TechSpot

Internet continually being used

Resolved
By JohnWP
Aug 15, 2011
  1. My useage monitor shows continual upload and download of data, even when no browser or email application is open. I've attached an HJT log.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot, John.

    I'll be glad to check the logs from the programs given in the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    WE do not 'screen' for malware using HijackThis. Hopefully we can see if there is malware running in the background. If you are using any file sharing programs, they should be uninstalled or disabled.
    ====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. JohnWP

    JohnWP TS Rookie Topic Starter

    Log File

    Many thanks for your time, here is the Malwarebytes log file.


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7476

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    16/08/2011 08:45:38
    mbam-log-2011-08-16 (08-45-38).txt

    Scan type: Quick scan
    Objects scanned: 187009
    Time elapsed: 5 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. JohnWP

    JohnWP TS Rookie Topic Starter

    GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-16 09:04:06
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000066 WDC_WD10 rev.80.0
    Running: 0ffjls3w.exe; Driver: C:\Users\John\AppData\Local\Temp\pwtdrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Windows\system32\windrvNT.sys ZwQueryDirectoryFile [0xAC90A842]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp networx.sys (NetFilter SDK TDI Hook Driver (WPP)/NetFilterSDK.com)
    AttachedDevice \Driver\tdx \Device\Udp networx.sys (NetFilter SDK TDI Hook Driver (WPP)/NetFilterSDK.com)

    ---- EOF - GMER 1.0.15 ----
     
  5. JohnWP

    JohnWP TS Rookie Topic Starter

    DDS Log

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by John at 16:20:19 on 2011-08-16
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2814.1559 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\ZoneLabs\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\vsnp2std.exe
    C:\Windows\VM305_STI.EXE
    C:\Program Files\NetWorx\networx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Alwil Software\Avast5\setup\avast.setup
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://www.aldi.com
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [024h Lucky Reminder] "c:\program files\024h lucky reminder\LuckyReminder.exe" /m
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [snp2std] c:\windows\vsnp2std.exe
    mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
    mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Send to &Bluetooth Device...
    IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01} : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=15414&locale=en_UK&apn_uid=f92c8427-bcb5-4ff8-88f1-6b4f6b3ecd05&apn_ptnrs=N8&apn_sauid=1E96CCB9-3E4C-4FE0-9CC3-01AEE49B0935&apn_dtid=YYYYYYYYGB&q=
    FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    FF - Ext: FreeOnlineRadioPlayerRecorder Community Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: FreemakeConverter: fmconverter@gmail.com - c:\program files\freemake\freemake video converter\browserplugin\Firefox
    FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-9-8 39472]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-4 64512]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-5 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-20 309848]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-3-14 51640]
    R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-15 176128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-20 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-20 54104]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-5 42184]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
    R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2010-9-7 4096]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 603240]
    R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-12-7 52824]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-5-31 30392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 CPTMobileCS;CPTMobileCS; [x]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-13 136176]
    S2 tbbLoaderService;tbbLoaderService; [x]
    S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-9-27 17984]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
    S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-2 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-13 136176]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
    S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-12-23 38976]
    S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2010-12-23 53312]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
    S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-17 1343400]
    S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2006-5-8 391688]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-08-16 14:23:48 -------- d-----w- c:\users\john\appdata\local\{F0D5BB3F-512A-4048-9AEF-F6E82FD9ABB6}
    2011-08-16 14:23:37 -------- d-----w- c:\users\john\appdata\local\{D0DAB491-81B8-4B31-96CE-21DC04CAD515}
    2011-08-16 07:58:13 -------- d-----w- c:\users\john\appdata\local\{5235452C-676F-4A4B-94A2-9F819D9CF6F0}
    2011-08-16 07:38:51 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes
    2011-08-16 07:38:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 07:38:46 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-16 07:38:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-16 07:38:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 07:32:43 -------- d-----w- c:\users\john\appdata\local\{E80F238D-794B-4433-B5D0-C129F112CAF8}
    2011-08-16 07:32:32 -------- d-----w- c:\users\john\appdata\local\{45434D17-AB2C-49F9-A682-002A7A191478}
    2011-08-16 07:23:42 -------- d-----w- c:\users\john\appdata\local\{E98E7436-B92D-43C0-BBBE-DB0B5CCA1D09}
    2011-08-16 07:23:31 -------- d-----w- c:\users\john\appdata\local\{8F841B78-FEB0-451E-8F3E-2C20D996D4F5}
    2011-08-15 20:45:39 -------- d-----w- C:\Tools
    2011-08-15 20:30:53 -------- d-----w- c:\users\john\appdata\local\{6FBE9D48-27EE-46E8-9EAA-1E29C723E771}
    2011-08-15 20:30:40 -------- d-----w- c:\users\john\appdata\local\{162C34DF-EEAE-472D-8EB9-45B1719E2440}
    2011-08-15 15:51:45 -------- d-----w- c:\users\john\appdata\local\{74A61D18-CC8A-4AB6-BFEB-1102118424E7}
    2011-08-15 15:51:34 -------- d-----w- c:\users\john\appdata\local\{71AD1B17-5E60-4203-BAE3-516856E97461}
    2011-08-15 15:12:29 -------- d-----w- c:\users\john\appdata\local\{E301AE87-985C-4D9E-B2F9-9D1AFAB4192E}
    2011-08-15 15:08:35 -------- d-----w- c:\users\john\appdata\local\{FD655268-E8CC-48DB-A042-77F7471B3676}
    2011-08-15 15:08:23 -------- d-----w- c:\users\john\appdata\local\{9A25A9D5-D7E4-460E-8669-499AA9890911}
    2011-08-15 14:26:26 -------- d-----w- c:\program files\Trend Micro
    2011-08-15 14:05:49 -------- d-----w- c:\users\john\appdata\local\{69836BBB-F2D5-4C3C-B237-71FB2260149D}
    2011-08-15 14:05:38 -------- d-----w- c:\users\john\appdata\local\{48F63781-021A-44B9-B6B8-F728AAFAF0D5}
    2011-08-15 13:46:49 -------- d-----w- c:\users\john\appdata\local\{39C3D6CD-DD3D-4A04-935A-FECF4FCB1BD6}
    2011-08-15 13:46:28 -------- d-----w- c:\users\john\appdata\local\{E113C2D4-167E-4506-A900-19FD5EE550C2}
    2011-08-15 13:38:57 -------- d-----w- c:\users\john\appdata\local\{652BA45D-4F1F-4511-A3DC-971B2721A5C8}
    2011-08-15 13:38:34 -------- d-----w- c:\users\john\appdata\local\{27C2046D-EBD4-4F2F-81C8-02B1846D4949}
    2011-08-15 12:12:20 -------- d-----w- c:\users\john\appdata\local\{5668B599-6AB1-47D3-BD9E-274CC29CD8DF}
    2011-08-15 12:12:09 -------- d-----w- c:\users\john\appdata\local\{C8218681-18BA-49FF-9091-D9FE4C8234B3}
    2011-08-15 11:45:33 -------- d-----w- c:\users\john\appdata\local\{197FB695-4274-48B4-95F8-914F57180F74}
    2011-08-15 11:45:21 -------- d-----w- c:\users\john\appdata\local\{686F8873-2BF1-4631-B767-2654D26297F0}
    2011-08-15 08:43:34 -------- d-----w- c:\users\john\appdata\local\{36E885D4-25B5-45EA-AF83-52302FDCA966}
    2011-08-15 08:43:18 -------- d-----w- c:\users\john\appdata\local\{FAAFF6DD-6106-4171-A4A3-7A20BA893FC5}
    2011-08-15 02:35:33 -------- d-----w- c:\users\john\appdata\local\{49B24762-3C6B-4F30-B9C9-EE0C73506B9A}
    2011-08-15 02:35:22 -------- d-----w- c:\users\john\appdata\local\{B251ACD5-EF49-4B5F-B426-BDE2ADA4FF84}
    2011-08-13 20:56:03 -------- d-----w- c:\users\john\appdata\local\{E58EA261-E5D7-4FB7-9C1A-9FB6F40414B3}
    2011-08-13 20:55:51 -------- d-----w- c:\users\john\appdata\local\{B2F6305D-83B8-45E1-B79F-D0AEDD793476}
    2011-08-13 14:27:38 -------- d-----w- c:\users\john\appdata\local\{7CFC5C3E-A4A2-4004-879C-9E44AA66F9BA}
    2011-08-13 14:27:28 -------- d-----w- c:\users\john\appdata\local\{9D11124B-B473-422A-A65A-BA52073C53B9}
    2011-08-13 12:20:49 -------- d-----w- c:\users\john\appdata\local\{574498F7-1F4A-4063-A4E7-F43C7E7BD382}
    2011-08-13 12:20:38 -------- d-----w- c:\users\john\appdata\local\{C0630A15-E933-411B-9FC7-13C0DD6E80E3}
    2011-08-13 12:16:51 -------- d-----w- c:\users\john\appdata\local\{A93A3D27-5260-4C7E-AE52-7BE5E112A880}
    2011-08-13 12:16:40 -------- d-----w- c:\users\john\appdata\local\{D902B4D0-905E-4FDA-AAAD-7C5ADC9E12F5}
    2011-08-13 10:55:55 -------- d-----w- c:\users\john\appdata\local\{5B8A5773-02F9-48EB-BEB2-45AA5CA546ED}
    2011-08-13 10:55:44 -------- d-----w- c:\users\john\appdata\local\{737E5ACD-E1B9-437F-99F1-9A4817A77D0F}
    2011-08-12 07:55:28 -------- d-----w- c:\users\john\appdata\local\{82A86BC3-4360-42CF-A515-27163566ED4C}
    2011-08-12 07:55:17 -------- d-----w- c:\users\john\appdata\local\{8574DABF-F43D-4D7B-922B-FED921756CD5}
    2011-08-12 07:27:55 -------- d-----w- c:\users\john\appdata\local\{34375710-B7CE-43FC-80BB-21AA6DE0045F}
    2011-08-12 07:27:42 -------- d-----w- c:\users\john\appdata\local\{87113D1D-B98F-4413-8511-69A6978C1E5B}
    2011-08-12 07:22:03 -------- d-----w- C:\77399587e00fa6e89a1ce9edd1ab8824
    2011-08-12 07:17:24 -------- d-----w- c:\users\john\appdata\local\{EF0D1341-EDE2-4E6A-A560-B908A6E619E6}
    2011-08-12 07:17:08 -------- d-----w- c:\users\john\appdata\local\{5F555436-4454-4F27-9F07-3D4D3CF470F2}
    2011-08-11 21:56:34 -------- d-----w- c:\users\john\appdata\local\{47DEF489-D73C-4028-9F1C-95E1F3F1752C}
    2011-08-11 21:56:22 -------- d-----w- c:\users\john\appdata\local\{777E1AA3-0B4D-4FEB-92E0-7CE24DEA3591}
    2011-08-11 21:38:53 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
    2011-08-11 21:38:30 -------- d-----w- c:\program files\Microsoft Help Viewer
    2011-08-11 21:37:23 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2011-08-11 21:37:02 -------- d-----w- c:\program files\Application Verifier
    2011-08-11 21:34:31 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2011-08-11 13:57:10 -------- d-----w- c:\users\john\appdata\local\{4F8166A3-77EA-429D-841E-A7EA7F4F3273}
    2011-08-11 13:56:59 -------- d-----w- c:\users\john\appdata\local\{53D6556E-C8C5-420F-8192-B3B6BE508D08}
    2011-08-11 12:19:43 -------- d-----w- c:\users\john\appdata\local\{CA70DB12-D6A0-440E-81E9-FA5CC82A92F5}
    2011-08-11 12:19:30 -------- d-----w- c:\users\john\appdata\local\{ECA79E15-1AA9-4312-96BC-62FF20B0487A}
    2011-08-11 07:39:12 -------- d-----w- c:\users\john\appdata\local\{F0A929B7-6E1B-409F-9DC9-BC80D33D9022}
    2011-08-11 07:39:01 -------- d-----w- c:\users\john\appdata\local\{7FBC4FDF-DB43-4AC7-B9E0-23F227B5EBA0}
    2011-08-10 22:51:47 -------- d-----w- c:\users\john\appdata\local\{FD89214D-C251-4813-AAEC-7D782AC476EC}
    2011-08-10 22:51:32 -------- d-----w- c:\users\john\appdata\local\{EC59C4B9-7EE7-476E-B99F-ED5D1DDEBCA1}
    2011-08-10 21:12:11 -------- d-----w- c:\users\john\appdata\local\{7B064187-7D02-4B4B-A5AD-6FCD67A3CB2A}
    2011-08-10 21:11:57 -------- d-----w- c:\users\john\appdata\local\{E5FCAFF5-1F5C-4B74-A1B6-79938D4D8183}
    2011-08-10 20:53:45 -------- d-----w- c:\users\john\appdata\local\{674F1EBB-3D2A-45CD-86CC-DA8D344860F5}
    2011-08-10 20:53:34 -------- d-----w- c:\users\john\appdata\local\{4D20FE65-58DC-40D4-B6A9-DBC31860E9F3}
    2011-08-10 20:25:33 -------- d-----w- C:\461f73c93dbeb6b28611c2389cec38
    2011-08-10 20:16:29 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-08-10 20:16:29 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-08-10 20:16:28 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-08-10 20:16:28 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-08-10 20:16:27 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
    2011-08-10 20:16:26 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-08-10 20:13:12 -------- d-----w- c:\users\john\appdata\local\{429E1F7A-DD43-480A-9049-9CE8F7BCD675}
    2011-08-10 20:13:00 -------- d-----w- c:\users\john\appdata\local\{E802C02B-3C50-43BA-8AAE-FAED6BB72F00}
    2011-08-10 12:58:55 -------- d-----w- c:\users\john\appdata\local\{F90F70CB-5356-4D35-A017-ED44A1A856A2}
    2011-08-10 12:58:44 -------- d-----w- c:\users\john\appdata\local\{A61177B8-0FE6-4545-A1FD-D46491E330B9}
    2011-08-10 07:26:15 -------- d-----w- c:\users\john\appdata\local\{44D0C087-9D38-4609-A47F-D2D5E529E070}
    2011-08-10 07:25:58 -------- d-----w- c:\users\john\appdata\local\{383CC9F0-F06C-4A4B-966C-11DF4B6E5AF0}
    2011-08-09 20:22:15 -------- d-----w- c:\users\john\appdata\local\{29EA38FC-CB4B-4762-8C14-B83E26EEFD71}
    2011-08-09 20:21:58 -------- d-----w- c:\users\john\appdata\local\{45ECF77C-CE0B-4F0A-B5B7-D480E607D887}
    2011-08-09 19:36:35 -------- d-----w- c:\users\john\appdata\local\{82C4E282-C19E-4F5C-9D72-319D1C8274BE}
    2011-08-09 19:36:24 -------- d-----w- c:\users\john\appdata\local\{9178B765-ED05-4F56-A615-A97386EC421E}
    2011-08-09 17:55:28 -------- d-----w- c:\users\john\appdata\local\{78378DF0-60EC-4ABE-BE7A-8821CCEC439A}
    2011-08-09 17:55:16 -------- d-----w- c:\users\john\appdata\local\{FA4CEE9A-C664-4ECA-89E5-EBE469B7C349}
    2011-08-09 07:05:59 -------- d-----w- c:\users\john\appdata\local\{FA788C31-10DC-43B5-9AEE-A05EC6B60EA5}
    2011-08-09 06:48:30 -------- d-----w- c:\users\john\appdata\local\{E6EAE424-D767-4E4D-A4AB-C005CB517A73}
    2011-08-09 06:48:18 -------- d-----w- c:\users\john\appdata\local\{33B9445D-981D-4A68-9757-3E55E3492C52}
    2011-08-08 15:14:09 -------- d-----w- c:\users\john\appdata\local\{987391EA-08B2-4222-BE11-57A45E7D30E8}
    2011-08-08 15:13:58 -------- d-----w- c:\users\john\appdata\local\{1DFA0AD9-1F67-4F38-8D4D-25749B451F63}
    2011-08-08 14:52:45 -------- d-----w- c:\users\john\appdata\local\{28C69618-B557-4CBD-8CC8-F94188454FB1}
    2011-08-08 14:52:34 -------- d-----w- c:\users\john\appdata\local\{4E37B10B-4D22-43E6-BBCD-5E0F46A3A29A}
    2011-08-08 14:47:42 -------- d-----w- c:\users\john\appdata\local\{9AF2C132-F351-4757-B56B-F6C31EBC1475}
    2011-08-08 14:47:31 -------- d-----w- c:\users\john\appdata\local\{10B23A1A-B6FE-485C-A28E-F024B219B2AC}
    2011-08-08 14:34:01 -------- d-----w- c:\users\john\appdata\local\{BE789C39-F149-4714-8E68-846E138C371E}
    2011-08-08 14:33:50 -------- d-----w- c:\users\john\appdata\local\{1144DCB5-3C99-4D09-A323-13DCD6F1BFA4}
    2011-08-08 14:03:03 -------- d-----w- c:\users\john\appdata\local\{28703892-1E56-4E24-8940-FBE3E6063C9B}
    2011-08-08 14:02:52 -------- d-----w- c:\users\john\appdata\local\{86BBB37F-71F5-491A-AF13-871004026BE1}
    2011-08-08 10:14:46 -------- d-----w- c:\users\john\appdata\local\{C18C5F2E-7645-4126-AEE1-A72F18037646}
    2011-08-08 10:14:29 -------- d-----w- c:\users\john\appdata\local\{732CDE31-9458-408E-9D77-CB10E9634FE8}
    2011-08-08 07:29:11 -------- d-----w- c:\users\john\appdata\local\{22AFFEC9-C44F-429A-B6DE-977D87ED91CE}
    2011-08-08 07:29:00 -------- d-----w- c:\users\john\appdata\local\{B5D05F59-6136-4FE3-8912-8CDAA981F3F4}
    2011-08-07 17:25:05 -------- d-----w- c:\users\john\appdata\local\{BE5B1AFF-67FB-4147-9D5A-84EE95C91923}
    2011-08-07 17:24:54 -------- d-----w- c:\users\john\appdata\local\{E3F97CF6-034E-471B-9676-F9AD39BD2AD5}
    2011-08-07 09:08:50 -------- d-----w- c:\users\john\appdata\local\{CC763E93-70EC-48BB-BE2C-CEF04549A25B}
    2011-08-07 09:08:39 -------- d-----w- c:\users\john\appdata\local\{360FDB6B-B4B1-4190-83EF-AE4A5AA8FE0A}
    2011-08-07 09:05:24 -------- d-----w- c:\users\john\appdata\local\{0EC9FDAE-B4FC-498A-B03D-D9CD80922E3C}
    2011-08-07 09:05:13 -------- d-----w- c:\users\john\appdata\local\{1CC82146-9B3C-4682-A596-BB80CFC2C35A}
    2011-08-07 09:04:11 -------- d-----w- c:\users\john\appdata\local\{A324E6C9-18B7-479B-BFFE-26BCEC3A3846}
    2011-08-07 09:04:00 -------- d-----w- c:\users\john\appdata\local\{8784DBCA-2A67-4E17-927B-09FDD98B058D}
    2011-08-07 09:02:48 -------- d-----w- c:\users\john\appdata\local\{8A010F80-A1F2-49E2-9ADF-7F730C90675C}
    2011-08-07 09:02:37 -------- d-----w- c:\users\john\appdata\local\{CF8612BD-74F5-4A99-AFFA-EE9D8BC9F64E}
    2011-08-07 07:21:23 -------- d-----w- c:\users\john\appdata\local\{AF9F5B2F-41D3-4231-B4D9-3BD786ED974E}
    2011-08-07 07:21:12 -------- d-----w- c:\users\john\appdata\local\{761F64F0-B3FC-4C1E-BE92-F93F41D7E4FD}
    2011-08-06 09:29:52 -------- d-----w- c:\users\john\appdata\local\{504038E8-B62D-4A46-B378-065DAD01E649}
    2011-08-06 09:28:38 -------- d-----w- c:\users\john\appdata\local\{5354568F-672E-42A3-8ABE-6D681CB59740}
    2011-08-06 09:28:27 -------- d-----w- c:\users\john\appdata\local\{2FECDD78-A36D-403F-8137-852D7995FE9B}
    2011-08-06 09:21:51 -------- d-----w- c:\users\john\appdata\local\{33F401CC-0E44-41F6-BC53-323B27DEFCFD}
    2011-08-06 09:21:40 -------- d-----w- c:\users\john\appdata\local\{BF84FA22-8C5E-4B32-9363-537E39B1720A}
    2011-08-06 09:03:01 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bb61a8cc-b6f5-4751-a0e2-226b46839d69}\mpengine.dll
    2011-08-06 09:00:03 -------- d-----w- c:\users\john\appdata\local\{F08C47AF-6773-46F3-AF06-AA88150A7B14}
    2011-08-06 08:59:52 -------- d-----w- c:\users\john\appdata\local\{9AC9A47B-E315-4D5A-BEEE-35D0030CD7F8}
    2011-08-05 15:29:26 -------- d-----w- c:\users\john\appdata\local\{EA489822-161B-4BB7-94B3-848BD3379569}
    2011-08-05 15:29:15 -------- d-----w- c:\users\john\appdata\local\{70179188-A6D5-4F01-893F-F4665755E9BA}
    2011-08-05 10:21:07 -------- d-----w- c:\users\john\appdata\local\{03C21EA2-B384-4B3B-A817-225CAF2B073B}
    2011-08-05 10:20:56 -------- d-----w- c:\users\john\appdata\local\{5B16B198-D38D-4B02-BE4A-D0F2F7666AE4}
    2011-08-05 05:51:57 -------- d-----w- c:\programdata\Tarma Installer
    2011-08-05 05:51:57 -------- d-----w- c:\program files\DIY Kyoto
    2011-08-05 05:27:24 -------- d-----w- c:\users\john\appdata\local\{C6910970-FA8C-4467-A5CA-FA45394C9C3E}
    2011-08-05 05:27:05 -------- d-----w- c:\users\john\appdata\local\{624925E3-4570-4D14-AB49-2283A6BD5D8E}
    2011-08-04 21:53:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-08-04 21:53:25 -------- d-----w- c:\program files\Lavasoft
    2011-08-04 19:47:26 -------- d-----w- c:\users\john\appdata\local\{20C8E428-7A1A-465B-8615-5D6BCA973775}
    2011-08-04 19:47:15 -------- d-----w- c:\users\john\appdata\local\{34A957CC-CC8D-467E-8B6B-0490E4444673}
    2011-08-04 15:40:32 -------- d-----w- c:\users\john\appdata\local\{DD7A80CB-985A-4020-BFC6-70DEDF8C3C2C}
    2011-08-04 15:40:14 -------- d-----w- c:\users\john\appdata\local\{35F9947F-47E8-4C32-84DA-5CD0B351F4B6}
    2011-08-03 17:33:49 -------- d-----w- c:\program files\Lightworks
    2011-08-03 17:20:53 -------- d-----w- c:\users\john\appdata\local\{8517EADB-2596-45C6-B032-3D6E6ABDC8EF}
    2011-08-03 17:20:41 -------- d-----w- c:\users\john\appdata\local\{90207858-FFBE-40A7-9C95-B3B777A1BE7A}
    2011-08-03 14:39:06 -------- d-----w- c:\users\john\appdata\local\{2550D4BC-14A4-4FEF-B388-D8AE47BCABF3}
    2011-08-03 14:38:55 -------- d-----w- c:\users\john\appdata\local\{C5AAD98E-3F79-44C8-9BCA-6086D7BCD944}
    2011-08-03 13:40:24 -------- d-----w- c:\users\john\appdata\local\{DC214B8A-9B10-4748-84B1-A711B58AD85B}
    2011-08-03 13:40:12 -------- d-----w- c:\users\john\appdata\local\{43D8ECB9-C64B-49E1-8586-ACC7C7B039E0}
    2011-08-03 13:14:41 -------- d-----w- c:\users\john\appdata\local\{6E6658BE-7151-4648-B880-596F6F3C06ED}
    2011-08-03 13:14:25 -------- d-----w- c:\users\john\appdata\local\{C6B30CFA-4172-4BA8-BF1C-0B46FF37B541}
    2011-08-03 10:43:11 -------- d-----w- c:\users\john\appdata\local\{AF3BA700-7070-4C7C-B825-3821FFCBA601}
    2011-08-03 09:06:41 -------- d-----w- c:\users\john\appdata\local\{704911BB-66BA-4C11-A0CE-6000FD013065}
    2011-08-03 09:04:48 -------- d-----w- c:\users\john\appdata\local\{24DCB479-C062-4DFA-9DE8-60A1D21E2AE8}
    2011-08-03 09:04:28 -------- d-----w- c:\users\john\appdata\local\{815C95CC-D662-4593-B90E-BA55E07E2A04}
    2011-08-02 17:55:05 -------- d-----w- c:\users\john\appdata\local\{8045FEC8-15BB-4296-B22B-20D9BE5CFF2D}
    2011-08-02 17:54:53 -------- d-----w- c:\users\john\appdata\local\{7F48100A-B37E-4A08-93F7-69F86E1F618A}
    2011-08-02 16:38:13 -------- d-----w- c:\users\john\appdata\local\{FCFFAF70-ED6E-4F47-97FA-78690087DF95}
    2011-08-02 16:38:02 -------- d-----w- c:\users\john\appdata\local\{11F3747D-6821-4663-B2A6-CC1DDFA762D5}
    2011-08-02 08:07:31 -------- d-----w- c:\users\john\appdata\local\{D465FA84-C37B-47E5-8E48-75EE811A4B77}
    2011-08-02 08:07:13 -------- d-----w- c:\users\john\appdata\local\{40D33837-E0E1-46B1-AB97-211ED52BF90B}
    2011-08-01 21:26:54 -------- d-----w- c:\users\john\appdata\local\{96333C06-D566-41D3-A2AE-C06D97CB730A}
    2011-08-01 21:26:43 -------- d-----w- c:\users\john\appdata\local\{E11B8BEF-3DA6-4208-94E0-4537F2E9A3AC}
    2011-08-01 19:31:00 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
    2011-08-01 19:25:26 15712 ----a-w- c:\program files\common files\windows live\.cache\c43a08b31cc508003\MeshBetaRemover.exe
    2011-08-01 19:24:58 -------- d-----w- c:\users\john\appdata\local\{04E1ADE0-A7AA-41E5-A8E8-7B7A5CE575C8}
    2011-08-01 19:23:18 -------- d-----w- c:\users\john\appdata\local\{350DA65F-A2CA-4DB4-99DB-97F674A62CBF}
    2011-08-01 19:23:07 -------- d-----w- c:\users\john\appdata\local\{D5226CCC-5236-4954-8AC4-0BFEEAA78B94}
    2011-08-01 08:09:29 -------- d-----w- c:\users\john\appdata\local\{53B818EC-6418-4FF7-B8BA-2CBB08D01D32}
    2011-08-01 07:54:36 -------- d-----w- c:\users\john\appdata\local\{914ECD5D-044F-4409-9B3C-552ADF729CC4}
    2011-07-30 06:23:08 -------- d-----w- c:\users\john\appdata\local\{2F592A67-6A24-420B-857E-E8B22FBD4EC9}
    2011-07-28 18:02:24 -------- d-----w- c:\windows\MSAgent
    2011-07-28 17:24:08 -------- d-----w- c:\users\john\appdata\local\{0A4F6EFF-6E30-43C2-B4DA-EF094FB39358}
    2011-07-28 04:56:49 -------- d-----w- c:\users\john\appdata\local\{EB1E745D-AEB5-4BB9-AF63-C8D4A9EBA966}
    2011-07-28 03:22:19 -------- d-----w- c:\program files\Ask.com
    2011-07-27 16:18:26 -------- d-----w- c:\users\john\appdata\local\{DF610C63-3538-4681-A533-512589C4122E}
    2011-07-26 19:53:28 -------- d-----w- c:\users\john\appdata\local\{A4A2AD45-F132-47F2-AF27-3F691146ADC2}
    2011-07-26 06:35:08 -------- d-----w- c:\users\john\appdata\local\{FDE04222-9A77-4371-AB31-20DCF5B6FA80}
    2011-07-25 14:02:09 -------- d-----w- c:\users\john\appdata\local\{B36C4D93-3D30-471E-AC81-0BF5E0391382}
    2011-07-24 07:31:50 -------- d-----w- c:\users\john\appdata\local\{96E65376-D1E7-4850-90EB-D5DF56FDBA3D}
    2011-07-23 16:52:50 -------- d-----w- c:\users\john\appdata\local\{0337AA20-29B0-460A-A6D7-0E1C489FF075}
    2011-07-22 15:55:50 -------- d-----w- c:\users\john\appdata\local\{A2A4AA60-E97B-48F0-B2E6-5515FCC59017}
    2011-07-21 21:19:09 -------- d-----w- c:\users\john\appdata\local\{BE279EA4-2FC8-4B9A-BD16-88D2EBCC0DFF}
    2011-07-21 06:42:39 -------- d-----w- c:\users\john\appdata\local\{08CF9D50-23E9-4894-8797-171690743112}
    2011-07-20 21:12:24 -------- d-----w- c:\users\john\appdata\local\{4DBB0530-60DA-4BC3-A803-458D82024B7B}
    2011-07-20 06:09:29 -------- d-----w- c:\users\john\appdata\local\{672B512F-041D-4A47-90A8-79233067E882}
    2011-07-19 16:27:48 -------- d-----w- c:\users\john\appdata\local\{2480983A-3957-4AD4-8402-1282F8993E9B}
    2011-07-18 14:47:00 -------- d-----w- c:\users\john\appdata\local\{E84A2D50-1C61-42DD-A3C5-2C000DEF7E38}
    2011-07-17 21:21:44 -------- d-----w- c:\users\john\appdata\local\{4D693C69-AD79-481E-A0F2-B8B9E15FE697}
    .
    ==================== Find3M ====================
    .
    2011-08-04 21:58:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-12 22:25:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    .
    ============= FINISH: 16:22:10.63 ===============
     
  6. JohnWP

    JohnWP TS Rookie Topic Starter

    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 01/09/2010 21:14:38
    System Uptime: 16/08/2011 15:21:14 (1 hours ago)
    .
    Motherboard: MEDIONPC | | MS-7646
    Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 910 GiB total, 676.557 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 10.065 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    W: is FIXED (NTFS) - 1863 GiB total, 567.409 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP532: 10/08/2011 21:18:35 - Windows Update
    RP533: 11/08/2011 08:55:15 - Windows Update
    RP534: 12/08/2011 08:17:19 - Windows Update
    RP535: 12/08/2011 09:01:24 - Windows Update
    RP536: 14/08/2011 20:30:44 - Windows Backup
    RP538: 15/08/2011 11:58:26 - Revo Uninstaller's restore point - Adobe Digital Editions
    RP540: 15/08/2011 12:13:31 - Revo Uninstaller's restore point - Adobe Digital Editions
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    024h Lucky Reminder v1.83
    ACDSee
    Ad-Aware
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    AMCap
    AML Free Registry Cleaner 4.21
    Any Video Converter 3.1.8
    Apple Application Support
    Apple Software Update
    Application Verifier
    Ask Toolbar
    ATI Catalyst Install Manager
    Audacity 1.2.6
    AutoHotkey 1.0.48.05
    avast! Free Antivirus
    BB FlashBack 2 Express
    Bing Bar
    BT Broadband Desktop Help
    Canon MP Navigator EX 1.0
    CanoScan 8800F
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CDBurnerXP
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    CorelDRAW Essentials 4
    CorelDRAW Essentials 4 - Content
    CorelDRAW Essentials 4 - Draw
    CorelDRAW Essentials 4 - Extra Content
    CorelDRAW Essentials 4 - Filters
    CorelDRAW Essentials 4 - ICA
    CorelDRAW Essentials 4 - IPM - No VBA
    CorelDRAW Essentials 4 - Lang BR
    CorelDRAW Essentials 4 - Lang DE
    CorelDRAW Essentials 4 - Lang EN
    CorelDRAW Essentials 4 - Lang ES
    CorelDRAW Essentials 4 - Lang FR
    CorelDRAW Essentials 4 - Lang IT
    CorelDRAW Essentials 4 - Lang NL
    CorelDRAW Essentials 4 - PHOTO-PAINT
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDVD Copy
    D3DX10
    Debugging Tools for Windows (x86)
    DeskPins (remove only)
    DVD Shrink 3.2
    EPSON Print CD
    EPSON Printer Software
    EPSON Stylus Photo R285_290 Manual
    Express Rip
    Folder Lock
    Foxit Creator
    Free 3GP Video Converter version 4.0.1.718
    Free PDF to Word Converter 5.1.0.383
    Free Video Cutter 1.1
    Freemake Video Converter version 2.1.0
    GMapCatcher
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HijackThis 2.0.2
    Holmes 1.05
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Lightworks
    Logitech Webcam Software
    MailWasher Free 6.5.4
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Media Player Classic - Home Cinema v1.5.0.2827
    MediaJoin
    Medion Home Cinema
    Memory-Map OS Edition 2004
    Memory-Map OS Edition Version 5
    Mesh Runtime
    Messenger Companion
    Micrografx Picture Publisher 8
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft AutoRoute 2007
    Microsoft AutoRoute 2010
    Microsoft Help Viewer 1.0
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Sync Framework 2.0 SDK (x86) ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Windows Performance Toolkit
    Microsoft Windows SDK .NET Framework Tools (30514)
    Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
    Microsoft Windows SDK for Windows 7 (7.1)
    Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    Microsoft Windows SDK for Windows 7 Samples (30514)
    Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
    Microsoft Windows SDK MSHelp (30514)
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
    Mozilla Firefox (3.6.18)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 6
    Nero BurnLite 10
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    NetWorx 5.1.7
    Nokia Connectivity Cable Driver
    OGA Notifier 2.0.0048.0
    Orbit Downloader
    Orca
    PageManager
    Paragon Partition Manager 9.0 Special Edition
    PC Connectivity Solution
    PlayReady PC Runtime x86
    PrimoPDF -- by Nitro PDF Software
    Privacy Guardian 4.1
    QuickTime
    RAD Video Tools
    Rapport
    Realtek High Definition Audio Driver
    RecordPad Sound Recorder
    Recover My Files
    Recuva
    Registry Mechanic 8.0
    Revo Uninstaller 1.92
    RoboForm 7-4-1
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SilverFast CanonSDK-SE 6.6.2r4a
    SilverFast CanonSDK-SE TWAIN 6.5.5r2
    SIW version 2010.07.14
    Snooper Map Downloader
    SoundTap Streaming Audio Recorder
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Switch Sound File Converter
    SyncToy 2.1 (x86)
    tbbMeter Loader Service
    TightVNC 2.0.2
    Tonido 2.25.0.13193
    TrueCrypt
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    USB2.0 PC Camera (SN9C201&202)
    Ventura Updater
    VideoLAN VLC media player 0.8.6b
    VideoReDo Plus Version 3.10.3.609
    VideoReDo/Plus Version 2.5.6.512
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vuze
    Vuze Remote Toolbar
    WavePad Sound Editor
    Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Resource Kit Tools
    Windows SDK IntellisenseNFX
    WinMPG VideoConvert 6.6.2
    WinRAR archiver
    Wise PC Engineer 6.3.6
    ZoneAlarm
    .
    ==== Event Viewer Messages From Past Week ========
    .
    16/08/2011 15:22:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr
    16/08/2011 15:22:18, Error: Service Control Manager [7000] - The WinFLdrv service failed to start due to the following error: No more data is available.
    16/08/2011 15:22:08, Error: Service Control Manager [7000] - The tbbLoaderService service failed to start due to the following error: The system cannot find the path specified.
    16/08/2011 15:22:07, Error: Service Control Manager [7000] - The CPTMobileCS service failed to start due to the following error: The system cannot find the path specified.
    12/08/2011 08:13:48, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/08/2011 08:13:48, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
    10/08/2011 23:50:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    John, it's pretty easy to see why the internet is constantly being used:

    1. There are 130 entries of c:\users\john\appdata\local\{varying numerical strings} on the system between 7/17 and 8/16/2011. This is an enormous number of appdata.

    2. There are numerous entries for TB, BHO, auto-updaters>>> one of these is for the Askbar This is usually not something a user intentionally install. It's frequently pre-checked on a download screen and when it installs, it put trash all over the system. Other auto-updaters are Vuze Remote Toolbar, Conduit Engine, BingBar helper.

    3. There are extensive activities for the Orbit Downloader. Activities from this include;
    [o] Ability to grab and download embedded Flash Video files from sites like YouTube, Dailymotion, Metacafe, etc.
    [o] It 'accelerates' downloads by acting as a peer-to-peer client, utilizing bandwidth of other users.
    [o] Orbit Downloader is an advertising-supported product since it may change the web browser's homepage upon installation and also offers to install software that are not critical for its operation.

    4. On 8/10, these processes were activated:
    They are for ODBC (Open Database Connectivity) - a standard software interface for accessing database management systems (DBMS). Any application can use ODBC to query data from a database, regardless of the platform it is on or DBMS it uses.
    If you know what this is and you need to use it, expect some busy usage.

    5. On 8/11/2011, you added more activity:
    andonandonandonandon, etc.> And you wonder why the internet is being used! You have a reminder program, 024h Lucky Reminder v1.83 that's going to have to check the interenet 90 times a days to see what it needs to remind you of!
    ============================================
    Bottom line: It you want the internet usage to stop being used continually, I will need to do major surgery to remove the unsuitable processes. We may even find some malware! It's going to take a while and a fair amount of my time. So I want to know that you're going to stick with me and see this through.

    Here is my plan:
    1. Run Combo fix
    2. Run Eset Online Virus Scan
    3. Handle logs entries as appropriate for each: For Combofix, set up script to remove bad entries. For Eset, remove malware entries found with appropriate program.
    If you want to start-and finish with this, start with the following 2 scans. If you don't tell me now!
    4. Run any other programs as needed.
    ================Starting Line============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Recommend you uninstall the AML Free Registry Cleaner 4.21 We do not recommend anyone use a registry cleaner.
     
  8. JohnWP

    JohnWP TS Rookie Topic Starter

    Internet Useage

    I'm still with you and once again thank you.

    I ran Combofix and at stage 5 the computer froze. This has been happening quite a lot recently.

    I ran it again and this time it got to the stage of preparing a report then nothing happened. I left it for 15 mins. but it just sat there although it hadn't frozen.

    I disabled Avast before running Combofix but I'm not sure if it was completely disabled. I tried to unistall Avast but can't find it in the Uninstall Programmes window.

    Can you advise me please. In the meantime I'll try Combofix again.
     
  9. JohnWP

    JohnWP TS Rookie Topic Starter

    Internet Useage

    Here is the Combofix log. The previous problem was due to operator error. I hadn't disabled Avast properly.


    ComboFix 11-08-18.02 - John 18/08/2011 19:59:54.3.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2814.1687 [GMT 1:00]
    Running from: c:\users\John\Downloads\Malware Removal\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-18 19:09 . 2011-08-18 19:09 -------- d-----w- c:\users\JohnP\AppData\Local\temp
    2011-08-18 19:09 . 2011-08-18 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-17 18:30 . 2011-08-17 18:30 -------- d-----w- C:\Freemake_do_not_remove_this_folder634492062415583692
    2011-08-16 07:38 . 2011-08-16 07:38 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
    2011-08-16 07:38 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 07:38 . 2011-08-16 07:38 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-16 07:38 . 2011-08-16 07:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 07:38 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-15 20:45 . 2011-08-15 21:37 -------- d-----w- C:\Tools
    2011-08-15 14:26 . 2011-08-15 14:26 -------- d-----w- c:\program files\Trend Micro
    2011-08-12 07:22 . 2011-08-12 07:22 -------- d-----w- C:\77399587e00fa6e89a1ce9edd1ab8824
    2011-08-11 21:38 . 2011-08-11 21:38 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
    2011-08-11 21:38 . 2011-08-11 21:38 -------- d-----w- c:\program files\Microsoft Help Viewer
    2011-08-11 21:37 . 2011-08-11 21:37 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
    2011-08-11 21:37 . 2011-08-11 21:37 -------- d-----w- c:\program files\Application Verifier
    2011-08-11 21:34 . 2011-08-11 21:34 -------- d-----w- c:\windows\symbols
    2011-08-11 21:34 . 2011-08-11 21:34 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2011-08-10 20:25 . 2011-08-10 20:25 -------- d-----w- C:\461f73c93dbeb6b28611c2389cec38
    2011-08-10 20:16 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-08-10 20:16 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-08-10 20:16 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-08-10 20:16 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-08-10 20:16 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2011-08-10 20:16 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-08-06 09:03 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB61A8CC-B6F5-4751-A0E2-226B46839D69}\mpengine.dll
    2011-08-05 05:51 . 2011-08-05 05:51 -------- d-----w- c:\program files\DIY Kyoto
    2011-08-04 21:53 . 2011-07-21 13:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-08-04 21:53 . 2011-08-04 21:53 -------- d-----w- c:\program files\Lavasoft
    2011-08-03 17:33 . 2011-08-03 17:33 -------- d-----w- c:\program files\Lightworks
    2011-08-01 19:31 . 2011-08-01 19:31 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-08-01 19:25 . 2011-08-01 19:25 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c43a08b31cc508003\MeshBetaRemover.exe
    2011-07-28 18:02 . 2011-07-28 18:02 -------- d-----w- c:\windows\MSAgent
    2011-07-28 03:22 . 2011-07-28 03:22 -------- d-----w- c:\program files\Ask.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-04 21:58 . 2010-12-16 23:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-12 22:25 . 2011-06-01 08:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-04 11:43 . 2010-12-20 17:31 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-04 11:43 . 2010-12-20 17:31 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-04 11:36 . 2011-07-05 11:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-04 11:36 . 2010-12-20 17:32 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-04 11:35 . 2010-12-20 17:32 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-04 11:32 . 2010-12-20 17:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-04 11:32 . 2010-12-20 17:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-07-04 11:32 . 2010-12-20 17:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-06-11 02:37 . 2011-07-13 19:08 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-05-24 18:14 . 2010-02-16 10:43 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 10:35 . 2011-07-11 20:31 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-23 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-23 18:55 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-11-23 18:55 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-05-17 12:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-23 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-23 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "024h Lucky Reminder"="c:\program files\024h Lucky Reminder\LuckyReminder.exe" [2006-12-16 1567232]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-12 107000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
    "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2011-05-17 2794496]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ventura Updater.lnk]
    backup=c:\windows\pss\Ventura Updater.lnk.CommonStartup
    backupExtension=.CommonStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
    2005-08-05 22:15 61440 ----a-w- c:\windows\VM305_STI.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-11-02 14:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
    2010-12-07 17:30 913412 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    2009-11-20 12:15 817112 ----a-w- c:\program files\Registry Mechanic\RMTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2010-04-06 15:58 8555040 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
    2007-08-07 11:38 675840 ----a-w- c:\windows\vsnp2std.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tonido]
    2011-01-05 09:04 100864 ----a-w- c:\users\John\AppData\Roaming\Tonido\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
    2009-03-10 18:28 258048 ----a-w- c:\windows\tsnp2std.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 CPTMobileCS;CPTMobileCS; [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 136176]
    R2 tbbLoaderService;tbbLoaderService; [x]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-09-27 17984]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
    R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 136176]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-07-21 15232]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-03-14 38976]
    R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2011-03-14 53312]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
    R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
    R3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
    R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
    S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-03-28 39472]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-04-15 51640]
    S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
    S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-09-07 4096]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
    S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2010-12-07 52824]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 13:59]
    .
    2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:37]
    .
    2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Send to &Bluetooth Device...
    IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2dtlkfwg.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=15414&locale=en_UK&apn_uid=f92c8427-bcb5-4ff8-88f1-6b4f6b3ecd05&apn_ptnrs=N8&apn_sauid=1E96CCB9-3E4C-4FE0-9CC3-01AEE49B0935&apn_dtid=YYYYYYYYGB&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    FF - Ext: FreeOnlineRadioPlayerRecorder Community Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: FreemakeConverter: fmconverter@gmail.com - c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
    FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    SafeBoot-BsScanner
    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
    AddRemove-{DDFE692D-1C85-42C7-9642-EBE284AA4906} - c:\progra~2\TARMAI~1\{DDFE6~1\Setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,46,04,66,4a,35,a6,47,af,2c,7c,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,46,04,66,4a,35,a6,47,af,2c,7c,\
    .
    [HKEY_USERS\S-1-5-21-53921376-1388295128-1849786234-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-53921376-1388295128-1849786234-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-08-18 20:12:27
    ComboFix-quarantined-files.txt 2011-08-18 19:12
    .
    Pre-Run: 733,728,276,480 bytes free
    Post-Run: 733,646,069,760 bytes free
    .
    - - End Of File - - C60DF9A5CD23D76A352C039BEAD37A86
     
  10. JohnWP

    JohnWP TS Rookie Topic Starter

    ESET Online Scanner

    I tried to run the online scanner twice. Each time the scan starts but doesn't go beyond scanning 155 files. What am I doing wrong?
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You did not address any of the specifics I left.

    Nor can I pass directories like these:
    You have picked up the Askbar entries from every download screen that had it rechecked. Additionally, you even have it as a scheduled task to update. Stop this:

    I repeat: how can you be surprised that the internet is continually being used?!
    =================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    Folder::
    c:\program files\Ask.com
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ApnUpdater"=-
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Removing ASK entries
    1. Close all open Web browsers
    2. From the "Start" menu in Windows, select "Control Panel"
    3. Under the "Programs" icon, select "Uninstall a program"
    4. Select the program with the Ask logo and the text "Ask Toolbar" or any ASK related entries
    5. Do the same for Vuze and Vuze Remove Toolbar
    6. Do the same for the Conduit Engine
    7 Click "Uninstall" and then "Continue" to remove the Toolbar

    Use Windows Explorer to remove the program folder found here: C:\Program Files\AskPBar. If these is any other folder with ASK name, use the right click> delete to remove all.

    Use Windows Explorer and right click> delete on Conduit Engine folder as above.
    Use Windows Explorer to right click> delete on Vuze/Vuze remote Toolbar folder also.
    =======================
    Do not reboot the computer unless you are forced to after running the script. Go on to the next fix.
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    Kill All::
    File::
    DDS::
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Reboot the system and Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ======================
    Run TFC (Temp File Cleaner)
    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
    ======================
    Empty the Recycle Bin.
    =======================
    Try the Eset scan again.
     
  13. JohnWP

    JohnWP TS Rookie Topic Starter

    Internet Useage

    Hi Bobbye,

    I don't understand wht you mean when you say "You did not address any of the specifics I left.".

    I've uninstalled the Ask tooolbar, Vuze, the Vuze remote toolbar and Conduit Engine.

    I ran Combofix with the CF script as you instructed and it got to the "Producing Report" screen then just sat there. I tried twice and the same thing happened on both occasions.

    I ran Hijack This and the log file is below.

    I also ran the Eset scan again and the same thing happened as before, it scanned 135 files then stopped.

    I ran TFC and emptied the recycle bin.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:39:54, on 22/08/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\vsnp2std.exe
    C:\Windows\VM305_STI.EXE
    C:\Program Files\NetWorx\networx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\John\Downloads\Malware Removal\Hijack This\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
    O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [024h Lucky Reminder] "C:\Program Files\024h Lucky Reminder\LuckyReminder.exe" /m
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
    O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 10210 bytes
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    ============================================
    Please try running the script again. There is no point in attempting to go further if these entries can't be removed.

    It's possible that trying to remove so many entries won't work- in that case, you will need to reformat and reinstall.
     
  15. JohnWP

    JohnWP TS Rookie Topic Starter

    Internet being continually used

    Hi Bobbye,

    I tried running the script again several times with the same result, After this, when trying to start the computer it froze. This happened several times although it would start in safe mode.

    Bearing in mind your last comments I decided to go for a re-install and all is well now.

    Many thanks for your help, I really appreciate it.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update. I'm leaving some tips to help keep the system clean:

    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.