InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Can't install or delete programs? |
|
Answer» I ran the bitdefender on line scan and saved the file. Went to the file dropper site paid the monthly fee and then rebooted to get out of safe mode. The computer did not start up right. I was given the option to repair or go to a restore point. Tried the repair option but didn't work and had to restore from a previous point. So I've lost all the programs I installed and of course the files and logs. Back to square one. I am going to start in the morning, I've had enough for one day. I really appreciate all the help you have given me, just bare with me I'll get back to this point again. Went to the file dropper site paid the monthly fee What? It's a free service with a paid option for more space. Anything I suggest will always be 100% free. Did you get the file uploaded to FileDropper so I can see it? I really need to get some names and LOCATIONS of the malware to know what to do next. Do you remember if anything was called Virut or Sality?Maybe I read it wrong but File dropper wouldn't LET me proceed with out making a payment of some kind. The cheapest option was .99 a month so I went with that. Not that much and I can drop it at any time. I had saved the file from Bitdefender on my desk top so it was lost when I rebooted. I do remember it was a Trojan virus but don't remember the name. There was a total of two. Can I proceed to the Bitdefender on line scan again without going through all the other programs as before? You are right, I went back and found that you can upload 2 G free, more than that cost extra. Sorry, my mistake Yes try BitDefender again and post the results.I finally got combo fix downloaded and tried to run the program. Got a message saying "comodo antivirus and comodo defense +" is running and needs to be shut down first. I have no idea where this is at, it never showed up in uninstall manager or in programs list. Now we have to find a way to shut them down. Is Comodo what you use for your antivirus or is it Avast? Just continue on with ComboFix. It should still run.I run Avast. The comodo shouldn't be there, it is from one I used and didn't like it and deleted it, I thought. I will continue on with the Combo fixComboFix 09-06-05.09 - William Michels 06/06/2009 23:07.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00] Running from: c:\users\William Michels\Desktop\ComboFix.exe AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\cluster 119497.PIF c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 03:15 . 2009-06-07 03:15--------d-----w-c:\users\William Michels\AppData\Local\temp 2009-06-06 20:27 . 2009-06-07 03:11--------d---a-w-\Qoobox 2009-06-06 19:19 . 2009-06-06 19:19--------d-----w-c:\users\William Michels\AppData\Local\COMODO 2009-06-06 19:19 . 2009-06-06 19:19--------d-----w-c:\users\WILLIA~1\AppData\Local\COMODO 2009-06-06 17:16 . 2009-05-26 17:2040160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 17:16 . 2009-05-26 17:1919096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-06 15:40 . 2009-02-05 20:07114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-06-06 15:40 . 2009-02-05 20:0720560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-06-06 15:40 . 2009-02-05 20:0651376----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-06-06 15:40 . 2009-02-05 20:0623152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-06-06 15:40 . 2009-02-05 20:0497480----a-w-c:\windows\system32\AvastSS.scr 2009-06-06 15:40 . 2009-02-05 20:111256296----a-w-c:\windows\system32\aswBoot.exe 2009-06-06 15:40 . 2009-02-05 20:0651792----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2009-06-06 02:42 . 2009-06-07 02:59117760----a-w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 02:15 . 2009-06-06 02:15--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-06-06 02:09 . 2009-06-06 02:13--------d-----w-c:\program files\CCleaner 2009-06-05 22:50 . 2009-06-06 18:57--------d-----w-c:\windows\BDOSCAN8 2009-06-04 21:36 . 2009-06-06 15:30680----a-w-c:\users\William Michels\AppData\Local\d3d9caps.dat 2009-06-04 21:36 . 2009-06-06 15:30680----a-w-c:\users\WILLIA~1\AppData\Local\d3d9caps.dat 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\users\William Michels\AppData\Roaming\Malwarebytes 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\users\WILLIA~1\AppData\Roaming\Malwarebytes 2009-06-04 21:32 . 2009-06-06 17:18--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\progra~2\Malwarebytes 2009-06-04 17:35 . 2009-06-04 17:35--------d-----w-c:\progra~2\SUPERAntiSpyware.com 2009-06-04 17:31 . 2009-06-06 02:36--------d-----w-c:\program files\SUPERAntiSpyware 2009-06-04 17:31 . 2009-06-04 17:31--------d-----w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com 2009-06-04 17:31 . 2009-06-04 17:31--------d-----w-c:\users\WILLIA~1\AppData\Roaming\SUPERAntiSpyware.com 2009-06-03 01:33 . 2009-06-03 01:33--------d-----w-c:\program files\Alwil Software 2009-05-31 23:31 . 2009-06-01 00:33--------d-----w-c:\program files\SpywareBlaster 2009-05-28 21:20 . 2009-05-30 23:58--------d-----w-c:\users\William Michels\AppData\Roaming\System Tweaker 2009-05-28 21:20 . 2009-05-30 23:58--------d-----w-c:\users\WILLIA~1\AppData\Roaming\System Tweaker 2009-05-27 19:29 . 2009-06-06 04:53--------d-----w-c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5} 2009-05-27 19:07 . 2009-06-07 02:49408464----a-w-c:\windows\system32\drivers\sfi.dat 2009-05-27 16:25 . 2009-05-27 19:2828704----a-w-c:\windows\system32\drivers\cmdhlp.sys 2009-05-27 16:25 . 2009-05-27 19:28168208----a-w-c:\windows\system32\guard32.dll 2009-05-27 16:25 . 2009-05-27 19:28130080----a-w-c:\windows\system32\drivers\cmdguard.sys 2009-05-24 23:26 . 2009-06-06 04:52--------d-----w-c:\program files\tinySpell 2009-05-24 23:26 . 2009-05-24 23:26--------d-----w-c:\users\William Michels\AppData\Roaming\tinySpell 2009-05-24 23:26 . 2009-05-24 23:26--------d-----w-c:\users\WILLIA~1\AppData\Roaming\tinySpell 2009-05-10 22:04 . 2009-05-10 22:0410769104----a-w-c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 03:03 . 2008-02-15 22:372325553152--sha-w-\pagefile.sys 2009-06-06 15:27 . 2008-08-15 02:27--------d-----w-c:\program files\Uniblue 2009-06-06 04:53 . 2009-04-22 21:51--------d-----w-c:\users\William Michels\AppData\Roaming\uTorrent 2009-06-06 04:53 . 2009-04-22 21:51--------d-----w-c:\users\WILLIA~1\AppData\Roaming\uTorrent 2009-06-06 04:52 . 2008-11-20 19:31--------d-----w-c:\program files\searchandwintoolbar 2009-06-06 04:52 . 2008-09-04 23:41--------d-----w-c:\program files\LimeWire 2009-06-06 04:52 . 2008-02-02 02:58--------d-----w-c:\program files\PC-Doctor 5 for Windows 2009-06-06 04:52 . 2008-02-02 02:47--------d---a-w-c:\program files\Common Files\LightScribe 2009-06-06 04:52 . 2008-02-02 02:47--------d-----w-c:\program files\Common Files\SureThing Shared 2009-06-06 04:52 . 2009-05-07 22:21--------d-----w-c:\program files\TouchStoneSoftware 2009-06-02 03:10 . 2008-08-23 19:49--------d-----w-c:\program files\Coupons 2009-05-31 19:53 . 2008-09-05 23:3820---h--w-c:\progra~2\PKP_DLec.DAT 2009-05-31 19:53 . 2008-09-05 23:2820---h--w-c:\progra~2\PKP_DLds.DAT 2009-05-30 20:40 . 2008-08-14 01:53--------d-----w-c:\program files\google 2009-05-30 19:55 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\users\William Michels\AppData\Roaming\Comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\users\WILLIA~1\AppData\Roaming\Comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\progra~2\comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\program files\COMODO 2009-05-29 21:48 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(61) 2009-05-29 00:05 . 2008-09-04 23:41--------d-----w-c:\users\William Michels\AppData\Roaming\LimeWire 2009-05-29 00:05 . 2008-09-04 23:41--------d-----w-c:\users\WILLIA~1\AppData\Roaming\LimeWire 2009-05-28 21:17 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(62) 2009-05-28 20:31 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(54) 2009-05-17 15:26 . 2009-04-01 16:5168640----a-w-c:\windows\system32\drivers\inspect.sys 2009-05-14 14:45 . 2008-02-02 02:54--------d-----w-c:\progra~2\Microsoft Help 2009-05-14 14:41 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2009-05-09 23:18 . 2008-08-23 18:41--------d-----w-c:\users\William Michels\AppData\Roaming\GoodSync 2009-05-09 23:18 . 2008-08-23 18:41--------d-----w-c:\users\WILLIA~1\AppData\Roaming\GoodSync 2009-05-07 22:46 . 2009-04-11 03:35--------d-----w-c:\users\William Michels\AppData\Roaming\Azureus 2009-05-07 22:46 . 2009-04-11 03:35--------d-----w-c:\users\WILLIA~1\AppData\Roaming\Azureus 2009-05-07 18:13 . 2009-05-07 18:13--------d-----w-c:\progra~2\Azureus 2009-04-26 15:08 . 2009-03-21 17:41541696----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe 2009-04-23 23:49 . 2008-12-10 05:00350----a-w-c:\users\William Michels\AppData\Roaming\wklnhst.dat 2009-04-23 23:49 . 2008-12-10 05:00350----a-w-c:\users\WILLIA~1\AppData\Roaming\wklnhst.dat 2009-04-22 21:52 . 2009-04-22 21:52--------d-----w-c:\program files\uTorrent 2009-04-11 03:39 . 2009-04-11 03:35--------d-----w-c:\program files\Vuze 2009-04-02 03:56 . 2009-03-21 17:4179872----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe 2009-04-01 16:57 . 2009-04-01 16:57249592----a-w-c:\windows\system32\cssdll32.dll 2009-03-21 17:41 . 2009-03-21 17:41349184----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe 2009-03-17 03:38 . 2009-04-17 00:4213824----a-w-c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 00:4224064----a-w-c:\windows\system32\amxread.dll 2009-03-09 18:51 . 2009-03-09 18:5110134----a-r-c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe 2009-03-09 09:19 . 2008-12-06 16:07410984----a-w-c:\windows\system32\deploytk.dll 2008-09-04 18:15 . 2008-09-04 18:1522--sha-w-c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592] "tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784] c:\users\WILLIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [5/27/2009 12:25 PM 28704] S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [5/27/2009 12:25 PM 130080] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560] S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] --- Other Services/Drivers In Memory --- *NewlyCreated* - ECACHE . - - - - ORPHANS REMOVED - - - - HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: FILL Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-06 23:15 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe??E??h?`??type???P? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DENIED: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2009-06-07 23:17 ComboFix-quarantined-files.txt 2009-06-07 03:17 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 224,851,353,600 bytes free 236--- E O F ---2009-06-06 04:38 Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: cmdHlp cmdGuard File:: c:\windows\System32\drivers\cmdhlp.sys c:\windows\System32\drivers\cmdguard.sys Folder:: c:\users\William Michels\AppData\Local\COMODO c:\users\WILLIA~1\AppData\Local\COMODO Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Now look in C:\Program Files for the Comodo folder and delete the entire folder. Next go to this post and follow the instructions for running the removal tool to get rid of the rest of Comodo. ---------- Download Registry Search by Bobbi Flekman (see the link titled RegSearch Download Link)
[attachment deleted by admin]I still can't delete the Comodo file from Program Files ComboFix 09-06-05.09 - William Michels 06/07/2009 12:03.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00] Running from: c:\users\William Michels\Desktop\ComboFix.exe Command switches used :: c:\users\William Michels\Desktop\CFScript.txt AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\windows\System32\drivers\cmdguard.sys" "c:\windows\System32\drivers\cmdhlp.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\WILLIA~1\AppData\Local\COMODO c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx0.tmp c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx1.tmp c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx0.tmp c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx1.tmp c:\windows\System32\drivers\cmdguard.sys c:\windows\System32\drivers\cmdhlp.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDGUARD -------\Legacy_CMDHLP -------\Service_cmdGuard -------\Service_cmdHlp ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 16:10 . 2009-06-07 16:10--------d-sh--w-\$RECYCLE.BIN 2009-06-07 16:10 . 2009-06-07 16:102011750400--sha-w-\hiberfil.sys 2009-06-07 16:09 . 2009-06-07 16:10--------d-----w-c:\users\William Michels\AppData\Local\temp 2009-06-07 16:09 . 2009-06-07 16:09--------d-----w-C:\temp 2009-06-07 16:09 . 2009-06-07 16:09--------d-----w-\temp 2009-06-07 16:01 . 2009-06-07 16:10--------d-s---w-\ComboFix 2009-06-06 20:27 . 2009-06-07 16:03--------d---a-w-\Qoobox 2009-06-06 17:16 . 2009-05-26 17:2040160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 17:16 . 2009-05-26 17:1919096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-06 15:40 . 2009-02-05 20:07114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-06-06 15:40 . 2009-02-05 20:0720560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-06-06 15:40 . 2009-02-05 20:0651376----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-06-06 15:40 . 2009-02-05 20:0623152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-06-06 15:40 . 2009-02-05 20:0497480----a-w-c:\windows\system32\AvastSS.scr 2009-06-06 15:40 . 2009-02-05 20:111256296----a-w-c:\windows\system32\aswBoot.exe 2009-06-06 15:40 . 2009-02-05 20:0651792----a-w-c:\windows\system32\drivers\aswMonFlt.sys 2009-06-06 02:42 . 2009-06-07 15:35117760----a-w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 02:15 . 2009-06-06 02:15--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2009-06-06 02:09 . 2009-06-06 02:13--------d-----w-c:\program files\CCleaner 2009-06-05 22:50 . 2009-06-06 18:57--------d-----w-c:\windows\BDOSCAN8 2009-06-04 21:36 . 2009-06-06 15:30680----a-w-c:\users\William Michels\AppData\Local\d3d9caps.dat 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\users\William Michels\AppData\Roaming\Malwarebytes 2009-06-04 21:32 . 2009-06-06 17:18--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-06-04 21:32 . 2009-06-04 21:32--------d-----w-c:\progra~2\Malwarebytes 2009-06-04 17:35 . 2009-06-04 17:35--------d-----w-c:\progra~2\SUPERAntiSpyware.com 2009-06-04 17:31 . 2009-06-06 02:36--------d-----w-c:\program files\SUPERAntiSpyware 2009-06-04 17:31 . 2009-06-04 17:31--------d-----w-c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com 2009-06-03 01:33 . 2009-06-03 01:33--------d-----w-c:\program files\Alwil Software 2009-05-31 23:31 . 2009-06-01 00:33--------d-----w-c:\program files\SpywareBlaster 2009-05-28 21:20 . 2009-05-30 23:58--------d-----w-c:\users\William Michels\AppData\Roaming\System Tweaker 2009-05-27 19:29 . 2009-06-06 04:53--------d-----w-c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5} 2009-05-27 19:07 . 2009-06-07 15:54408464----a-w-c:\windows\system32\drivers\sfi.dat 2009-05-27 16:25 . 2009-05-27 19:28168208----a-w-c:\windows\system32\guard32.dll 2009-05-24 23:26 . 2009-06-06 04:52--------d-----w-c:\program files\tinySpell 2009-05-24 23:26 . 2009-05-24 23:26--------d-----w-c:\users\William Michels\AppData\Roaming\tinySpell 2009-05-10 22:04 . 2009-05-10 22:0410769104----a-w-c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 16:10 . 2008-02-15 22:372325553152--sha-w-\pagefile.sys 2009-06-06 15:27 . 2008-08-15 02:27--------d-----w-c:\program files\Uniblue 2009-06-06 04:53 . 2009-04-22 21:51--------d-----w-c:\users\William Michels\AppData\Roaming\uTorrent 2009-06-06 04:52 . 2008-11-20 19:31--------d-----w-c:\program files\searchandwintoolbar 2009-06-06 04:52 . 2008-09-04 23:41--------d-----w-c:\program files\LimeWire 2009-06-06 04:52 . 2008-02-02 02:58--------d-----w-c:\program files\PC-Doctor 5 for Windows 2009-06-06 04:52 . 2008-02-02 02:47--------d---a-w-c:\program files\Common Files\LightScribe 2009-06-06 04:52 . 2008-02-02 02:47--------d-----w-c:\program files\Common Files\SureThing Shared 2009-06-06 04:52 . 2009-05-07 22:21--------d-----w-c:\program files\TouchStoneSoftware 2009-06-02 03:10 . 2008-08-23 19:49--------d-----w-c:\program files\Coupons 2009-05-31 19:53 . 2008-09-05 23:3820---h--w-c:\progra~2\PKP_DLec.DAT 2009-05-31 19:53 . 2008-09-05 23:2820---h--w-c:\progra~2\PKP_DLds.DAT 2009-05-30 20:40 . 2008-08-14 01:53--------d-----w-c:\program files\google 2009-05-30 19:55 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\users\William Michels\AppData\Roaming\Comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\progra~2\comodo 2009-05-29 23:42 . 2009-04-01 16:51--------d-----w-c:\program files\COMODO 2009-05-29 21:48 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(61) 2009-05-29 00:05 . 2008-09-04 23:41--------d-----w-c:\users\William Michels\AppData\Roaming\LimeWire 2009-05-28 21:17 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(62) 2009-05-28 20:31 . 2008-08-31 16:58--------d-----w-c:\progra~2\Avg8(54) 2009-05-17 15:26 . 2009-04-01 16:5168640----a-w-c:\windows\system32\drivers\inspect.sys 2009-05-14 14:45 . 2008-02-02 02:54--------d-----w-c:\progra~2\Microsoft Help 2009-05-14 14:41 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail 2009-05-09 23:18 . 2008-08-23 18:41--------d-----w-c:\users\William Michels\AppData\Roaming\GoodSync 2009-05-07 22:46 . 2009-04-11 03:35--------d-----w-c:\users\William Michels\AppData\Roaming\Azureus 2009-05-07 18:13 . 2009-05-07 18:13--------d-----w-c:\progra~2\Azureus 2009-04-26 15:08 . 2009-03-21 17:41541696----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe 2009-04-23 23:49 . 2008-12-10 05:00350----a-w-c:\users\William Michels\AppData\Roaming\wklnhst.dat 2009-04-22 21:52 . 2009-04-22 21:52--------d-----w-c:\program files\uTorrent 2009-04-11 03:39 . 2009-04-11 03:35--------d-----w-c:\program files\Vuze 2009-04-02 03:56 . 2009-03-21 17:4179872----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe 2009-04-01 16:57 . 2009-04-01 16:57249592----a-w-c:\windows\system32\cssdll32.dll 2009-03-21 17:41 . 2009-03-21 17:41349184----a-w-c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe 2009-03-17 03:38 . 2009-04-17 00:4213824----a-w-c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 00:4224064----a-w-c:\windows\system32\amxread.dll 2009-03-09 18:51 . 2009-03-09 18:5110134----a-r-c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe 2008-09-04 18:15 . 2008-09-04 18:1522--sha-w-c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592] "tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-07 12:10 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\drivers\XAudio.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\Webshots\Webshots.scr c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Completion time: 2009-06-07 12:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-07 16:14 ComboFix2.txt 2009-06-07 03:17 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 222,641,451,008 bytes free 246--- E O F ---2009-06-06 04:38 Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.6.0 ; Results at 6/7/2009 1:45:29 PM for strings: ; 'comodo' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu] @="Comodo Antivirus Context Menu Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1] @="Comodo Antivirus Context Menu Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}] @="Comodo AntiVirus" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32] @="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0] @="Comodo Antivirus Shell Menu" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64] @="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] "LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver" "Description"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] "HelpText"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] "LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver" "Description"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] "HelpText"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] "LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver" "Description"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] "HelpText"="COMODO Internet Security Firewall Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"="COMODO Internet Security Firewall Driver" [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup] [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security] [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog] [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security" [HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security" "C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security" ; End Of The Log... Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe Folder:: C:\Program Files\COMODO Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus" [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"=- [-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000] "DeviceDesc"=- [-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup] [-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security] [-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog] 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Go to Start > Run and type Notepad.exe then click OK. Copy and paste the following text within the code box into the new Notepad file. Code: [Select]@ECHO OFF net stop winmgmt cd /d %windir%\system32\wbem ren repository repository.old net start winmgmt exit In Notepad select File and Save as Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files. Next double click fixservice.bat to run it. A black box should open and close after a short time, this is normal. Do not continue until the black box has closed Delete fixservice.bat from the Desktop. ---------- Also let me know how the computer is running now.Computer is running much faster, but still have a couple more issues. I haven't mentioned it but everytime I have to reboot or shut down I get a message, "Configuring updates" It will stay there for hours if I let it but I have been doing a hard shut down. I have went to Windows update and there are some updates that are trying to download, when I hit Install, the screen freezes and have to go to task manager to shut down Windows update screen. They won't install and I can't make them go away. Also there is a program that I deleted about the time all these problems started that keeps trying to initialize but the program is not there anymore. It trys to start on every startup. As of now this is all I can find wrong. Program is called "tiny spell" Here is the Combofix from the last run: ComboFix 09-06-05.09 - William Michels 06/07/2009 14:54:52.1 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1486 [GMT -4:00] Running from: C:\Users\William Michels\Desktop\ComboFix.exe Command switches used :: C:\Users\William Michels\Desktop\CFScript7.txt AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\COMODO C:\Program Files\COMODO\COMODO Internet Security\cavscan.dll C:\Program Files\COMODO\COMODO Internet Security\cavscan.exe C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll C:\Program Files\COMODO\COMODO Internet Security\cfp.chinese.chm C:\Program Files\COMODO\COMODO Internet Security\cfp.chm C:\Program Files\COMODO\COMODO Internet Security\cfp.dll C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.russian.chm C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.dll C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.dll C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.dll C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe C:\Program Files\COMODO\COMODO Internet Security\cfpver.dat C:\Program Files\COMODO\COMODO Internet Security\cisinfo.ini C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Program Files\COMODO\COMODO Internet Security\COMODO - Antivirus Security.cfg C:\Program Files\COMODO\COMODO Internet Security\COMODO - Firewall Security.cfg C:\Program Files\COMODO\COMODO Internet Security\COMODO - Internet Security.cfg C:\Program Files\COMODO\COMODO Internet Security\COMODO - Proactive Security.cfg C:\Program Files\COMODO\COMODO Internet Security\crashrep.exe C:\Program Files\COMODO\COMODO Internet Security\database\pending.hse C:\Program Files\COMODO\COMODO Internet Security\database\pending.nme C:\Program Files\COMODO\COMODO Internet Security\database\safe.hse C:\Program Files\COMODO\COMODO Internet Security\database\safe.nme C:\Program Files\COMODO\COMODO Internet Security\database\vendor.nme C:\Program Files\COMODO\COMODO Internet Security\EULA.txt C:\Program Files\COMODO\COMODO Internet Security\framework.dll C:\Program Files\COMODO\COMODO Internet Security\incompatsw.ini C:\Program Files\COMODO\COMODO Internet Security\inspect.cat C:\Program Files\COMODO\COMODO Internet Security\inspect.inf C:\Program Files\COMODO\COMODO Internet Security\inspect.sys C:\Program Files\COMODO\COMODO Internet Security\LPSSetup.exe C:\Program Files\COMODO\COMODO Internet Security\registration.txt C:\Program Files\COMODO\COMODO Internet Security\s1.tmp C:\Program Files\COMODO\COMODO Internet Security\s2.tmp C:\Program Files\COMODO\COMODO Internet Security\scanners\bases.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\first.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme C:\Program Files\COMODO\COMODO Internet Security\tlicense.txt C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.swedish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.arabic.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.brazilian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.Chinese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.chinesetraditional.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.czech.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.danish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.dutch.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.english.lang.template C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.estonian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.finnish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.french.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.german.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.italian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.japanese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.polish.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.portuguese.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.romanian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.russian.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.slovak.lang C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.swedish.lang . ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 19:02:41 . 2009-06-07 19:02:410d-sh--w-\$RECYCLE.BIN 2009-06-07 19:01:57 . 2009-06-07 19:01:572009694208--sha-w-\hiberfil.sys 2009-06-07 19:00:38 . 2009-06-07 19:02:470d-----w-C:\Users\William Michels\AppData\Local\temp 2009-06-07 19:00:38 . 2009-06-07 19:00:380d-----w-C:\temp 2009-06-07 19:00:38 . 2009-06-07 19:00:380d-----w-\temp 2009-06-07 18:53:09 . 2009-06-07 19:02:480d-s---w-\ComboFix 2009-06-07 16:28:25 . 2009-06-07 16:28:250d-----w-C:\Users\William Michels\AppData\Local\COMODO 2009-06-06 20:27:25 . 2009-06-07 18:54:330d---a-w-\Qoobox 2009-06-06 17:16:29 . 2009-05-26 17:20:0840160----a-w-C:\Windows\system32\drivers\mbamswissarmy.sys 2009-06-06 17:16:28 . 2009-05-26 17:19:5619096----a-w-C:\Windows\system32\drivers\mbam.sys 2009-06-06 15:40:39 . 2009-02-05 20:07:23114768----a-w-C:\Windows\system32\drivers\aswSP.sys 2009-06-06 15:40:39 . 2009-02-05 20:07:1220560----a-w-C:\Windows\system32\drivers\aswFsBlk.sys 2009-06-06 15:40:39 . 2009-02-05 20:06:2051376----a-w-C:\Windows\system32\drivers\aswTdi.sys 2009-06-06 15:40:39 . 2009-02-05 20:06:1023152----a-w-C:\Windows\system32\drivers\aswRdr.sys 2009-06-06 15:40:39 . 2009-02-05 20:04:4597480----a-w-C:\Windows\system32\AvastSS.scr 2009-06-06 15:40:30 . 2009-02-05 20:11:351256296----a-w-C:\Windows\system32\aswBoot.exe 2009-06-06 15:40:30 . 2009-02-05 20:06:5951792----a-w-C:\Windows\system32\drivers\aswMonFlt.sys 2009-06-06 02:42:32 . 2009-06-07 16:42:01117760----a-w-C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 02:15:51 . 2009-06-06 02:15:510d-----w-C:\Program Files\Common Files\Wise Installation Wizard 2009-06-06 02:09:11 . 2009-06-06 02:13:120d-----w-C:\Program Files\CCleaner 2009-06-05 22:50:18 . 2009-06-06 18:57:440d-----w-C:\Windows\BDOSCAN8 2009-06-04 21:36:13 . 2009-06-06 15:30:58680----a-w-C:\Users\William Michels\AppData\Local\d3d9caps.dat 2009-06-04 21:32:08 . 2009-06-04 21:32:080d-----w-C:\Users\William Michels\AppData\Roaming\Malwarebytes 2009-06-04 21:32:03 . 2009-06-06 17:18:320d-----w-C:\Program Files\Malwarebytes' Anti-Malware 2009-06-04 21:32:03 . 2009-06-04 21:32:030d-----w-C:\PROGRA~2\Malwarebytes 2009-06-04 17:35:40 . 2009-06-04 17:35:400d-----w-C:\PROGRA~2\SUPERAntiSpyware.com 2009-06-04 17:31:43 . 2009-06-06 02:36:370d-----w-C:\Program Files\SUPERAntiSpyware 2009-06-04 17:31:43 . 2009-06-04 17:31:430d-----w-C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com 2009-06-03 01:33:08 . 2009-06-03 01:33:080d-----w-C:\Program Files\Alwil Software 2009-05-31 23:31:04 . 2009-06-01 00:33:500d-----w-C:\Program Files\SpywareBlaster 2009-05-28 21:20:35 . 2009-05-30 23:58:080d-----w-C:\Users\William Michels\AppData\Roaming\System Tweaker 2009-05-27 19:29:15 . 2009-06-06 04:53:300d-----w-C:\Users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5} 2009-05-27 19:07:57 . 2009-06-07 15:54:17408464----a-w-C:\Windows\system32\drivers\sfi.dat 2009-05-27 16:25:05 . 2009-05-27 19:28:34168208----a-w-C:\Windows\system32\guard32.dll 2009-05-24 23:26:22 . 2009-06-06 04:52:270d-----w-C:\Program Files\tinySpell 2009-05-24 23:26:22 . 2009-05-24 23:26:490d-----w-C:\Users\William Michels\AppData\Roaming\tinySpell 2009-05-10 22:04:53 . 2009-05-10 22:04:5310769104----a-w-C:\Users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 19:01:55 . 2008-02-15 22:37:352325553152--sha-w-\pagefile.sys 2009-06-06 15:27:19 . 2008-08-15 02:27:490d-----w-C:\Program Files\Uniblue 2009-06-06 04:53:27 . 2009-04-22 21:51:520d-----w-C:\Users\William Michels\AppData\Roaming\uTorrent 2009-06-06 04:52:27 . 2008-11-20 19:31:490d-----w-C:\Program Files\searchandwintoolbar 2009-06-06 04:52:26 . 2008-09-04 23:41:300d-----w-C:\Program Files\LimeWire 2009-06-06 04:52:26 . 2008-02-02 02:58:220d-----w-C:\Program Files\PC-Doctor 5 for Windows 2009-06-06 04:52:18 . 2008-02-02 02:47:260d---a-w-C:\Program Files\Common Files\LightScribe 2009-06-06 04:52:18 . 2008-02-02 02:47:180d-----w-C:\Program Files\Common Files\SureThing Shared 2009-06-06 04:52:08 . 2009-05-07 22:21:480d-----w-C:\Program Files\TouchStoneSoftware 2009-06-02 03:10:55 . 2008-08-23 19:49:040d-----w-C:\Program Files\Coupons 2009-05-31 19:53:05 . 2008-09-05 23:38:3620---h--w-C:\PROGRA~2\PKP_DLec.DAT 2009-05-31 19:53:05 . 2008-09-05 23:28:4320---h--w-C:\PROGRA~2\PKP_DLds.DAT 2009-05-30 20:40:50 . 2008-08-14 01:53:270d-----w-C:\Program Files\google 2009-05-30 19:55:43 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8 2009-05-29 23:42:41 . 2009-04-01 16:51:520d-----w-C:\Users\William Michels\AppData\Roaming\Comodo 2009-05-29 23:42:41 . 2009-04-01 16:51:490d-----w-C:\PROGRA~2\comodo 2009-05-29 21:48:33 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8(61) 2009-05-29 00:05:41 . 2008-09-04 23:41:440d-----w-C:\Users\William Michels\AppData\Roaming\LimeWire 2009-05-28 21:17:45 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8(62) 2009-05-28 20:31:18 . 2008-08-31 16:58:330d-----w-C:\PROGRA~2\Avg8(54) 2009-05-17 15:26:21 . 2009-04-01 16:51:4968640----a-w-C:\Windows\system32\drivers\inspect.sys 2009-05-14 14:45:51 . 2008-02-02 02:54:310d-----w-C:\PROGRA~2\Microsoft Help 2009-05-14 14:41:57 . 2006-11-02 11:18:330d-----w-C:\Program Files\Windows Mail 2009-05-09 23:18:25 . 2008-08-23 18:41:260d-----w-C:\Users\William Michels\AppData\Roaming\GoodSync 2009-05-07 22:46:37 . 2009-04-11 03:35:450d-----w-C:\Users\William Michels\AppData\Roaming\Azureus 2009-05-07 18:13:57 . 2009-05-07 18:13:570d-----w-C:\PROGRA~2\Azureus 2009-04-26 15:08:55 . 2009-03-21 17:41:14541696----a-w-C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe 2009-04-23 23:49:40 . 2008-12-10 05:00:34350----a-w-C:\Users\William Michels\AppData\Roaming\wklnhst.dat 2009-04-22 21:52:31 . 2009-04-22 21:52:310d-----w-C:\Program Files\uTorrent 2009-04-11 03:39:41 . 2009-04-11 03:35:090d-----w-C:\Program Files\Vuze 2009-04-02 03:56:11 . 2009-03-21 17:41:1479872----a-w-C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe 2009-04-01 16:57:56 . 2009-04-01 16:57:56249592----a-w-C:\Windows\system32\cssdll32.dll 2009-03-21 17:41:15 . 2009-03-21 17:41:15349184----a-w-C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe 2009-03-17 03:38:46 . 2009-04-17 00:42:2713824----a-w-C:\Windows\system32\apilogen.dll 2009-03-17 03:38:44 . 2009-04-17 00:42:2724064----a-w-C:\Windows\system32\amxread.dll 2008-09-04 18:15:54 . 2008-09-04 18:15:5422--sha-w-C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( [emailprotected]_16.10.53 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-02 03:17:43 . 2009-06-07 16:43:1547880 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05:11 . 2009-06-07 16:43:1671032 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-08-13 21:13:17 . 2009-06-07 15:36:1616384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-08-13 21:13:17 . 2009-06-07 16:42:5216384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-08-13 21:13:17 . 2009-06-07 15:36:1632768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-08-13 21:13:17 . 2009-06-07 16:42:5232768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-08-13 21:13:17 . 2009-06-07 15:36:1616384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-13 21:13:17 . 2009-06-07 16:42:5216384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-08-13 23:01:39 . 2009-06-07 16:43:169870 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4280910030-2114780719-3168784256-1000_UserData.bin - 2006-11-02 10:33:01 . 2009-06-07 15:42:24595446 C:\Windows\System32\perfh009.dat + 2006-11-02 10:33:01 . 2009-06-07 16:48:58595446 C:\Windows\System32\perfh009.dat - 2006-11-02 10:33:01 . 2009-06-07 15:42:24101144 C:\Windows\System32\perfc009.dat + 2006-11-02 10:33:01 . 2009-06-07 16:48:58101144 C:\Windows\System32\perfc009.dat - 2006-11-02 10:22:39 . 2009-06-07 15:38:026553600 C:\Windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 10:22:39 . 2009-06-07 16:44:426553600 C:\Windows\System32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 12:35:14 801904] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 05:15:24 39408] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240] "SansaDispatch"="C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 03:56:11 79872] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 11:56:35 160592] "tinySpell"="C:\Program Files\tinySpell\tinyspell.exe" [2008-03-26 18:09:38 200704] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 14:05:52 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 02:49:00 13539872] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 02:49:00 92704] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 11:00:48 33648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 09:19:17 148888] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000] "RtHDVCpl"="RtHDVCpl.exe" - C:\WINDOWS\RtHDVCpl.exe [2008-01-15 16:26:18 4874240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 22:27:12 73728] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 19:09:52 44168] C:\Users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-8-22 157000] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05:34356352----a-w-C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}C:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}C:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module "{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus "UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [6/6/2009 11:40:39 AM 114768] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05:54 AM 9968] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05:52 AM 72944] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [6/6/2009 11:40:39 AM 20560] R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [6/6/2009 11:40:30 AM 51792] R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05:56 AM 7408] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html . Try reinstalling tiny spell and then uninstall it through Add or Remove Programs (programs and features) Shut down IE. Open it up by right clicking the IE icon and choose 'Run as Administrator' and then try the Windows Updates. Let me know... |
|