TechSpot

My adobie flash keeps acting up

By Problemsrbad
Jun 16, 2011
  1. On my win 7 laptop machine the Adobie flash keeps messing up. I uninstall and reinstall it works fine until i reboot the machine it says flash not installed. Please help me fix this issue. Also the Gmer log was empty.
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6872

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    6/16/2011 2:48:33 PM
    mbam-log-2011-06-16 (14-48-33).txt

    Scan type: Quick scan
    Objects scanned: 178184
    Time elapsed: 4 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft (Trojan.Agent.MSGen) -> Value: Microsoft -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft (Trojan.Agent.MSGen) -> Value: Microsoft -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Dan-LT\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

    .
    DDS (Ver_2011-06-12.02) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Dan-LT at 15:03:34 on 2011-06-16
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2776 [GMT -4:00]
    .
    AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVComS.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Google Update] "C:\Users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    mRun: [LVCOMS] C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE
    mRun: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: C:\Windows\system32\VilonguLSP.dll
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
    DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
    DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
    DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
    DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
    DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
    DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5}\24F4242495D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 24.247.24.53 66.189.0.100
    TCP: Interfaces\{03C2D23D-F1AB-4F69-B36B-0B2AF16868D5}\E4F62716020264F68772370296D41636 : DhcpNameServer = 10.0.2.1
    TCP: Interfaces\{79FE0CC7-3458-4EB0-9DE4-247CA439DBF0} : NameServer = 10.54.56.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {D47KAE77-WB23-333V-HH41-NO7F2MI7K5R1} - C:\Users\Dan-LT\AppData\Roaming\System32\cmd.exe
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO-X64: RoboForm BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    mRun-x64: [LVCOMS] C:\Program Files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE
    mRun-x64: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dan-LT\AppData\Roaming\Mozilla\Firefox\Profiles\87qe5y5f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
    FF - prefs.js: network.proxy.socks - 24.1.228.237
    FF - prefs.js: network.proxy.socks_port - 1191
    FF - prefs.js: network.proxy.type - 4
    FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Dan-LT\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Dan-LT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Dan-LT\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-4-27 353168]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-5-31 366640]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
    R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
    R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
    R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
    R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-3 136176]
    S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-29 225280]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-1-27 844320]
    S4 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    S4 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-9-24 91392]
    S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720]
    S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
    .
    =============== Created Last 30 ================
    .
    2011-06-16 00:36:36 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
    2011-06-16 00:36:27 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-06-16 00:36:27 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-16 00:36:20 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-16 00:36:19 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-06-16 00:36:19 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-06-16 00:36:09 3133952 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-16 00:35:37 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-06-16 00:35:37 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-06-16 00:35:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-06-16 00:35:33 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-06-16 00:35:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-06-16 00:35:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-06-16 00:35:20 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-06-15 02:35:15 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\go
    2011-06-15 02:35:09 -------- d-----w- C:\ProgramData\Easybits GO
    2011-06-15 02:32:45 -------- d-----w- C:\ProgramData\Skype Extras
    2011-06-14 08:14:10 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62C830D4-B8FE-4192-BD02-7724FA06A12B}\mpengine.dll
    2011-06-13 01:01:18 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-07 04:41:01 -------- d-----w- C:\Users\Dan-LT\AppData\Local\{B82AC0BC-0592-4253-B53E-54D1CCED2863}
    2011-06-06 20:21:00 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\picpick
    2011-06-04 07:20:23 -------- d-----w- C:\Users\Dan-LT\AppData\Local\_
    2011-05-29 20:00:03 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\SynthMaker
    2011-05-29 19:57:10 -------- d-----w- C:\ProgramData\Acoustica
    2011-05-29 19:57:10 -------- d-----w- C:\Program Files (x86)\VST
    2011-05-29 19:57:10 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 5
    2011-05-29 19:54:05 -------- d-----w- C:\Users\Dan-LT\AppData\Roaming\Acoustica
    2011-05-29 19:54:04 57344 ----a-w- C:\Windows\SysWow64\Wnaspint.dll
    2011-05-29 19:53:42 -------- d-----w- C:\Program Files (x86)\Acoustica Shared Effects
    2011-05-24 21:42:22 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-24 17:52:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-24 17:52:54 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    .
    ==================== Find3M ====================
    .
    2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-04 13:42:58 89088 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-13 19:04:38 45432 ----a-w- C:\Windows\System32\drivers\point64.sys
    2011-04-13 19:04:38 23960 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
    2011-04-12 01:19:14 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
    2011-04-12 01:19:14 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
    2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 03:00:28 464896 ----a-w- C:\Windows\System32\ipcoin815.dll
    2011-03-25 03:23:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-03-25 03:23:03 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-03-25 03:23:03 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-03-25 03:22:57 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-03-25 03:22:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-03-25 03:22:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-03-25 03:22:51 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    .
    ============= FINISH: 15:04:22.17 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/2/2010 1:12:27 PM
    System Uptime: 6/16/2011 2:49:40 PM (1 hours ago)
    .
    Motherboard: Gateway | | SJV50TR
    Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 50.884 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&51FBC45&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&51FBC45&0&01
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP313: 5/24/2011 5:42:10 PM - Windows Update
    RP314: 5/25/2011 2:15:34 AM - Windows Update
    RP315: 5/27/2011 5:02:09 AM - Windows Update
    RP316: 5/31/2011 6:59:07 AM - Windows Update
    RP317: 6/3/2011 4:57:55 PM - Windows Update
    RP318: 6/5/2011 1:08:53 PM - Removed IObit Toolbar v4.4.
    RP319: 6/7/2011 10:30:08 PM - Windows Update
    RP320: 6/10/2011 7:21:46 AM - Windows Update
    RP321: 6/12/2011 1:36:16 PM - Installed Java(TM) 6 Update 26
    RP322: 6/12/2011 8:54:47 PM - Installed Adobe Reader X.
    RP323: 6/14/2011 4:13:41 AM - Windows Update
    RP324: 6/16/2011 3:00:22 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acoustica Effects Pack
    Acoustica Mixcraft 5
    Acrobat.com
    ActivePerl 5.10.1 Build 1006
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS5
    Adobe Reader X (10.0.1)
    Advanced SystemCare 4
    AI RoboForm 7-0-72 (All Users)
    AIM 7
    AMD USB Filter Driver
    ASCOM Platform 5.0b
    Atheros Driver Installation Program
    Backup Manager Basic
    Cake Poker
    Call of Duty: Black Ops - Multiplayer
    Camfrog Video Chat 6.0
    CamfrogWEB Advanced ActiveX Plugin (remove only)
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    ClubWPT
    D3DX10
    Dark Age of Camelot
    Darkfall US
    Directory Submitter 1.0.29
    DivX Setup
    EasyBits GO
    Epson Easy Photo Print 2
    ESET Online Scanner v3
    Eyeball Chat
    FLVTube Player
    Foxit Reader
    Full Tilt Poker
    Game Booster
    Gateway Games
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Updater
    Google Earth
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Hotspot Shield 1.57
    iCall
    iDEN Carrier RSS
    Identity Card
    ImgBurn
    IMVU Avatar Chat Software
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Kermit
    Launch Manager
    Logitech QuickCam
    Logitech Vid HD
    Malwarebytes' Anti-Malware version 1.51.0.1200
    ManyCam 2.4 (remove only)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft WorldWide Telescope
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Motorola Driver Installation
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OUGO Messenger
    Panda Cloud Antivirus
    PDF Settings CS5
    PicPick
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Skype™ 5.3
    SpywareBlaster 4.4
    Steam
    Tor 0.2.1.30
    Tube Toolbox
    TVAnts 1.0
    Universal Document Converter (Demo)
    Unlocker 1.9.0
    VC80CRTRedist - 8.0.50727.4053
    Veo Advanced Connect
    Vidalia 0.2.10
    Video Web Camera
    Vilongu HTTP SOCKS tunneler 1.0.0
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.5
    Vuze
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Xvid 1.2.1 final uninstall
    Y!Supra version 1.0.0.63
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/16/2011 3:02:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/16/2011 2:50:11 PM, Error: Service Control Manager [7000] - The X4HSX32 service failed to start due to the following error: The system cannot find the path specified.
    6/16/2011 2:50:06 PM, Error: Service Control Manager [7000] - The Hotspot Shield Service service failed to start due to the following error: The system cannot find the file specified.
    6/16/2011 2:49:58 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    6/16/2011 2:49:58 PM, Error: atikmdag [43029] - Display is not active
    6/16/2011 2:49:55 PM, Error: volmgr [46] - Crash dump initialization failed!
    6/16/2011 12:24:51 AM, Error: amdsata [11] - The driver detected a controller error on \Device\RaidPort0.
    6/15/2011 11:59:24 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/13/2011 6:36:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to the Virus and Malware Forum. I'll be glad to help see if any malware is involved in the problem.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Reminder to be patient
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    I'd like to mention that many users who have the Hotspot Shield Monitoring Service installed, frequently experience problems. Whether this is related to your problem remains to be seen. =====================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ======================================
    Please run this Security Check:
    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Please paste the 3 logs into your next reply.
     
  3. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\d50c015-2ce530d6 Java/Agent.BV trojan
    C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2f31845f-17549821 Java/Agent.BV trojan
    C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\68b74c9f-58a319be probably a variant of Java/Agent.BR trojan
    C:\Users\Dan-LT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6b4d836b-7e540643 Java/Agent.BV trojan



    ComboFix 11-06-16.01 - Dan-LT 06/17/2011 11:50:07.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2688 [GMT -4:00]
    Running from: c:\users\Dan-LT\Desktop\ComboFix.exe
    AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Dan-LT\AppData\Roaming\Dan-LTlog.dat
    c:\users\Dan-LT\AppData\Roaming\gMozilla
    c:\users\Dan-LT\AppData\Roaming\gMozilla\gFirefox\profiles.ini
    c:\users\Dan-LT\AppData\Roaming\system32
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-17 15:57 . 2011-06-17 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-17 10:55 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74EF9A2F-D69C-463A-B4F3-370C41D7DAAA}\mpengine.dll
    2011-06-16 00:36 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 00:36 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-16 00:36 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 00:36 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 00:36 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 00:36 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 00:36 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
    2011-06-16 00:35 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-16 00:35 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 00:35 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 00:35 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 00:35 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-06-16 00:35 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 00:35 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-06-15 02:32 . 2011-06-16 20:41 -------- d-----w- c:\programdata\Skype Extras
    2011-06-15 02:32 . 2011-06-15 02:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2011-06-13 01:01 . 2011-06-13 19:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-12 17:38 . 2011-06-12 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-06-07 04:41 . 2011-06-07 04:41 -------- d-----w- c:\users\Dan-LT\AppData\Local\{B82AC0BC-0592-4253-B53E-54D1CCED2863}
    2011-06-06 20:21 . 2011-06-06 20:21 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\picpick
    2011-06-04 07:20 . 2011-06-04 07:20 -------- d-----w- c:\users\Dan-LT\AppData\Local\_
    2011-05-29 20:00 . 2011-05-29 20:00 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\SynthMaker
    2011-05-29 19:57 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
    2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\programdata\Acoustica
    2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\program files (x86)\VST
    2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\Acoustica
    2011-05-29 19:54 . 2009-12-14 19:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
    2011-05-29 19:53 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
    2011-05-24 21:42 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-24 17:52 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-24 17:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 13:11 . 2010-04-20 01:05 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2010-04-19 18:13 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-05-04 13:43 . 2011-05-04 13:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-05-04 13:43 . 2011-05-04 13:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-05-04 13:43 . 2011-05-04 13:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-05-04 13:43 . 2011-05-04 13:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-05-04 13:43 . 2011-05-04 13:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-05-04 13:43 . 2011-05-04 13:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-05-04 13:43 . 2011-05-04 13:43 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-05-04 13:43 . 2011-05-04 13:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-05-04 13:43 . 2011-05-04 13:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-05-04 13:43 . 2011-05-04 13:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-05-04 13:43 . 2011-05-04 13:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-05-04 13:43 . 2011-05-04 13:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-05-04 13:43 . 2011-05-04 13:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-05-04 13:43 . 2011-05-04 13:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-05-04 13:43 . 2011-05-04 13:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-05-04 13:43 . 2011-05-04 13:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-05-04 13:43 . 2011-05-04 13:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-05-04 13:42 . 2011-05-04 13:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-04 13:42 . 2011-05-04 13:42 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-05-04 13:42 . 2011-05-04 13:42 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-05-04 13:42 . 2011-05-04 13:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-04 13:42 . 2011-05-04 13:42 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-05-04 13:42 . 2011-05-04 13:42 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-05-04 13:42 . 2011-05-04 13:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-05-04 13:42 . 2011-05-04 13:42 448512 ----a-w- c:\windows\system32\html.iec
    2011-05-04 13:42 . 2011-05-04 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-04 13:42 . 2011-05-04 13:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-04 13:42 . 2011-05-04 13:42 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-05-04 13:42 . 2011-05-04 13:42 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-05-04 13:42 . 2011-05-04 13:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-04 13:42 . 2011-05-04 13:42 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-04 13:42 . 2011-05-04 13:42 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-05-04 13:42 . 2011-05-04 13:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-04 13:42 . 2011-05-04 13:42 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-05-04 13:42 . 2011-05-04 13:42 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-05-04 13:42 . 2011-05-04 13:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-05-04 08:52 . 2010-04-20 05:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
    2011-04-13 19:04 . 2011-04-13 19:04 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2011-04-12 01:19 . 2011-04-12 01:19 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
    2011-04-12 01:19 . 2011-04-12 01:19 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
    2011-04-09 06:45 . 2011-05-11 16:13 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:13 . 2011-05-11 16:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:13 . 2011-05-11 16:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
    2011-03-25 03:23 . 2011-05-11 16:13 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:23 . 2011-05-11 16:13 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:23 . 2011-05-11 16:13 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:22 . 2011-05-11 16:13 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:22 . 2011-05-11 16:13 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:22 . 2011-05-11 16:13 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-25 03:22 . 2011-05-11 16:13 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
    "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 597736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "LVCOMS"="c:\program files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
    "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
    R3 ALSysIO;ALSysIO;c:\users\Dan-LT\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 X6va001;X6va001;c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp [x]
    R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    R4 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001Core.job
    - c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001UA.job
    - c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    LSP: c:\windows\system32\VilonguLSP.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{79FE0CC7-3458-4EB0-9DE4-247CA439DBF0}: NameServer = 10.54.56.1
    FF - ProfilePath - c:\users\Dan-LT\AppData\Roaming\Mozilla\Firefox\Profiles\87qe5y5f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
    FF - prefs.js: network.proxy.socks - 24.1.228.237
    FF - prefs.js: network.proxy.socks_port - 1191
    FF - prefs.js: network.proxy.type - 4
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
    "ImagePath"="\??\c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-06-17 12:01:34
    ComboFix-quarantined-files.txt 2011-06-17 16:01
    .
    Pre-Run: 56,339,492,864 bytes free
    Post-Run: 57,408,536,576 bytes free
    .
    - - End Of File - - F4A5CE628BFC6A92F863A426445C19F3


    Results of screen317's Security Check version 0.99.13
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    Panda Cloud Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Adobe Flash Player 10.3.181.22
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Panda Security Panda Cloud Antivirus PSANHost.exe
    Panda Security Panda Cloud Antivirus PSUNMain.exe
    ``````````End of Log````````````
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The Eset log shows the entres in the Java cache:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ==================================================
    Open VirusTotal
    • Open Windows Explorer: Windows key + E> Go to Tools> Folder Options> View tab> Cleck 'show hidden files and folders.'> Apply> OK
    • At the upload site, click once inside the window next to Browse.
    • Press Ctrl+V to paste each of the following, one at a time into the window
      1. explorer.exe (Path is C:Windows)
      2. userinit.exe (Path is C:Windows System32
      3. svchost.exe (Path is C:\Window\System32[/b]
    • Click on the Upload button.
    • IF file shows 'already analyzed' press Reanalyze now button

    When scans have all been done, please go back and check 'do not show hidden files and folders'> Apply> OK.

    Please post the scan results in your next reply.
     
  5. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    explorer.exe
    explorer.exe
    Submission date:
    2011-06-17 20:57:41 (UTC)
    Current status:
    finished
    Result:
    0/ 39 (0.0%)

    VT Community

    not reviewed
    Safety score: -
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.06.18.00 2011.06.17 -
    AntiVir 7.11.10.12 2011.06.17 -
    Antiy-AVL 2.0.3.7 2011.06.17 -
    Avast5 5.0.677.0 2011.06.17 -
    AVG 10.0.0.1190 2011.06.17 -
    BitDefender 7.2 2011.06.17 -
    CAT-QuickHeal 11.00 2011.06.17 -
    ClamAV 0.97.0.0 2011.06.17 -
    Commtouch 5.3.2.6 2011.06.17 -
    Comodo 9103 2011.06.17 -
    eSafe 7.0.17.0 2011.06.15 -
    eTrust-Vet 36.1.8393 2011.06.17 -
    F-Prot 4.6.2.117 2011.06.17 -
    F-Secure 9.0.16440.0 2011.06.17 -
    Fortinet 4.2.257.0 2011.06.17 -
    GData 22 2011.06.17 -
    Ikarus T3.1.1.104.0 2011.06.17 -
    Jiangmin 13.0.900 2011.06.17 -
    K7AntiVirus 9.106.4822 2011.06.17 -
    Kaspersky 9.0.0.837 2011.06.17 -
    McAfee 5.400.0.1158 2011.06.17 -
    McAfee-GW-Edition 2010.1D 2011.06.17 -
    Microsoft 1.6903 2011.06.13 -
    NOD32 6218 2011.06.17 -
    Norman 6.07.10 2011.06.17 -
    nProtect 2011-06-17.01 2011.06.17 -
    Panda 10.0.3.5 2011.06.17 -
    PCTools 7.0.3.5 2011.06.17 -
    Prevx 3.0 2011.06.17 -
    Rising 23.62.03.03 2011.06.17 -
    Sophos 4.66.0 2011.06.17 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.17 -
    Symantec 20111.1.0.186 2011.06.17 -
    TheHacker 6.7.0.1.230 2011.06.14 -
    TrendMicro 9.200.0.1012 2011.06.17 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -
    VIPRE 9611 2011.06.17 -
    ViRobot 2011.6.17.4519 2011.06.17 -
    VirusBuster 14.0.84.1 2011.06.17 -
    Additional information
    MD5 : 0862495e0c825893db75ef44faea8e93
    SHA1 : e4b9a40fa341bcb82f20c9c3cefad84825e0d194
    SHA256: d190b84f29a6f22acfc313373301a848a927882cf728ca6d72eed4073dfc2b75

    userinit.exe
    File name:
    userinit.exe
    Submission date:
    2011-06-17 21:00:42 (UTC)
    Current status:
    finished
    Result:
    0/ 42 (0.0%)

    VT Community

    malware
    Safety score: 0.0%
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.06.18.00 2011.06.17 -
    AntiVir 7.11.10.12 2011.06.17 -
    Antiy-AVL 2.0.3.7 2011.06.17 -
    Avast 4.8.1351.0 2011.06.17 -
    Avast5 5.0.677.0 2011.06.17 -
    AVG 10.0.0.1190 2011.06.17 -
    BitDefender 7.2 2011.06.17 -
    CAT-QuickHeal 11.00 2011.06.17 -
    ClamAV 0.97.0.0 2011.06.17 -
    Commtouch 5.3.2.6 2011.06.17 -
    Comodo 9103 2011.06.17 -
    DrWeb 5.0.2.03300 2011.06.17 -
    Emsisoft 5.1.0.8 2011.06.17 -
    eSafe 7.0.17.0 2011.06.15 -
    eTrust-Vet 36.1.8393 2011.06.17 -
    F-Prot 4.6.2.117 2011.06.17 -
    Fortinet 4.2.257.0 2011.06.17 -
    GData 22 2011.06.17 -
    Ikarus T3.1.1.104.0 2011.06.17 -
    Jiangmin 13.0.900 2011.06.17 -
    K7AntiVirus 9.106.4822 2011.06.17 -
    Kaspersky 9.0.0.837 2011.06.17 -
    McAfee 5.400.0.1158 2011.06.17 -
    McAfee-GW-Edition 2010.1D 2011.06.17 -
    Microsoft 1.6903 2011.06.13 -
    NOD32 6218 2011.06.17 -
    Norman 6.07.10 2011.06.17 -
    nProtect 2011-06-17.01 2011.06.17 -
    Panda 10.0.3.5 2011.06.17 -
    PCTools 7.0.3.5 2011.06.17 -
    Prevx 3.0 2011.06.17 -
    Rising 23.62.03.03 2011.06.17 -
    Sophos 4.66.0 2011.06.17 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.17 -
    Symantec 20111.1.0.186 2011.06.17 -
    TheHacker 6.7.0.1.230 2011.06.14 -
    TrendMicro 9.200.0.1012 2011.06.17 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -
    VBA32 3.12.16.2 2011.06.17 -
    VIPRE 9611 2011.06.17 -
    ViRobot 2011.6.17.4519 2011.06.17 -
    VirusBuster 14.0.84.1 2011.06.17 -
    Additional information
    MD5 : 6de80f60d7de9ce6b8c2ddfdf79ef175
    SHA1 : 8d439a6186ff526403989ac217dfe8e3a2d8bc2c
    SHA256: 7784a6cada74e314e7d79573ad9e490f4a36e0deb86c07732a75856a7e8f1e3a

    svchost.exe
    File name:
    svchost.exe
    Submission date:
    2011-06-17 21:10:35 (UTC)
    Current status:
    finished
    Result:
    1/ 42 (2.4%)

    VT Community

    goodware
    Safety score: 74.3%
    Compact
    Print results
    Antivirus Version Last Update Result
    AhnLab-V3 2011.06.18.00 2011.06.17 -
    AntiVir 7.11.10.12 2011.06.17 -
    Antiy-AVL 2.0.3.7 2011.06.17 -
    Avast 4.8.1351.0 2011.06.17 -
    Avast5 5.0.677.0 2011.06.17 -
    AVG 10.0.0.1190 2011.06.17 -
    BitDefender 7.2 2011.06.17 -
    CAT-QuickHeal 11.00 2011.06.17 -
    ClamAV 0.97.0.0 2011.06.17 -
    Commtouch 5.3.2.6 2011.06.17 -
    Comodo 9103 2011.06.17 -
    DrWeb 5.0.2.03300 2011.06.17 -
    eSafe 7.0.17.0 2011.06.15 Win32.TrojanHorse
    eTrust-Vet 36.1.8393 2011.06.17 -
    F-Prot 4.6.2.117 2011.06.17 -
    F-Secure 9.0.16440.0 2011.06.17 -
    Fortinet 4.2.257.0 2011.06.17 -
    GData 22 2011.06.17 -
    Ikarus T3.1.1.104.0 2011.06.17 -
    Jiangmin 13.0.900 2011.06.17 -
    K7AntiVirus 9.106.4822 2011.06.17 -
    Kaspersky 9.0.0.837 2011.06.17 -
    McAfee 5.400.0.1158 2011.06.17 -
    McAfee-GW-Edition 2010.1D 2011.06.17 -
    Microsoft 1.6903 2011.06.13 -
    NOD32 6218 2011.06.17 -
    Norman 6.07.10 2011.06.17 -
    nProtect 2011-06-17.01 2011.06.17 -
    Panda 10.0.3.5 2011.06.17 -
    PCTools 7.0.3.5 2011.06.17 -
    Prevx 3.0 2011.06.17 -
    Rising 23.62.03.03 2011.06.17 -
    Sophos 4.66.0 2011.06.17 -
    SUPERAntiSpyware 4.40.0.1006 2011.06.17 -
    Symantec 20111.1.0.186 2011.06.17 -
    TheHacker 6.7.0.1.230 2011.06.14 -
    TrendMicro 9.200.0.1012 2011.06.17 -
    TrendMicro-HouseCall 9.200.0.1012 2011.06.17 -
    VBA32 3.12.16.2 2011.06.17 -
    VIPRE 9611 2011.06.17 -
    ViRobot 2011.6.17.4519 2011.06.17 -
    VirusBuster 14.0.84.1 2011.06.17 -
    Additional information
    MD5 : 54a47f6b5e09a77e61649109c6a08866
    SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
    SHA256: 121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2


    esafe?
     
  6. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Back early. Have a happy Fathers day! :)
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Uninstall the Adobe Flash player that is on the system now. Look for an uninstaller first in the program. If there is none, uninstall it in Programs.

    The most current is v10.3.181.26. Go here to download: http://get.adobe.com/flashplayer/
    When you do the download, save it to the desktop. Then double click on that setup file on the desktop to install the program.

    If that doesn't handled it, please give me an accurate description of "Adobie flash keeps messing up".
    It almost sounds like you're not running the setup.
     
  8. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Ok, I just did that now, did that before about 4 times, still the same thing. When I go to Facebook on Internet Explorer try to play a game it says I need to install Adobie Flash. It works fine with FireFox because its using FoxIt. What is that eSafe showing a trojan on the svchost.exe file?

    I just reinstalled Adobie Flash again using I.E., now it works fine. But what is that eSafe showing a trojan with the svchost.exe file?
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I don't know what that entry is doing loose at the bottom of the scan. Why is it down there with a ? mark.
    For information on esafe, please see this: http://www.safenet-inc.com/aladdin-content/esafe/default/
    ==============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp
    Folder::
    c:\users\Default\AppData\Local\temp
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 4"=-
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
    "ImagePath"=-
    Driver::
    AdvancedSystemCareService
    X6va001
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ============================================
    I don't see [b[Foxy Proxy[/b] on Firefox, but I notice these entries:
    FF - prefs.js: network.proxy.socks - 24.1.228.237
    FF - prefs.js: network.proxy.socks_port - 1191


    Do you know the source of these entries? Did you set them?

    Are there any system problems remaining?
     
  10. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Can you please explain to me what is wrong with IOBit's Advanced System Care please? I have buy the Pro, uninstalling it would be wasting my money. They have numerous awards http://www.iobit.com/awards.html

    As far as the eSafe at the end, I added that. I wanted to know what that was about?

    No, I did not enter these:
    FF - prefs.js: network.proxy.socks - 24.1.228.237
    FF - prefs.js: network.proxy.socks_port - 1191

    The system seems ok apart from this proxy setting and the eSafe trojan in the svchost.exe file?
     
  11. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    ComboFix 11-06-21.03 - Dan-LT 06/21/2011 14:13:19.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2595 [GMT -4:00]
    Running from: c:\users\Dan-LT\Desktop\ComboFix.exe
    Command switches used :: c:\users\Dan-LT\Desktop\CFScript.txt
    AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe"
    "c:\users\Dan-LT\AppData\Local\Temp\00125D8.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    c:\users\Default\AppData\Local\temp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_X6VA001
    -------\Service_AdvancedSystemCareService
    -------\Service_X6va001
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-21 18:26 . 2011-06-21 18:26 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-06-21 18:26 . 2011-06-21 18:26 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2011-06-21 18:26 . 2011-06-21 18:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-06-21 13:43 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE7A804A-E5B1-4991-A66F-22BD4125CEEA}\mpengine.dll
    2011-06-21 02:05 . 2011-06-21 02:05 -------- d-----w- c:\windows\system32\SPReview
    2011-06-21 02:03 . 2011-06-21 02:03 -------- d-----w- c:\windows\system32\EventProviders
    2011-06-20 22:19 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
    2011-06-20 22:19 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2011-06-20 22:19 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2011-06-20 22:19 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-06-20 22:19 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2011-06-20 22:19 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
    2011-06-20 22:19 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
    2011-06-20 22:19 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-06-20 22:19 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-06-20 22:17 . 2010-11-20 13:27 266240 ----a-w- c:\windows\system32\QAGENT.DLL
    2011-06-20 22:16 . 2010-11-20 13:44 1077248 ----a-w- c:\windows\system32\Narrator.exe
    2011-06-20 22:15 . 2010-11-20 13:27 39424 ----a-w- c:\windows\system32\Spool\prtprocs\x64\winprint.dll
    2011-06-20 22:14 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
    2011-06-20 22:14 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
    2011-06-20 22:14 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
    2011-06-20 22:13 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
    2011-06-20 22:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2011-06-20 22:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2011-06-20 22:07 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-06-20 22:07 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-06-20 22:07 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-06-20 22:07 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-06-20 22:06 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-06-20 22:05 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2011-06-20 22:05 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2011-06-20 14:45 . 2011-06-21 03:11 -------- d-----w- c:\programdata\NOS
    2011-06-20 14:45 . 2011-06-20 14:45 -------- d-----w- c:\program files (x86)\NOS
    2011-06-16 00:36 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-16 00:36 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 00:36 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2011-06-16 00:36 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 00:36 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 00:36 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 00:36 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
    2011-06-16 00:35 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-16 00:35 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 00:35 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 00:35 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 00:35 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-06-16 00:35 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 00:35 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-06-15 02:32 . 2011-06-16 20:41 -------- d-----w- c:\programdata\Skype Extras
    2011-06-15 02:32 . 2011-06-15 02:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2011-06-13 01:01 . 2011-06-20 14:45 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-12 17:38 . 2011-06-12 17:38 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-06-07 04:41 . 2011-06-07 04:41 -------- d-----w- c:\users\Dan-LT\AppData\Local\{B82AC0BC-0592-4253-B53E-54D1CCED2863}
    2011-06-06 20:21 . 2011-06-06 20:21 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\picpick
    2011-06-04 07:20 . 2011-06-04 07:20 -------- d-----w- c:\users\Dan-LT\AppData\Local\_
    2011-05-29 20:00 . 2011-05-29 20:00 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\SynthMaker
    2011-05-29 19:57 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
    2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\programdata\Acoustica
    2011-05-29 19:57 . 2011-05-29 19:57 -------- d-----w- c:\program files (x86)\VST
    2011-05-29 19:54 . 2011-05-29 19:54 -------- d-----w- c:\users\Dan-LT\AppData\Roaming\Acoustica
    2011-05-29 19:54 . 2009-12-14 19:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
    2011-05-29 19:53 . 2011-05-29 19:59 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
    2011-05-24 21:42 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-24 17:52 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-24 17:52 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-21 02:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-21 02:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-05-29 13:11 . 2010-04-20 01:05 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2010-04-19 18:13 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 23:14 . 2010-03-02 18:33 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-05-04 13:43 . 2011-05-04 13:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-05-04 13:43 . 2011-05-04 13:43 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-05-04 13:43 . 2011-05-04 13:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-05-04 13:43 . 2011-05-04 13:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-05-04 13:43 . 2011-05-04 13:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-05-04 13:43 . 2011-05-04 13:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-05-04 13:43 . 2011-05-04 13:43 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-05-04 13:43 . 2011-05-04 13:43 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-05-04 13:43 . 2011-05-04 13:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-05-04 13:43 . 2011-05-04 13:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-05-04 13:43 . 2011-05-04 13:43 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-05-04 13:43 . 2011-05-04 13:43 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-05-04 13:43 . 2011-05-04 13:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-05-04 13:43 . 2011-05-04 13:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-05-04 13:43 . 2011-05-04 13:43 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-05-04 13:43 . 2011-05-04 13:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-05-04 13:43 . 2011-05-04 13:43 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-05-04 13:43 . 2011-05-04 13:43 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-05-04 13:42 . 2011-05-04 13:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-04 13:42 . 2011-05-04 13:42 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-05-04 13:42 . 2011-05-04 13:42 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-05-04 13:42 . 2011-05-04 13:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-04 13:42 . 2011-05-04 13:42 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-05-04 13:42 . 2011-05-04 13:42 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-05-04 13:42 . 2011-05-04 13:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-05-04 13:42 . 2011-05-04 13:42 448512 ----a-w- c:\windows\system32\html.iec
    2011-05-04 13:42 . 2011-05-04 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-04 13:42 . 2011-05-04 13:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-04 13:42 . 2011-05-04 13:42 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-05-04 13:42 . 2011-05-04 13:42 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-05-04 13:42 . 2011-05-04 13:42 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-04 13:42 . 2011-05-04 13:42 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-04 13:42 . 2011-05-04 13:42 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-05-04 13:42 . 2011-05-04 13:42 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-04 13:42 . 2011-05-04 13:42 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-05-04 13:42 . 2011-05-04 13:42 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-05-04 13:42 . 2011-05-04 13:42 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-05-04 08:52 . 2010-04-20 05:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
    2011-04-13 19:04 . 2011-04-13 19:04 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2011-04-12 01:19 . 2011-04-12 01:19 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
    2011-04-12 01:19 . 2011-04-12 01:19 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
    2011-04-09 07:02 . 2011-05-11 16:13 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:02 . 2011-05-11 16:13 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 16:13 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
    2011-03-25 03:29 . 2011-05-11 16:13 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-03-25 03:29 . 2011-05-11 16:13 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-03-25 03:29 . 2011-05-11 16:13 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-03-25 03:29 . 2011-05-11 16:13 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-03-25 03:29 . 2011-05-11 16:13 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-03-25 03:29 . 2011-05-11 16:13 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-03-25 03:28 . 2011-05-11 16:13 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    .
     
  12. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
    .
     
  13. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  14. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  15. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  16. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  17. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  18. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  19. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))
     
  20. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    Edit: Lengthy Snapshot deleted by Bobbye
    ((((((((((((((((((((((((((((( SnapShot@2011-06-17_15.59.03 )))))))))))))))))))))))))))))))))))))))))

    -- Snapshot reset to current date --
     
  21. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
    "LVCOMS"="c:\program files (x86)\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
    "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
    R3 ALSysIO;ALSysIO;c:\users\Dan-LT\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
    R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
    R4 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    R4 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
    R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
    R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
    .
    2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 23:44]
    .
    2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001Core.job
    - c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
    .
    2011-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3767059194-2169123214-450175519-1001UA.job
    - c:\users\Dan-LT\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 02:13]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-16 23:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF28115.cfxxe" [X]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Dan-LT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    LSP: c:\windows\system32\VilonguLSP.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{79FE0CC7-3458-4EB0-9DE4-247CA439DBF0}: NameServer = 10.54.56.1
    FF - ProfilePath - c:\users\Dan-LT\AppData\Roaming\Mozilla\Firefox\Profiles\87qe5y5f.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
    FF - prefs.js: network.proxy.socks - 24.1.228.237
    FF - prefs.js: network.proxy.socks_port - 1191
    FF - prefs.js: network.proxy.type - 4
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3767059194-2169123214-450175519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-21 14:56:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-21 18:56
    ComboFix2.txt 2011-06-17 16:01
    .
    Pre-Run: 63,861,915,648 bytes free
    Post-Run: 63,498,932,224 bytes free
    .
    - - End Of File - - 4796474FFB1830C21FF5BBE4B1A0F454
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology- I should have suggested you remove it instead. It isn't a good program and the IOBit download pages are rated low in Trustworthiness and Vendor Reliability

    Please do a System Restore using this Restore Point> RP324: 6/16/2011 3:00:22 AM - Windows Update or later if there has been one set between 6/16 and 6/21 when you ran the Combofix script.
    ======================================
    Please note: I have looked at the Snapshot in Combofix. I am going to delete these lengthy entries.



    Edit: Just noticed you left the rest of Combofix at same time I was posting. Thank you.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding this entry:
    This SHA256 shows that it is a variant:
    See http://en.wikipedia.org/wiki/SHA-2

    Perhaps you would be more comfortable if you ran it again:
    Please go to VirSCAN.org FREE on-line scan service:


    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
      svchost.exe
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.*****

    ***** After you click on Copy to the clipboard Please open Notepad> Format> Uncheck Word Wrap> Paste that copy in Notepad using either right click> Paste or using Ctrl V.

    It was very difficult to read the log you left.

    FYI: the designation of Win32.TrojanHorse is a generic finding. I am not concerned about this. None of the other scanners found anything and the Eset scan had entries in the Java cache.
     
  24. Problemsrbad

    Problemsrbad TS Rookie Topic Starter Posts: 117

    ok, thanks. What do you suggest I use instead of ASC?

    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/27 11:43:51 (EDT)
    Scanner results: Scanners did not find malware!
    File Name : svchost.exe
    File Size : 20992 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 54a47f6b5e09a77e61649109c6a08866
    SHA1 : 4af001b3c3816b860660cf2de2c0fd3c1dfb4878
    Online report : http://file.virscan.org/report/a547c9efcc301cbeb3513c54a17493d3.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110327010737 2011-03-27 5.25 -
    AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 1.57 -
    AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.30 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
    Arcavir 2010 201103240801 2011-03-24 0.00 -
    Authentium 5.1.1 201103271446 2011-03-27 1.48 -
    AVAST! 4.7.4 110327-0 2011-03-27 0.01 -
    AVG 8.5.850 271.1.1/3516 2011-03-19 0.25 -
    BitDefender 7.90123.7001104 7.36817 2011-03-27 6.33 -
    ClamAV 0.96.5 12911 2011-03-26 0.01 -
    Comodo 4.0 8126 2011-03-27 1.13 -
    CP Secure 1.3.0.5 2011.03.27 2011-03-27 0.04 -
    Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.14 -
    F-Prot 4.4.4.56 20110326 2011-03-26 1.47 -
    F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.07 -
    Fortinet 4.2.254 13.48 2011-03-26 0.48 -
    GData 21.2141/21.773 20110327 2011-03-27 8.92 -
    ViRobot 20110326 2011.03.26 2011-03-26 0.43 -
    Ikarus T3.1.32.20.0 2011.03.27.78032 2011-03-27 5.46 -
    JiangMin 13.0.900 2011.03.27 2011-03-27 1.45 -
    Kaspersky 5.5.10 2011.03.27 2011-03-27 0.10 -
    KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 0.76 -
    McAfee 5400.1158 6297 2011-03-26 8.14 -
    Microsoft 1.6702 2011.03.27 2011-03-27 4.08 -
    NOD32 3.0.21 5988 2011-03-26 0.01 -
    Norman 6.07.03 6.07.00 2011-03-26 10.02 -
    Panda 9.05.01 2011.03.27 2011-03-27 3.69 -
    Trend Micro 9.200-1012 7.930.07 2011-03-27 0.03 -
    Quick Heal 11.00 2011.03.26 2011-03-26 0.97 -
    Rising 20.0 23.50.05.05 2011-03-26 2.12 -
    Sophos 3.16.1 4.62 2011-03-27 3.21 -
    Sunbelt 3.9.2486.2 8831 2011-03-26 0.64 -
    Symantec 1.3.0.24 20110326.002 2011-03-26 0.06 -
    nProtect 20110326.01 3275801 2011-03-26 7.25 -
    The Hacker 6.7.0.1 v00159 2011-03-26 0.82 -
    VBA32 3.12.14.3 20110325.1219 2011-03-25 3.65 -
    VirusBuster 5.2.0.28 13.6.272.0/48565992011-03-27 0.00 -
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, you're clear on that worry.

    As for a suggestion of what yo use instead of Advanced System Care>> in a word, nothing. Here's why:

    1. "Quick Care option includes the ability to clean your Registry. Deep Care option adds several features to Quick Care. These include a deeper Registry cleaning".>>
    We don't recommend a registry cleaner to anyone. It doesn't not make any significant difference in the system performance and most users don't understand the registry well enough to know where an entry should be removed.

    2. "perform a rudimentary malware scan": rudimentary: From dictionary.com: elementary, primitive, not elaborated or perfected, incompletely developed.
    When you do malware scans you want them to be the very opposite of this. They should be advanced, complete, fully functional

    3. "fix and remove broken shortcuts, delete junk files, and erase browsing tracks." All of this can be done from within the operating system. Browsing tracks- AKA History can be set for a shorter time and deleted whenever you want- mine is set to delete every time I close the browser.

    4. "disk defragmenting". There is a defragmenter build into the OS. All you have to do is click to run.

    5. ASC notes "Windows vulnerability fix" and a "Passive Defense": However they do not readily define what they do.

    (Most of the quoted material above was taken from a description of the program on CNet. The opinions are all mine!)
    ================================================
    My personal feeling is that I want to have control over my system. I know what it can do. I know when to do it. I know how to start troubleshooting if there is a problem.

    On the other hand, if you want a software program to run your system, decide when to do what and how to do it, then maybe you should put some programs on the system to do it- but keep in mind: they will take up 'space' on the hard drive and they will use RAM when they run. Most will also contact the internet daily, several times a day, looking for 'updates.' The only auto-update I allow is the AV program.

    It just depends on who you want to be the boss!

    "a system optimization option with several optimization presets." System optimizers use system resources. In order to give the information, they need to run all the time. They are high resource user. transparent with how they'll affect your computer. Fortunately, the program's log records all of its activities. We'd just like to find out how a program like this is going to change our computer before it effects those changes.

    "Turbo Boost will disable core system services in an attempt to accelerate your computer's performance" >> No commented needed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...