I still can't delete the Comodo file from Program Files
ComboFix 09-06-05.09 - William Michels 06/07/2009 12:03.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00]
Running from: c:\users\William Michels\Desktop\ComboFix.exe
Command switches used :: c:\users\William Michels\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\System32\drivers\cmdguard.sys"
"c:\windows\System32\drivers\cmdhlp.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\WILLIA~1\AppData\Local\COMODO
c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx0.tmp
c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx1.tmp
c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx0.tmp
c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx1.tmp
c:\windows\System32\drivers\cmdguard.sys
c:\windows\System32\drivers\cmdhlp.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDGUARD
-------\Legacy_CMDHLP
-------\Service_cmdGuard
-------\Service_cmdHlp
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 16:10 . 2009-06-07 16:10 -------- d-sh--w- \$RECYCLE.BIN
2009-06-07 16:10 . 2009-06-07 16:10 2011750400 --sha-w- \hiberfil.sys
2009-06-07 16:09 . 2009-06-07 16:10 -------- d-----w- c:\users\William Michels\AppData\Local\temp
2009-06-07 16:09 . 2009-06-07 16:09 -------- d-----w- C:\temp
2009-06-07 16:09 . 2009-06-07 16:09 -------- d-----w- \temp
2009-06-07 16:01 . 2009-06-07 16:10 -------- d-s---w- \ComboFix
2009-06-06 20:27 . 2009-06-07 16:03 -------- d---a-w- \Qoobox
2009-06-06 17:16 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 15:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-06 15:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-06 15:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-06 15:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-06 15:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-06 15:40 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42 . 2009-06-07 15:35 117760 ----a-w- c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15 . 2009-06-06 02:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-06 02:09 . 2009-06-06 02:13 -------- d-----w- c:\program files\CCleaner
2009-06-05 22:50 . 2009-06-06 18:57 -------- d-----w- c:\windows\BDOSCAN8
2009-06-04 21:36 . 2009-06-06 15:30 680 ----a-w- c:\users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-06 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 21:32 . 2009-06-04 21:32 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-04 17:35 . 2009-06-04 17:35 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-06 02:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-04 17:31 . 2009-06-04 17:31 -------- d-----w- c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33 . 2009-06-03 01:33 -------- d-----w- c:\program files\Alwil Software
2009-05-31 23:31 . 2009-06-01 00:33 -------- d-----w- c:\program files\SpywareBlaster
2009-05-28 21:20 . 2009-05-30 23:58 -------- d-----w- c:\users\William Michels\AppData\Roaming\System Tweaker
2009-05-27 19:29 . 2009-06-06 04:53 -------- d-----w- c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07 . 2009-06-07 15:54 408464 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-05-27 16:25 . 2009-05-27 19:28 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-24 23:26 . 2009-06-06 04:52 -------- d-----w- c:\program files\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26 -------- d-----w- c:\users\William Michels\AppData\Roaming\tinySpell
2009-05-10 22:04 . 2009-05-10 22:04 10769104 ----a-w- c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 16:10 . 2008-02-15 22:37 2325553152 --sha-w- \pagefile.sys
2009-06-06 15:27 . 2008-08-15 02:27 -------- d-----w- c:\program files\Uniblue
2009-06-06 04:53 . 2009-04-22 21:51 -------- d-----w- c:\users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:52 . 2008-11-20 19:31 -------- d-----w- c:\program files\searchandwintoolbar
2009-06-06 04:52 . 2008-09-04 23:41 -------- d-----w- c:\program files\LimeWire
2009-06-06 04:52 . 2008-02-02 02:58 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-06-06 04:52 . 2008-02-02 02:47 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-06-06 04:52 . 2008-02-02 02:47 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-06 04:52 . 2009-05-07 22:21 -------- d-----w- c:\program files\TouchStoneSoftware
2009-06-02 03:10 . 2008-08-23 19:49 -------- d-----w- c:\program files\Coupons
2009-05-31 19:53 . 2008-09-05 23:38 20 ---h--w- c:\progra~2\PKP_DLec.DAT
2009-05-31 19:53 . 2008-09-05 23:28 20 ---h--w- c:\progra~2\PKP_DLds.DAT
2009-05-30 20:40 . 2008-08-14 01:53 -------- d-----w- c:\program files\google
2009-05-30 19:55 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\progra~2\comodo
2009-05-29 23:42 . 2009-04-01 16:51 -------- d-----w- c:\program files\COMODO
2009-05-29 21:48 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(61)
2009-05-29 00:05 . 2008-09-04 23:41 -------- d-----w- c:\users\William Michels\AppData\Roaming\LimeWire
2009-05-28 21:17 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(62)
2009-05-28 20:31 . 2008-08-31 16:58 -------- d-----w- c:\progra~2\Avg8(54)
2009-05-17 15:26 . 2009-04-01 16:51 68640 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-14 14:45 . 2008-02-02 02:54 -------- d-----w- c:\progra~2\Microsoft Help
2009-05-14 14:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 23:18 . 2008-08-23 18:41 -------- d-----w- c:\users\William Michels\AppData\Roaming\GoodSync
2009-05-07 22:46 . 2009-04-11 03:35 -------- d-----w- c:\users\William Michels\AppData\Roaming\Azureus
2009-05-07 18:13 . 2009-05-07 18:13 -------- d-----w- c:\progra~2\Azureus
2009-04-26 15:08 . 2009-03-21 17:41 541696 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49 . 2008-12-10 05:00 350 ----a-w- c:\users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-22 21:52 . 2009-04-22 21:52 -------- d-----w- c:\program files\uTorrent
2009-04-11 03:39 . 2009-04-11 03:35 -------- d-----w- c:\program files\Vuze
2009-04-02 03:56 . 2009-03-21 17:41 79872 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57 . 2009-04-01 16:57 249592 ----a-w- c:\windows\system32\cssdll32.dll
2009-03-21 17:41 . 2009-03-21 17:41 349184 ----a-w- c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38 . 2009-04-17 00:42 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:42 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-09 18:51 . 2009-03-09 18:51 10134 ----a-r- c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2008-09-04 18:15 . 2008-09-04 18:15 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592]
"tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-07 12:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Webshots\Webshots.scr
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-07 12:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-07 16:14
ComboFix2.txt 2009-06-07 03:17
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 222,641,451,008 bytes free
246 --- E O F --- 2009-06-06 04:38
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 6/7/2009 1:45:29 PM for strings:
; 'comodo'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu]
@="Comodo Antivirus Context Menu Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1]
@="Comodo Antivirus Context Menu Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}]
@="Comodo AntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32]
@="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]
@="Comodo Antivirus Shell Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]
@="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup]
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security]
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog]
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security"
[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security"
; End Of The Log...