 2011-06-30 00:08 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 00:08 . 2011-06-30 00:08 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 00:08 . 2011-06-30 00:08 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 00:07 . 2011-06-30 00:07 363560 ----a-w- c:\windows\system32\guard64.dll

2011-06-30 00:07 . 2011-06-30 00:07 285256 ----a-w- c:\windows\SysWow64\guard32.dll

2011-06-29 02:50 . 2010-01-26 08:49 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-06-29 02:50 . 2010-01-29 07:13 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-11 02:56 . 2011-07-13 00:55 3134464 ----a-w- c:\windows\system32\win32k.sys

2011-05-24 11:21 . 2011-06-29 16:22 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:34 . 2011-06-29 16:22 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:34 . 2011-06-29 16:22 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:34 . 2011-06-29 16:22 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32 . 2011-06-29 16:22 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-15 6276408]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-27 1486392]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]

.

c:\users\Krista Fenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 136176]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 136176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]

S3 uxkx164;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\DRIVERS\uxkx164.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 11:43]

.

2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 11:43]

.

2011-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-12 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{E2D94A44-AA45-4D5D-8247-A3F3162C0A6E}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Krista Fenix\AppData\Roaming\Mozilla\Firefox\Profiles\gbp70c47.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-12 15:01:08

ComboFix-quarantined-files.txt 2011-08-12 05:31

.

Pre-Run: 548,370,386,944 bytes free

Post-Run: 548,340,711,424 bytes free

.

- - End Of File - - 33D6F24DAF76C19918742D493444618B

and here's my new DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Krista Fenix at 15:06:06 on 2011-08-12

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2225 [GMT 9.5:30]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\mcGlidHost.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509132847.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

StartupFolder: C:\Users\KRISTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\KRISTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA}\24967605F6E64683737393 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{8A6A6D7D-6A41-49C4-9825-70C777979B99}\24967605F6E64683737393 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{E2D94A44-AA45-4D5D-8247-A3F3162C0A6E} : NameServer = 156.154.70.22,156.154.71.22

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110509132847.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe

mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Krista Fenix\AppData\Roaming\Mozilla\Firefox\Profiles\gbp70c47.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Krista Fenix\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-26 92160]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-26 161080]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-4 366640]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-11 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-11 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-9-11 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-11 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-11 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-13 25072]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys --> C:\Windows\system32\DRIVERS\wg111v2.sys [?]

R3 uxkx164;ASUS My Cinema U3100 Mini DVBT;C:\Windows\system32\DRIVERS\uxkx164.sys --> C:\Windows\system32\DRIVERS\uxkx164.sys [?]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-19 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-6 1153368]

S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\system32\Drivers\usbVM31b.sys --> C:\Windows\system32\Drivers\usbVM31b.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-19 136176]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-08-12 05:15:30 208896 ----a-w- C:\Windows\MBR.exe

2011-08-12 05:15:28 256000 ----a-w- C:\Windows\PEV.exe

2011-08-12 05:15:27 98816 ----a-w- C:\Windows\sed.exe

2011-08-12 05:15:27 518144 ----a-w- C:\Windows\SWREG.exe

2011-08-12 05:15:13 -------- d-----w- C:\ComboFix

2011-08-11 14:56:54 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-08-11 14:52:43 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-08-11 04:52:59 482816 ----a-w- C:\Windows\System32\html.iec

2011-08-11 04:52:59 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-08-11 04:52:59 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-08-11 04:52:59 163328 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2011-08-11 04:52:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-11 04:52:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-08-11 04:45:59 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-08-11 04:44:41 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-11 04:44:40 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-08-11 04:44:40 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-08-07 06:58:26 -------- d-----w- C:\ProgramData\Comodo

2011-08-07 06:58:21 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2011-08-07 06:58:21 -------- d-----w- C:\Program Files\COMODO

2011-08-07 06:57:40 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-08-06 08:48:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-08-06 08:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-08-06 08:25:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-08-06 08:25:37 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-08-04 09:02:41 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-08-04 07:49:09 -------- d-----w- C:\Users\Krista Fenix\AppData\Roaming\Malwarebytes

2011-08-04 07:49:04 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-04 07:49:03 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-04 07:49:00 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-04 07:49:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-04 06:56:09 65536 --sha-r- C:\Windows\SysWow64\xwizards5.dll

2011-07-31 06:37:28 -------- d-----w- C:\Users\Krista Fenix\AppData\Local\etax2011

2011-07-31 06:36:43 -------- d-----w- C:\Program Files (x86)\etax2011

2011-07-28 05:34:44 -------- d-----w- C:\MYOBODBCAU9

2011-07-28 05:34:44 -------- d-----w- C:\MYOBODBC

2011-07-28 05:33:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wintertree

2011-07-28 05:33:33 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap

2011-07-28 05:32:22 -------- d-----w- C:\Program Files (x86)\MYOB

2011-07-28 05:32:22 -------- d-----w- C:\myob185ED

2011-07-14 02:14:06 -------- d-----w- C:\ProgramData\Fugazo

2011-07-14 01:31:43 -------- d-----w- C:\ProgramData\Oberon Media

.

==================== Find3M ====================

.

2011-08-12 04:41:37 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-30 00:08:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-06-30 00:08:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-06-30 00:08:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-06-30 00:07:26 363560 ----a-w- C:\Windows\System32\guard64.dll

2011-06-30 00:07:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

.

============= FINISH: 15:07:00.19 ===============

Link to post
Share on other sites

Oh by the way, I noticed that after running ComboFix windows security centre and microsoft security essentials is working again. But when i open microsoft security essentials, it sais that its outdated and i should restart it. But when i click 'start now' it pops up with "Couldnt start the security essentials service. The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." Can you tell me what that means? Also, can you advise me if I need all Malwayrebytes, Comodo Firewall, Spybot Search and Destroy and Mcaffee? Cuz thats wat i currently have now. And also do i need microsoft security essentials? Thanks so much for the help

Link to post
Share on other sites

Ok so I have:

1. McAfee Security Centre which came with my Dell computer.

2. Comodo Firewall

3. Spybot - Search and Destroy

4. Malwarebytes' Anti-Malware

5. Microsoft Security Essentials - which currently doesn't work

Ive only recently installed Comodo, Spybot, Malwarebytes and MSE after I found out that I had a virus. So i'm not really sure if i'm using it right and if i actually need all of them...

And no, it just shows this "Virtumon de.dll - Trojans C-02" and when I click the info tab it just sais "no information available"

Link to post
Share on other sites

  • Staff

Hi,

In that case I recommend uninstalling all McAfee components. After that, reboot.

Run this removal tool:

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Reboot.

See if Microsoft Security Essentials runs now. If not, reinstall it.

Can you get a log from Spybot? I personally don't see evidence of that infection, and if that's a false positive/it doesn't even show a report, then I would uninstall it.

Link to post
Share on other sites

hi, so i've removed McAfee and have reinstalled MSE. MSE is now working :D

Also, i have scanned spybot again and it now shows a description for the problem:

Company:

Product: Virtumonde.Dll

Threat: Trojan

Description

Part of the Virtumonde trojan horse. These dynamic link libraries get installed as browser helper objects to get loaded with the Internet Explorer. They also get started via winlogon, thus getting started when a user logs on. Removal requires reboot, the Internet Explorer should not be used when infected with Virtumonde. For further help with removal please contact Team Spybot S&D via email detections@spybot.info or forums: http://forums.spybot.info/

Do you know how I can fix this? Thankyou :)

Link to post
Share on other sites

I think these are the logs?

--- Report generated: 2011-08-24 17:19 ---

Virtumonde.dll: [sBI $2F4068FC] Library (File, nothing done)

C:\Windows\System32\xwizards5.dll

Properties.size=65536

Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Properties.filedate=1312440969

Properties.filedatetext=2011-08-04 16:26:09

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-01-26 TeaTimer.exe (1.6.4.26)

2011-08-06 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-01-26 advcheck.dll (1.6.2.15)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2011-03-18 Includes\Adware.sbi (*)

2011-06-28 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2010-12-14 Includes\Dialer.sbi (*)

2011-03-08 Includes\DialerC.sbi (*)

2011-02-24 Includes\HeavyDuty.sbi (*)

2011-03-29 Includes\Hijackers.sbi (*)

2011-05-16 Includes\HijackersC.sbi (*)

2010-09-16 Includes\iPhone.sbi (*)

2010-12-14 Includes\Keyloggers.sbi (*)

2011-03-08 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2011-04-05 Includes\Malware.sbi (*)

2011-08-02 Includes\MalwareC.sbi (*)

2011-02-24 Includes\PUPS.sbi (*)

2011-05-24 Includes\PUPSC.sbi (*)

2010-01-26 Includes\Revision.sbi (*)

2011-02-24 Includes\Security.sbi (*)

2011-05-03 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2011-02-24 Includes\Spyware.sbi (*)

2011-06-14 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2011-06-20 Includes\Trojans.sbi (*)

2011-08-01 Includes\TrojansC-02.sbi (*)

2011-07-19 Includes\TrojansC-03.sbi (*)

2011-08-02 Includes\TrojansC-04.sbi (*)

2011-08-01 Includes\TrojansC-05.sbi (*)

2011-07-19 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- Report generated: 2011-08-24 17:26 ---

Virtumonde.dll: [sBI $2F4068FC] Library (File, fixed)

C:\Windows\System32\xwizards5.dll

Properties.size=65536

Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Properties.filedate=1312440969

Properties.filedatetext=2011-08-04 16:26:09

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-01-26 TeaTimer.exe (1.6.4.26)

2011-08-06 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-01-26 advcheck.dll (1.6.2.15)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2011-03-18 Includes\Adware.sbi (*)

2011-06-28 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2010-12-14 Includes\Dialer.sbi (*)

2011-03-08 Includes\DialerC.sbi (*)

2011-02-24 Includes\HeavyDuty.sbi (*)

2011-03-29 Includes\Hijackers.sbi (*)

2011-05-16 Includes\HijackersC.sbi (*)

2010-09-16 Includes\iPhone.sbi (*)

2010-12-14 Includes\Keyloggers.sbi (*)

2011-03-08 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2011-04-05 Includes\Malware.sbi (*)

2011-08-02 Includes\MalwareC.sbi (*)

2011-02-24 Includes\PUPS.sbi (*)

2011-05-24 Includes\PUPSC.sbi (*)

2010-01-26 Includes\Revision.sbi (*)

2011-02-24 Includes\Security.sbi (*)

2011-05-03 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2011-02-24 Includes\Spyware.sbi (*)

2011-06-14 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2011-06-20 Includes\Trojans.sbi (*)

2011-08-01 Includes\TrojansC-02.sbi (*)

2011-07-19 Includes\TrojansC-03.sbi (*)

2011-08-02 Includes\TrojansC-04.sbi (*)

2011-08-01 Includes\TrojansC-05.sbi (*)

2011-07-19 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Link to post
Share on other sites

  • Staff

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad. Copy and paste the text in the Code box below into Notepad:

http://forums.malwarebytes.org/index.php?showtopic=92233
Suspect::
C:\Windows\System32\xwizards5.dll

Save this as CFScript.txt

CFScriptB-4.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

Link to post
Share on other sites

Hi, here is the log:

ComboFix 11-08-27.01 - Krista Fenix 28/08/2011 18:50:11.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2493 [GMT 9.5:30]

Running from: c:\users\Krista Fenix\Desktop\ComboFix.exe

Command switches used :: c:\users\Krista Fenix\Desktop\CFScript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))

.

.

2011-08-28 09:23 . 2011-08-28 09:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-28 04:02 . 2011-08-11 11:40 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B3362B2-9F98-48C2-92C1-84C59AEB6CD6}\mpengine.dll

2011-08-24 07:30 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 07:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-22 03:14 . 2011-08-11 11:40 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-20 13:42 . 2011-07-06 10:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-20 13:42 . 2011-08-20 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-20 13:14 . 2011-08-20 13:14 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A01B0804-D57C-4D67-B5A1-DAE422C3D526}\gapaengine.dll

2011-08-20 13:14 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-08-20 13:08 . 2011-08-20 13:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-08-20 13:08 . 2011-08-20 13:08 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-16 06:46 . 2011-07-20 00:14 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{543B8F9F-4A27-49A9-89EA-67D36762E5AD}\mpengine.dll

2011-08-13 00:07 . 2011-08-13 00:07 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-11 14:56 . 2011-08-11 14:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-08-11 14:52 . 2011-08-11 14:52 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-08-11 04:52 . 2011-06-21 05:35 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-08-11 04:52 . 2011-06-21 05:34 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2011-08-11 04:52 . 2011-06-21 05:05 482816 ----a-w- c:\windows\system32\html.iec

2011-08-11 04:52 . 2011-06-21 04:26 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-08-11 04:52 . 2011-07-22 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-11 04:52 . 2011-07-22 04:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-11 04:45 . 2011-07-16 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-08-11 04:44 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-11 04:44 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-11 04:44 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-07 06:58 . 2011-08-07 07:06 -------- d-----w- c:\programdata\Comodo

2011-08-07 06:58 . 2011-08-07 06:59 -------- d-----w- c:\program files\COMODO

2011-08-07 06:58 . 2011-08-07 06:58 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2011-08-07 06:57 . 2011-08-07 06:58 -------- d-----w- c:\programdata\Comodo Downloader

2011-08-06 08:48 . 2011-08-06 09:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-06 08:48 . 2011-08-06 08:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-08-04 09:02 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\users\Krista Fenix\AppData\Roaming\Malwarebytes

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\programdata\Malwarebytes

2011-08-04 07:49 . 2011-07-06 10:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-04 07:11 . 2011-08-04 07:11 -------- d-----w- c:\users\Krista Fenix\AppData\Roaming\Yahoo!

2011-08-04 06:56 . 2011-08-04 06:56 65536 --sha-r- c:\windows\SysWow64\xwizards5.dll

2011-07-31 06:37 . 2011-07-31 06:37 -------- d-----w- c:\users\Krista Fenix\AppData\Local\etax2011

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 04:41 . 2011-06-01 04:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 04:32 . 2011-08-11 04:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-02 06:30 . 2010-01-19 06:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-07-02 06:30 . 2010-01-19 06:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-30 00:08 . 2011-06-30 00:08 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 00:08 . 2011-06-30 00:08 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 00:08 . 2011-06-30 00:08 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 00:08 . 2011-06-30 00:08 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 00:07 . 2011-06-30 00:07 363560 ----a-w- c:\windows\system32\guard64.dll

2011-06-30 00:07 . 2011-06-30 00:07 285256 ----a-w- c:\windows\SysWow64\guard32.dll

2011-06-29 02:50 . 2010-01-26 08:49 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-06-29 02:50 . 2010-01-29 07:13 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-11 02:56 . 2011-07-13 00:55 3134464 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-12_05.27.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-25 18:21 . 2011-08-28 09:26 58108 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-28 09:26 41964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-20 01:50 . 2011-08-28 09:26 16466 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1156255608-36011131-2002208574-1000_UserData.bin

- 2010-01-19 05:33 . 2011-08-12 05:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-19 05:33 . 2011-08-28 09:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 05:33 . 2011-08-12 05:24 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-19 05:33 . 2011-08-28 09:24 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-14 02:50 . 2011-08-14 02:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011081420110815\index.dat

- 2009-07-14 04:54 . 2011-08-12 05:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-28 09:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-02-24 04:52 . 2010-02-02 08:39 49664 c:\windows\servicing\GC64\tzupd.exe

+ 2011-08-24 07:30 . 2011-07-09 05:16 49664 c:\windows\servicing\GC64\tzupd.exe

+ 2010-01-19 05:47 . 2011-08-28 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 05:47 . 2011-08-12 04:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-08-27 05:41 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-01-19 05:47 . 2011-08-12 04:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-19 05:47 . 2011-08-28 03:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-19 05:47 . 2011-08-12 04:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 05:47 . 2011-08-28 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 06:01 . 2011-08-28 09:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 06:01 . 2011-08-12 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 06:01 . 2011-08-12 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 06:01 . 2011-08-28 09:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-12 07:42 . 2011-08-12 07:42 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a2ef92260effc4f8cef9339a24ba230b\UIAutomationProvider.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\fd3809e0cf174aaadc13e0b409123fd3\System.Windows.Presentation.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\6b87fc6f1e65b1bf6df19a9bd5b02f80\System.Web.ApplicationServices.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\49989f9c9f180a49b0953cb47078df77\System.ServiceModel.Channels.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\6c15a9f7fb56275fb9ad22ae306d9d42\System.AddIn.Contract.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\9cce7d40f80e50a7e43d8e99f039359f\Microsoft.VisualC.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\ec6caf1c86ddb8ce9d7a89adb10264e8\Accessibility.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\9f75cf0ba85fc0f07265b6a4739145b0\System.Windows.Presentation.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\307dcd6df5b1b2d6138047f9066a9cd7\System.Web.DynamicData.Design.ni.dll

+ 2011-08-28 09:24 . 2011-08-28 09:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-12 04:20 . 2011-08-12 04:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-28 09:24 . 2011-08-28 09:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-12 04:20 . 2011-08-12 04:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-12 07:42 . 2011-08-12 07:42 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\2d01a98c567028c2aa3f58b71581c708\dfsvc.ni.exe

- 2011-08-12 04:20 . 2009-04-30 06:30 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

+ 2011-08-28 09:24 . 2009-04-30 06:30 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

- 2011-08-12 04:20 . 2009-04-30 06:31 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2011-08-28 09:24 . 2009-04-30 06:31 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2011-08-13 00:07 . 2011-05-03 19:22 157472 c:\windows\SysWOW64\javaws.exe

- 2011-03-18 13:55 . 2011-02-02 11:10 157472 c:\windows\SysWOW64\javaws.exe

- 2011-03-18 13:55 . 2011-02-02 11:10 145184 c:\windows\SysWOW64\javaw.exe

+ 2011-08-13 00:07 . 2011-05-03 19:22 145184 c:\windows\SysWOW64\javaw.exe

- 2011-03-18 13:55 . 2011-02-02 11:10 145184 c:\windows\SysWOW64\java.exe

+ 2011-08-13 00:07 . 2011-05-03 19:22 145184 c:\windows\SysWOW64\java.exe

- 2010-05-19 23:30 . 2011-02-02 11:10 472808 c:\windows\SysWOW64\deployJava1.dll

+ 2010-05-19 23:30 . 2011-05-03 19:22 472808 c:\windows\SysWOW64\deployJava1.dll

+ 2010-09-11 03:52 . 2011-08-20 12:57 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT

- 2010-09-11 03:52 . 2010-09-11 03:52 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT

+ 2010-09-11 03:52 . 2011-08-20 12:57 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT

- 2010-09-11 03:52 . 2010-09-11 03:52 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT

+ 2010-09-11 03:52 . 2011-08-20 12:57 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT

- 2010-09-11 03:52 . 2010-09-11 03:52 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT

+ 2010-01-30 09:28 . 2011-08-19 13:53 255864 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2011-08-28 08:56 651336 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-08-28 08:56 120352 c:\windows\system32\perfc009.dat

- 2009-07-14 05:12 . 2011-08-12 05:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2011-08-28 09:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2011-08-28 09:24 424900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-08-11 14:57 424900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-13 00:07 . 2011-08-13 00:07 207360 c:\windows\Installer\79544.msi

+ 2011-08-12 09:10 . 2011-08-12 09:10 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\11f340731d6cd696ae7b8b6351702cbe\WindowsFormsIntegration.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\8d3a679adab2761b52ffbb45c9c3a424\UIAutomationTypes.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\0335e0194e209f69c3bd7104f3072818\UIAutomationClient.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c829c221dcccf40edbd75a0db8677d8a\System.Xml.Linq.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\004e12aad2006c3e9b30c08d52f8785b\System.Windows.Input.Manipulations.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\801e4d0a25c5afb1288c890f9e71257a\System.Transactions.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0af5485ccb0e43dd200f9e21f5eb60bd\System.ServiceProcess.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cfb228e35c0876d643008f616a8e132f\System.ServiceModel.Routing.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\dd02eb52dead028e9ca47004a0ef6811\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 762368 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1aad834c96402d8cb42631dcbcb14848\System.Runtime.Remoting.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\772b52e4ac8936b913fe017d909c75e4\System.Net.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\800c19289623b452a4681765004a6593\System.Messaging.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\0d9d8caf2b678f6163062213fbebba79\System.Management.Instrumentation.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\f3dae22180575540ae1cce1dc3310ec8\System.IO.Log.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\29722312a1eb3d003a4b1d13a99ce7a2\System.IdentityModel.Selectors.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3543c115bdc594a29a010e8a9ce20b55\System.EnterpriseServices.Wrapper.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\3543c115bdc594a29a010e8a9ce20b55\System.EnterpriseServices.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\cf4c1eab5c582c8b3240df27a1571014\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\2bb5db827de2910b7ab3b83b402edbd1\System.DirectoryServices.Protocols.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\eb2b27bc25184cd6878192ce2af5d37a\System.Device.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\0861be947a9873ce65c95ad6306dc4b8\System.Data.DataSetExtensions.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\bfcf802a51a71bdb239e504eac1b2343\System.Configuration.Install.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\75be7916fe8bb0db3fa194b8d6ef9d9b\System.ComponentModel.DataAnnotations.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\0f1bafb387e3571c1b75bf5f3dbc7d41\System.AddIn.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\742dd858317919b757db0d2222c57e7b\System.Activities.DurableInstancing.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\7a5c39f61b17e969dfc6c6a7068c49c4\SMSvcHost.ni.exe

+ 2011-08-12 07:42 . 2011-08-12 07:42 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\7b4d732795beab50abf3458fa6a267c9\SMDiagnostics.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a41ff633fc02c4f82a653e98263f9684\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\1751b025496942925f09bc6409e3a175\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\05cdbb716020bb07505b04593ee0f2b0\CustomMarshalers.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 321024 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\b72d0c21f3037af142182fff51ca5d35\WsatConfig.ni.exe

+ 2011-08-12 07:41 . 2011-08-12 07:41 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\dc851eb6cb72e5c1cd919af309a07023\WindowsFormsIntegration.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\845f1b0de1ea181d8b6c5f6c80ac36c9\TaskScheduler.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d0cd45e286d051133eb0c22c9d9aeb07\System.Web.Routing.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8df481ff9b0ff31f56868f1f1da7125f\System.Web.Extensions.Design.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\1d77a5e95e0c77c5bd6416a3c698794c\System.Web.Entity.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\26e31d7882bf36570241406b949889de\System.Web.Entity.Design.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\bbb609f0cddbe4dfbf8e6a4c59e4b411\System.Web.DynamicData.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 624128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\13c5d50774c47c78278a18e0ac7c34b3\System.Net.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\0d61241c42332d397f7a42c0e347cc93\System.Management.Instrumentation.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\0ae07129df7506c92ac916176f2a4cf8\System.IO.Log.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 887808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\069e0cd93a9f71d4ede4ca76a3fa1fcd\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\fe4d6eab224fe055213f6a450a6712c9\System.Data.Services.Design.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a7695e45449a652a1a5baaba8e8cf5d9\System.Data.Services.Client.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\788cc2579c0a59283c3a1f24ac41323f\sysglobl.ni.dll

- 2009-07-14 04:45 . 2011-08-12 04:23 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2011-08-25 01:00 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-06-12 07:18 . 2011-08-28 09:24 2427000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-06-12 07:18 . 2011-08-11 14:57 2427000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-03-24 13:35 . 2011-08-11 14:57 1269356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1156255608-36011131-2002208574-1000-8192.dat

+ 2011-03-24 13:35 . 2011-08-28 09:24 1269356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1156255608-36011131-2002208574-1000-8192.dat

+ 2011-05-19 07:53 . 2011-05-19 07:53 2708992 c:\windows\Installer\287da.msi

+ 2011-06-15 05:21 . 2011-06-15 05:21 1911808 c:\windows\Installer\287d4.msi

+ 2011-08-12 09:10 . 2011-08-12 09:10 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0ee6dd0ea68bd0023fb12d34d546b7f0\UIAutomationClientsideProviders.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1781760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\75d40b8702403e19cf947062557b1926\System.Xaml.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f15a4db46f1a2e2b99a6b2519612b358\System.Windows.Forms.DataVisualization.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\9d179c77332e8fd8baf44237c976e137\System.Web.Services.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\26d93f247c686ef1197e59b7dc9aeed6\System.Speech.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c45d1f357899d55a35a01e11c5e5884d\System.ServiceModel.Discovery.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8b1292c50fb6f1f67a10f133f64964ec\System.ServiceModel.Activities.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 2637312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\697592d7a5139fd0179ae172dd4f3a61\System.Runtime.Serialization.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1020928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\fd3b1de061baa139b6f863ddd951e06b\System.Runtime.DurableInstancing.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1050112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\282371fbeea0c16b8d75577441fc7136\System.Printing.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\91f218d93a5679fae72c784290bdfe78\System.Management.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\3679b662f2daf3bb39cef3521473c93e\System.IdentityModel.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5e49964d0ae8f1d04a4a960bd4744ae1\System.DirectoryServices.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1878016 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\567d29bc3199874f4e5195ddfdff9cdc\System.Deployment.ni.dll

+ 2011-08-12 09:09 . 2011-08-12 09:09 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\bb4d9c8d8243562c8a6c5c089f10c787\System.Data.Services.Client.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\2b771107fbaeebff1d4a0c1d47b40315\System.Activities.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 3713024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\d95c4d0024643b5700b5ab5317fcc162\System.Activities.Presentation.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1518080 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\4c62d936587f507d63211abc0cb7e897\System.Activities.Core.Presentation.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 2859008 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\a08b36fee10fd35b8428aba33ce4ee5b\ReachFramework.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1630208 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\409eefb3a1406ea2bc3f603758e985c1\PresentationUI.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\60684c3c50a42aa363793812de5fc62f\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\42ac4445fab5ce709d395af714d93ef3\Microsoft.VisualBasic.Activities.Compiler.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\12a104a71f1269dd86e388abc981ad39\Microsoft.VisualBasic.ni.dll

+ 2011-08-12 07:42 . 2011-08-12 07:42 1082368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9bbc95193a8dc77903fdbbb756f8dfb3\Microsoft.Transactions.Bridge.ni.dll

+ 2011-08-12 09:10 . 2011-08-12 09:10 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\1eeab4edcdfa06150049465854aa6355\Microsoft.JScript.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f1e59db76b9edd4deaed2ac55781c902\UIAutomationClientsideProviders.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\763c77ff72e7805a806876425570d8c5\System.WorkflowServices.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c8ebbaa62fb4f086bf05f9393223cd68\System.Web.Mobile.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 2402816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f94f6f6a849eeb39b9b3d4fbae344f4f\System.Web.Extensions.ni.dll

+ 2011-08-12 07:41 . 2011-08-12 07:41 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\b49029aa87036bc216f7ffe095d0e97c\System.Speech.ni.dll

- 2009-07-14 02:34 . 2011-08-12 04:35 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-08-28 04:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-08-12 09:10 . 2011-08-12 09:10 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\18d8c49bf080b7e4f0614e01ad090954\System.ServiceModel.ni.dll

+ 2011-08-12 09:09 . 2011-08-12 09:09 13325312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\dd205d6f7dd50a72002b928202ca3818\System.Data.Entity.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-15 6276408]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Krista Fenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 136176]

R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 136176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]

S3 uxkx164;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\DRIVERS\uxkx164.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 11:43]

.

2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 11:43]

.

2011-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-28 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{E2D94A44-AA45-4D5D-8247-A3F3162C0A6E}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Krista Fenix\AppData\Roaming\Mozilla\Firefox\Profiles\gbp70c47.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe

.

**************************************************************************

.

Completion time: 2011-08-28 18:59:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-28 09:29

ComboFix2.txt 2011-08-12 05:31

.

Pre-Run: 547,015,110,656 bytes free

Post-Run: 548,043,497,472 bytes free

.

- - End Of File - - BF89F279337A8DA96954FDA9DD762069

Link to post
Share on other sites

  • Staff

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

KILLALL::
FILE::
C:\Windows\System32\xwizards5.dll

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hi, this is the log for ComboFix:

ComboFix 11-08-31.02 - Krista Fenix 31/08/2011 21:48:10.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2549 [GMT 9.5:30]

Running from: c:\users\Krista Fenix\Desktop\ComboFix.exe

Command switches used :: c:\users\Krista Fenix\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:\windows\System32\xwizards5.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5830\Downloads\0d85b53c-d766-4bf0-8940-17b534910268.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))))))))))))))))))))))))))

.

.

2011-08-31 12:21 . 2011-08-31 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-31 07:20 . 2011-08-11 11:40 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EFCBF0D-8C7B-479E-B8F4-658C31120772}\mpengine.dll

2011-08-24 07:30 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 07:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-22 03:14 . 2011-08-11 11:40 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-20 13:42 . 2011-07-06 10:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-20 13:42 . 2011-08-20 13:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-20 13:14 . 2011-08-20 13:14 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A01B0804-D57C-4D67-B5A1-DAE422C3D526}\gapaengine.dll

2011-08-20 13:14 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-08-20 13:08 . 2011-08-20 13:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-08-20 13:08 . 2011-08-20 13:08 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-16 06:46 . 2011-07-20 00:14 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{543B8F9F-4A27-49A9-89EA-67D36762E5AD}\mpengine.dll

2011-08-13 00:07 . 2011-08-13 00:07 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-11 14:56 . 2011-08-11 14:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-08-11 14:52 . 2011-08-11 14:52 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-08-11 04:52 . 2011-06-21 05:35 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-08-11 04:52 . 2011-06-21 05:34 163328 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll

2011-08-11 04:52 . 2011-06-21 05:05 482816 ----a-w- c:\windows\system32\html.iec

2011-08-11 04:52 . 2011-06-21 04:26 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-08-11 04:52 . 2011-07-22 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-11 04:52 . 2011-07-22 04:56 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-08-11 04:45 . 2011-07-16 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-08-11 04:44 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-11 04:44 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-11 04:44 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-07 06:58 . 2011-08-07 07:06 -------- d-----w- c:\programdata\Comodo

2011-08-07 06:58 . 2011-08-07 06:59 -------- d-----w- c:\program files\COMODO

2011-08-07 06:58 . 2011-08-07 06:58 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2011-08-07 06:57 . 2011-08-07 06:58 -------- d-----w- c:\programdata\Comodo Downloader

2011-08-06 08:48 . 2011-08-06 09:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-06 08:48 . 2011-08-06 08:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-08-04 09:02 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\users\Krista Fenix\AppData\Roaming\Malwarebytes

2011-08-04 07:49 . 2011-08-04 07:49 -------- d-----w- c:\programdata\Malwarebytes

2011-08-04 07:49 . 2011-07-06 10:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-04 07:11 . 2011-08-04 07:11 -------- d-----w- c:\users\Krista Fenix\AppData\Roaming\Yahoo!

2011-08-04 06:56 . 2011-08-04 06:56 65536 --sha-r- c:\windows\SysWow64\xwizards5.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 04:41 . 2011-06-01 04:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 04:32 . 2011-08-11 04:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-02 06:30 . 2010-01-19 06:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-07-02 06:30 . 2010-01-19 06:03 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-30 00:08 . 2011-06-30 00:08 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-06-30 00:08 . 2011-06-30 00:08 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-06-30 00:08 . 2011-06-30 00:08 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-06-30 00:08 . 2011-06-30 00:08 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-06-30 00:07 . 2011-06-30 00:07 363560 ----a-w- c:\windows\system32\guard64.dll

2011-06-30 00:07 . 2011-06-30 00:07 285256 ----a-w- c:\windows\SysWow64\guard32.dll

2011-06-29 02:50 . 2010-01-26 08:49 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-06-29 02:50 . 2010-01-29 07:13 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-11 02:56 . 2011-07-13 00:55 3134464 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-08-28_09.24.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-25 18:21 . 2011-08-31 07:10 58148 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-31 07:10 41964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-08-28 09:26 41964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-20 01:50 . 2011-08-31 07:10 16490 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1156255608-36011131-2002208574-1000_UserData.bin

+ 2010-01-19 05:33 . 2011-08-31 12:22 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 05:33 . 2011-08-28 09:24 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 05:33 . 2011-08-28 09:24 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-01-19 05:33 . 2011-08-31 12:22 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-31 12:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-08-28 09:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 05:47 . 2011-08-31 07:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 05:47 . 2011-08-28 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-01-19 05:47 . 2011-08-31 07:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-19 05:47 . 2011-08-28 03:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-01-19 05:47 . 2011-08-28 03:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 05:47 . 2011-08-31 07:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 06:01 . 2011-08-31 12:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 06:01 . 2011-08-28 09:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-01-19 06:01 . 2011-08-28 09:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-01-19 06:01 . 2011-08-31 12:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-31 12:22 . 2011-08-31 12:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-28 09:24 . 2011-08-28 09:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-31 12:22 . 2011-08-31 12:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-28 09:24 . 2011-08-28 09:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-28 09:24 . 2009-04-30 06:30 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

+ 2011-08-31 12:22 . 2009-04-30 06:30 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll

- 2011-08-28 09:24 . 2009-04-30 06:31 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

+ 2011-08-31 12:22 . 2009-04-30 06:31 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll

- 2009-07-14 02:36 . 2011-08-28 08:56 651336 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-08-30 13:37 651336 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-08-28 08:56 120352 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-08-30 13:37 120352 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:12 . 2011-08-31 12:22 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2011-08-28 09:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2011-08-31 12:22 424900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-08-28 09:24 424900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-10 11:40 . 2011-08-30 12:57 849060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1156255608-36011131-2002208574-1000-12288.dat

- 2011-07-10 11:40 . 2011-08-04 09:17 849060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1156255608-36011131-2002208574-1000-12288.dat

- 2010-06-12 07:18 . 2011-08-28 09:24 2427000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-06-12 07:18 . 2011-08-31 12:22 2427000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-03-24 13:35 . 2011-08-31 12:22 1269356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1156255608-36011131-2002208574-1000-8192.dat

- 2011-03-24 13:35 . 2011-08-28 09:24 1269356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1156255608-36011131-2002208574-1000-8192.dat

- 2009-07-14 02:34 . 2011-08-28 04:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-08-31 11:27 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-15 6276408]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]

"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]

"OM2_Monitor"="c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\users\Krista Fenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 136176]

R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 136176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]

R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]

S3 uxkx164;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\DRIVERS\uxkx164.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 11:43]

.

2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-19 11:43]

.

2011-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-08-31 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2710856]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{E2D94A44-AA45-4D5D-8247-A3F3162C0A6E}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Krista Fenix\AppData\Roaming\Mozilla\Firefox\Profiles\gbp70c47.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe

c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

.

**************************************************************************

.

Completion time: 2011-08-31 21:57:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-31 12:27

ComboFix2.txt 2011-08-28 09:29

ComboFix3.txt 2011-08-12 05:31

.

Pre-Run: 541,501,382,656 bytes free

Post-Run: 542,491,025,408 bytes free

.

- - End Of File - - 1B6626313BBE690A665AC046EBB73FD6

And this is for DDS:

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Krista Fenix at 21:58:31 on 2011-08-31

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2496 [GMT 9.5:30]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode

uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\KRISTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\KRISTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6B5564CB-BAFC-4655-A449-AFBE90C859DA}\24967605F6E64683737393 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{8A6A6D7D-6A41-49C4-9825-70C777979B99}\24967605F6E64683737393 : DhcpNameServer = 10.0.0.138

TCP: Interfaces\{E2D94A44-AA45-4D5D-8247-A3F3162C0A6E} : NameServer = 156.154.70.22,156.154.71.22

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Krista Fenix\AppData\Roaming\Mozilla\Firefox\Profiles\gbp70c47.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Krista Fenix\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-12-26 92160]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-6 1153368]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys --> C:\Windows\system32\DRIVERS\wg111v2.sys [?]

R3 uxkx164;ASUS My Cinema U3100 Mini DVBT;C:\Windows\system32\DRIVERS\uxkx164.sys --> C:\Windows\system32\DRIVERS\uxkx164.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-19 136176]

S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\system32\Drivers\usbVM31b.sys --> C:\Windows\system32\Drivers\usbVM31b.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-19 136176]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-13 25072]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2011-08-31 07:20:13 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EFCBF0D-8C7B-479E-B8F4-658C31120772}\mpengine.dll

2011-08-24 07:30:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 07:30:26 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-22 03:14:51 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-20 13:42:23 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-20 13:42:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-20 13:14:22 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A01B0804-D57C-4D67-B5A1-DAE422C3D526}\gapaengine.dll

2011-08-20 13:14:11 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-08-20 13:08:12 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-08-20 13:08:07 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-08-16 06:46:00 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{543B8F9F-4A27-49A9-89EA-67D36762E5AD}\mpengine.dll

2011-08-12 05:15:30 208896 ----a-w- C:\Windows\MBR.exe

2011-08-12 05:15:28 256000 ----a-w- C:\Windows\PEV.exe

2011-08-12 05:15:27 98816 ----a-w- C:\Windows\sed.exe

2011-08-12 05:15:27 518144 ----a-w- C:\Windows\SWREG.exe

2011-08-11 14:56:54 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-08-11 14:52:43 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-08-11 04:52:59 482816 ----a-w- C:\Windows\System32\html.iec

2011-08-11 04:52:59 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-08-11 04:52:59 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-08-11 04:52:59 163328 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll

2011-08-11 04:52:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-08-11 04:52:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-08-11 04:45:59 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-08-11 04:44:41 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-11 04:44:40 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-08-11 04:44:40 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-08-07 06:58:26 -------- d-----w- C:\ProgramData\Comodo

2011-08-07 06:58:21 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2011-08-07 06:58:21 -------- d-----w- C:\Program Files\COMODO

2011-08-07 06:57:40 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-08-06 08:48:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-08-06 08:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-08-04 09:02:41 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-08-04 07:49:09 -------- d-----w- C:\Users\Krista Fenix\AppData\Roaming\Malwarebytes

2011-08-04 07:49:03 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-04 07:49:00 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-04 06:56:09 65536 --sha-r- C:\Windows\SysWow64\xwizards5.dll

.

==================== Find3M ====================

.

2011-08-12 04:41:37 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-30 00:08:10 41712 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-06-30 00:08:08 252344 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-06-30 00:08:08 16016 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-06-30 00:07:26 363560 ----a-w- C:\Windows\System32\guard64.dll

2011-06-30 00:07:26 285256 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 21:59:03.12 ===============

Link to post
Share on other sites

  • Staff

Great!

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi! I have done the ESET Online Scanner, except that when i tried to open the logfile, it wasn't it Program Files. It was in C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt and this is what it had:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Is that right?

Also, I've done you're Security Check and here's what i got:

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player 10.3.183.5

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

My computer seems to be all good now and i've ran scans on it and no threats have been found :) Again, Thanks so much for helping!!! :D

Link to post
Share on other sites

  • Staff

Hi,

Great!

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Reader 9.0

Java™ 6 Update 26

Restart your computer.

Get the latest version of Java and Adobe Reader.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.