Lingering effects of FakeAlert virus or something else?

[kells]

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011 9:52.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2475 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Adobe\Reader 8.0
c:\users\ChooseUrDestiny\AppData\Local\{8F0DBDD7-28C8-415B-94A6-989B2DF65742}
c:\users\ChooseUrDestiny\AppData\Local\{DDAF342D-32B2-486F-871B-8AC7506D3897}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 13:56 . 2011-04-26 13:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-26 13:56 . 2011-04-26 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 13:15 . 2011-04-26 13:15 -------- d-----w- c:\program files\CCleaner
2011-04-26 12:53 . 2011-04-11 05:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8B91A0-B1EC-458E-AEAA-0B6A0AD8AA70}\mpengine.dll
2011-04-26 11:26 . 2011-04-26 11:26 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:23 . 2011-04-26 11:23 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-25 15:56 . 2011-04-25 15:56 388096 ----a-r- c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24 30736 ----a-w- c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03 -------- d-----w- c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18 33264 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19 -------- d-----w- C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23 -------- d-----w- c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59 -------- d-----w- c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17 -------- d-----w- c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29 -------- d-----w- c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29 342016 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16 271872 ----a-w- c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51 193592 ----a-w- c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51 167480 ----a-w- c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57 22016 ----a-w- c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17 384000 ----a-w- c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17 352256 ----a-w- c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17 309760 ----a-w- c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16 218112 ----a-w- c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29 286720 ----a-w- c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24 321536 ----a-w- c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18 507904 ----a-w- c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32 60440 ----a-w- c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09 -------- d-----w- C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23 46112 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55 256 ----a-w- c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11 -------- d-----w- c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58 -------- d-----w- c:\programdata\CA2
2011-03-27 14:32 . 2011-03-27 14:32 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Roaming\MusicNet
2011-03-27 14:29 . 2011-03-29 01:53 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\iMesh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16 133632 ----a-w- c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57 551424 ----a-w- c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.46.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23 82628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23 47608 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23 16306 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25 72064 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 13:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 13:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23 404192 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41 481060 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20 634562 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20 132530 c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11 270720 c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25 188928 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43 405980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21 405980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21 1356432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43 1356432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00 2697216 c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34 1682432 c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DeeperWeb for Google: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26 09:58:42
ComboFix-quarantined-files.txt 2011-04-26 13:58
ComboFix2.txt 2011-04-26 12:28
ComboFix3.txt 2011-04-25 18:56
.
Pre-Run: 317,052,092,416 bytes free
Post-Run: 317,006,970,880 bytes free
.
- - End Of File - - 03705F14F831209BAE192E9DBDE25B1A

Sorry I took so long!

 

[johnb35]

Ok, one more time as those registry keys are still locked, not sure if you copied the script right or not.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Then rerun hijactkhis and place checks next to the following entries if they exist.

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Then click on fix checked.

 

[kells]

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011 10:40:23.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2404 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 14:44 . 2011-04-26 14:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-26 14:44 . 2011-04-26 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 13:15 . 2011-04-26 13:15 -------- d-----w- c:\program files\CCleaner
2011-04-26 12:53 . 2011-04-11 05:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8B91A0-B1EC-458E-AEAA-0B6A0AD8AA70}\mpengine.dll
2011-04-26 11:26 . 2011-04-26 11:26 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:23 . 2011-04-26 11:23 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-25 15:56 . 2011-04-25 15:56 388096 ----a-r- c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24 30736 ----a-w- c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03 -------- d-----w- c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18 33264 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19 -------- d-----w- C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23 -------- d-----w- c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59 -------- d-----w- c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17 -------- d-----w- c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29 -------- d-----w- c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29 342016 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16 271872 ----a-w- c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51 193592 ----a-w- c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51 167480 ----a-w- c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57 22016 ----a-w- c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17 384000 ----a-w- c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17 352256 ----a-w- c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17 309760 ----a-w- c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16 218112 ----a-w- c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29 286720 ----a-w- c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24 321536 ----a-w- c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18 507904 ----a-w- c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32 60440 ----a-w- c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09 -------- d-----w- C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23 46112 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55 256 ----a-w- c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11 -------- d-----w- c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58 -------- d-----w- c:\programdata\CA2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16 133632 ----a-w- c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57 551424 ----a-w- c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.46.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23 82628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23 47608 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23 16306 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25 72064 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23 404192 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41 481060 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20 634562 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20 132530 c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11 270720 c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25 188928 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43 405980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21 405980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21 1356432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43 1356432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00 2697216 c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34 1682432 c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DeeperWeb for Google: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26 10:46:18
ComboFix-quarantined-files.txt 2011-04-26 14:46
ComboFix2.txt 2011-04-26 13:58
ComboFix3.txt 2011-04-26 12:28
ComboFix4.txt 2011-04-25 18:56
.
Pre-Run: 317,051,162,624 bytes free
Post-Run: 316,775,403,520 bytes free
.
- - End Of File - - 2EE23EF68EA3E8DD80A9B57A267DBDA6

 

[kells]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:20 AM, on 4/26/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/66.30/uploader2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232250D6-43F2-461E-AA14-7B3E3DE16A00}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F}: NameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE72BB85-526E-43A3-A0B9-FDD6215E9678}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12143 bytes

 

[johnb35]

The script didn't work because it was named wrong.

Command switches used :: c:\users\ChooseUrDestiny\Desktop\[COLOR="Red"]CFScript.txt.txt[/COLOR]

Rerun the same script but this time, when saving it, don't add the .txt. Save it as cfscript and then press the save button.

 

[kells]

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)

 

[johnb35]

You need to perform the combofix script though. Follow the same instructions as before. Drag the file onto combofix icon.

 

[kells]

I copied and paste the reglock to note pad saved to desktop
drag and drop into combofix it ran its course and then copied
the log. Am I missing something?

 

[johnb35]

The last combofix log you gave me, the script you made was named wrong. See my quote a couple replies back.

When you saved the script in notepad you must have named it cfscript.txt and then pressed save. It then added another .txt at the end of the file, which is why the script didn't work. Lets do it one more time.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[kells]

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for _KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)

Thank you again for your time and patience.

 

[kells]

ComboFix 11-04-25.01 - ChooseUrDestiny 04/26/2011 11:44:26.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2377 [GMT -4:00]
Running from: c:\users\ChooseUrDestiny\Desktop\ComboFix.exe
Command switches used :: c:\users\ChooseUrDestiny\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 15:48 . 2011-04-26 15:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-26 15:48 . 2011-04-26 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 13:15 . 2011-04-26 13:15 -------- d-----w- c:\program files\CCleaner
2011-04-26 12:53 . 2011-04-11 05:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B8B91A0-B1EC-458E-AEAA-0B6A0AD8AA70}\mpengine.dll
2011-04-26 11:26 . 2011-04-26 11:26 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B2D8B34-8FF5-4A89-AE87-C74EB8C83E4B}\gapaengine.dll
2011-04-26 11:23 . 2011-04-26 11:23 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\{EFC43394-46FC-4A80-9800-91B5993ED936}
2011-04-26 11:20 . 2011-04-26 11:20 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-04-26 11:20 . 2011-04-26 11:20 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-26 11:19 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-25 15:56 . 2011-04-25 15:56 388096 ----a-r- c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-25 15:56 . 2011-04-25 15:56 -------- d-----w- c:\program files (x86)\Trend Micro
2011-04-22 14:47 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30981FA8-20A6-4966-A15F-6B5612CCD996}\mpengine.dll
2011-04-14 22:58 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 22:58 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 04:33 . 2009-05-21 19:24 30736 ----a-w- c:\windows\system32\drivers\lmvac.sys
2011-04-14 03:39 . 2011-04-14 12:03 -------- d-----w- c:\program files (x86)\SoundTaxi
2011-04-14 03:39 . 2009-04-16 17:18 33264 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2011-04-14 02:59 . 2011-04-14 04:19 -------- d-----w- C:\Converted
2011-04-14 00:35 . 2011-04-14 00:35 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\CrashRpt
2011-04-14 00:34 . 2011-04-14 02:23 -------- d-----w- c:\program files (x86)\RapidSolution
2011-04-14 00:34 . 2011-04-14 01:59 -------- d-----w- c:\programdata\RapidSolution
2011-04-14 00:30 . 2011-04-14 00:58 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Local\RapidSolution
2011-04-13 23:52 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2011-04-13 23:52 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2011-04-13 23:51 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2011-04-13 23:50 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2011-04-13 23:49 . 2010-02-23 14:51 29288 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2011-04-01 19:17 . 2011-04-01 19:17 -------- d-----w- c:\program files\Hewlett-Packard
2011-04-01 19:17 . 2011-04-01 19:29 -------- d-----w- c:\programdata\Hewlett-Packard
2011-04-01 19:17 . 2011-02-09 16:29 342016 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp112.dll
2011-04-01 19:17 . 2011-02-09 16:16 271872 ----a-w- c:\windows\system32\hpmtp112.dll
2011-04-01 19:17 . 2010-09-19 18:51 193592 ----a-w- c:\windows\system32\hppdcompio.dll
2011-04-01 19:17 . 2010-09-19 18:51 167480 ----a-w- c:\windows\SysWow64\hppccompio.dll
2011-04-01 19:17 . 2009-02-25 22:57 22016 ----a-w- c:\windows\system32\hppmopjl.dll
2011-04-01 19:17 . 2011-02-09 16:17 384000 ----a-w- c:\windows\system32\hpmml112.dll
2011-04-01 19:17 . 2011-02-09 16:17 352256 ----a-w- c:\windows\system32\hpmja112.dll
2011-04-01 19:17 . 2011-02-09 16:17 309760 ----a-w- c:\windows\system32\hpmpm081.dll
2011-04-01 19:17 . 2011-02-09 16:16 218112 ----a-w- c:\windows\system32\hpmpw081.dll
2011-04-01 19:16 . 2011-02-09 16:29 286720 ----a-w- c:\windows\system32\hpcpn112.dll
2011-04-01 19:16 . 2011-02-09 16:24 321536 ----a-w- c:\windows\SysWow64\hpcc3112.dll
2011-04-01 19:16 . 2010-04-23 10:18 507904 ----a-w- c:\windows\SysWow64\hpcdmc32.dll
2011-04-01 19:16 . 2009-02-25 20:32 60440 ----a-w- c:\windows\system32\FxCompChannel_x64.dll
2011-04-01 19:09 . 2011-04-01 19:09 -------- d-----w- C:\HP Universal Print Driver
2011-04-01 14:23 . 2011-04-01 14:23 46112 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-03-29 18:11 . 2011-03-29 18:55 256 ----a-w- c:\windows\SysWow64\pool.bin
2011-03-29 18:11 . 2011-03-29 18:11 -------- d-----w- c:\users\ChooseUrDestiny\AppData\Roaming\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:10 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-03-29 18:09 . 2011-03-29 18:11 -------- d-----w- c:\program files (x86)\Research In Motion
2011-03-28 21:58 . 2011-03-28 21:58 -------- d-----w- c:\programdata\CA2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 22:23 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-08 22:30 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-08 22:30 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-08 22:30 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-08 22:30 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-09 16:16 . 2011-02-09 16:16 133632 ----a-w- c:\windows\system32\hpmco112.dll
2011-02-09 07:57 . 2011-02-09 07:57 551424 ----a-w- c:\windows\system32\hpmprein.dll
2011-02-03 01:40 . 2010-04-28 15:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-25_18.46.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-26 11:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 18:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 11:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-10 01:05 . 2011-04-26 11:23 82628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 11:23 47608 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-17 04:25 . 2011-04-26 11:23 16306 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2097073099-3084669585-2771668576-1000_UserData.bin
+ 2010-10-25 01:25 . 2010-10-25 01:25 72064 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-25 01:25 . 2010-10-25 01:25 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2009-12-17 03:54 . 2011-04-26 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-17 03:54 . 2011-04-26 13:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-17 03:54 . 2011-04-25 17:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-25 17:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 13:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-04-26 11:24 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-12-17 04:28 . 2011-04-26 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 04:28 . 2011-04-25 18:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 04:28 . 2011-04-26 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-04-26 11:11 . 2011-04-26 11:11 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-12-17 20:45 . 2011-04-26 02:23 404192 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-18 15:51 . 2011-04-26 03:41 481060 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-04-26 11:20 634562 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-26 11:20 132530 c:\windows\system32\perfc009.dat
- 2010-02-24 05:41 . 2011-02-02 22:11 270720 c:\windows\system32\MpSigStub.exe
+ 2010-02-24 05:41 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
+ 2010-10-25 01:25 . 2010-10-25 01:25 188928 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:12 . 2011-04-25 18:52 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-04-15 01:38 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-04-25 18:43 405980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-26 11:21 405980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-04-15 12:46 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-04-26 11:24 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-03 23:30 . 2011-04-26 11:21 1356432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
- 2010-11-03 23:30 . 2011-04-25 18:43 1356432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2097073099-3084669585-2771668576-1000-8192.dat
+ 2010-11-14 19:00 . 2010-11-14 19:00 2697216 c:\windows\Installer\61b85.msi
+ 2010-11-30 17:34 . 2010-11-30 17:34 1682432 c:\windows\Installer\61b7f.msi
- 2009-07-14 02:34 . 2011-04-25 14:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-26 12:09 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Hercules DJ Series"="c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2010-02-03 1297192]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-05-12 623888]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\ChooseUrDestiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files (x86)\FinePixViewer\QuickDCF2.exe [2010-10-28 303104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 135664]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [x]
R3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\DRIVERS\cm_net.sys [x]
R3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\DRIVERS\cm_ser.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [x]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-03-03 49080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [2010-08-20 689472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000Core.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2097073099-3084669585-2771668576-1000UA.job
- c:\users\ChooseUrDestiny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ChooseUrDestiny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: {232250D6-43F2-461E-AA14-7B3E3DE16A00} = 209.183.33.23 209.183.35.23
TCP: {CBCF63A2-8FA7-4DD0-AA01-CF211E7C740F} = 209.183.33.23 209.183.35.23
TCP: {EE72BB85-526E-43A3-A0B9-FDD6215E9678} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\ChooseUrDestiny\AppData\Roaming\Mozilla\Firefox\Profiles\ebm78kda.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Styles Tuner: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DeeperWeb for Google: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Babylon-English Toolbar: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - %profile%\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2419640~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2454826~31bf3856ad364e35~amd64~~6.1.1.1]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-26 11:50:19
ComboFix-quarantined-files.txt 2011-04-26 15:50
ComboFix2.txt 2011-04-26 15:14
ComboFix3.txt 2011-04-26 14:46
ComboFix4.txt 2011-04-26 13:58
ComboFix5.txt 2011-04-26 15:43
.
Pre-Run: 316,814,503,936 bytes free
Post-Run: 316,773,937,152 bytes free
.
- - End Of File - - C34C56ADA6A24233A1EAE5223D913CBD

 

[johnb35]

I'm not sure why its not working right. I need to get ready to leave for work in a little bit but I will try and remember to reply again tonight when I get home.

Try this in the meantime.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

Then also rerun a malwarebytes scan making sure you update it before running it. Open malwarebytes, click on the update tab, click on check for updates. Sometimes when opening malwarebytes it will tell you its outdated and will ask if you want to check for updates anyway. Post the new malwarebytes log as well.

 

[kells]

OK! will do. ComboFix is asking to update version. Should I update? Thanks and have a great day!

 

[johnb35]

Yes, let it update itself.

 

[kells]

ESETlog:

C:\DRAKE10\TEX\TEX089.DLL probably a variant of Win32/TrojanDropper.Agent.EVDMNMU trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21a4db8c-4b128e13 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\39acf28e-29c4cfc8 probably a variant of Win32/Agent.ZVRMM trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\17581695-1a006b30 Win32/Adware.SpywareProtect2009 application
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\7bacbd5a-1bb10a2a multiple threats
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\10c13db4-2d033e2a probably a variant of Win32/Agent.CDGQEWH trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5e185af5-21a45535 Java/Exploit.CVE-2010-3562.A trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3ace5fb7-76051524 Java/Exploit.CVE-2009-2843.B trojan
C:\Users\ChooseUrDestiny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\21d393fe-75d86164 Win32/Adware.SpywareProtect2009 application
C:\Users\ChooseUrDestiny\Downloads\registrybooster.exe Win32/RegistryBooster application

 

[kells]

Wow! nothing detected. I see how important
it is to run multiple scans!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6448

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/26/2011 2:22:56 PM
mbam-log-2011-04-26 (14-22-56).txt

Scan type: Quick scan
Objects scanned: 178413
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[johnb35]

Ok, first thing is I need you to follow the instructions on this page to clear your java cache.

http://www.java.com/en/download/help/plugin_cache.xml

Then navigate to

C:\Users\ChooseUrDestiny\Downloads

and delete the file Registry booster.exe.

Do you know what the Drake10 folder is?

C:\DRAKE10\TEX\TEX089.DLL

Last thing I need you to do is click on start button, in the search box type...

combofix /uninstall hit enter. It will act like its running again but it will say combofix has been uninstalled when its done.

 

[kells]

drake is what my wife uses for work. It was installed from the original disk provided by her company.

 

[johnb35]

Ok, thats fine. You should be good now. Let me know if you run into any more issues.

 

[kells]

Thanks John, your truly an asset to this forum!!
Keep up the good work!