Solved Network virus causing internet to lose connection

Status
Not open for further replies.
J

jeffrey7

Posts: 16   +0
Unfortunately, I never wanted to ever have to write concerning a virus. But the problem has now arisen. I've taken preventive measures time and time again. Avast Virus Protection, CCleaner, Spyboy S&D. Always staying clear of unfamiliar websites and making sure I didn't open shady e-mails, messages, and downloads.

The problem is this. I had a family member Sunday night get on who know's how many pornography websites. This family member downloaded videos on my laptop while I was out of the house for the evening. The family member downloaded 6 pornographic videos. I have my laptop, then as well, this family member had gotten on the home desktop computer March 20th and downloaded one pornographic video.

There hasn't been any noticeable problems on the desktop, but their still could be problems on the computer. The main thing is my laptop. I found the pornographic movies (six of them) on my laptop last night (Monday) and proceeded to remove. After I removed them, I began to experience problems with my network. It has been persistent even until now. I've run Avast two or three times. Also run CCleaner, Spybody S&D, Malware Anti-bytes, and Rkill.

The laptop will connect to the internet, but once I click to open up Google Chrome, shortly there after, the internet shuts itself off and restarts the process of connecting. I've already un-clicked the option of auto-connect to the specified network. This virus is a tricky one, I've done what I know to do and it's not work. I look unto you guys for help and wisdom in knowing what to do.

The problem with the family member looking at pornography has also been fixed (changed password, they won't be getting it ever again.) So please help if you can, I'd be greatly appreciative.

Thanks,
Taylor


(Desktop Computers Hijack This Log)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:47:09 PM, on 4/19/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Users\Home\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\UberIcon\UBERIC~1.EXE
C:\PROGRA~1\Yzshadow\YzShadow.exe
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE
C:\PROGRA~1\VIRTUA~1\modules\WinList.exe
C:\PROGRA~1\ROCKET~1\ROCKET~1.EXE
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Home\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [sllaunch] C:\Windows\system32\sllaunch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6904 bytes
 
Welcome to TechSpot! I'll help sort this out.

It sounds like you've done some trouble shooting on your own. But the one thing you left out is a check of the settings, Services, etc. But we do not 'screen' for malware using HijackThis.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

If you have Malwarebytes on the system, please be sure to update and run a new scan.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I don't have enough information to determine if the problem is malware related or system related- possibly even both. The logs will help me determine that.

I do have 2 questions:
1. Do you connect remotely to the computer?
2. Did you recently install the following? Did the problem begin after the install?
C:\PROGRA~1\UberIcon\UBERIC~1.EXE
C:\PROGRA~1\Yzshadow\YzShadow.exe
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE
C:\PROGRA~1\VIRTUA~1\modules\WinList.exe
C:\PROGRA~1\ROCKET~1\ROCKET~1.EXE

I would also like to caution you: IF the family member used a flash drive between the systems and we find this to be caused by malware, the flash drive would most likely also be infected and need to be disinfected. So don't use it between the systems and if needed for you to download to the flash drive to get the scanning programs, I will give disinfecting instructions first.

Please also know, that since you have mentioned both the laptop and desktop, this thread will address the laptop only. If needed later, I will have you start a separate thread for the desktop.
 
Gotcha gotcha. Scratch that Hijackthis log, that was from my desktop. What I went ahead and did, I have a portable external hard drive that I'm using to haul TFC, DDS, and GMER to the laptop (since the laptop can't connect to the internet for anytime at all to download). I'll need to get that scanner of yours for my ext. hard drive since I'm having to connect it to my laptop.

I'll go ahead and post the report that Gmer gave, as well the DDS log. If you want, I can post the Attach log as well if needed.

I'll go ahead and attach the logs here for my laptop.

I appreciate it, thanks Bobbye.

Taylor
 

Attachments

  • GMER log of Taylors Laptop 4-19-2011.txt
    31.5 KB · Views: 0
  • DDS report.txt
    16.3 KB · Views: 1
Just re-read the post haha, noticed about attached documents won't be read. Here's the pasted ones.

GMER log:


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-19 20:40:18
Windows 6.1.7601 Service Pack 1
Running: 77qqqhdz.exe


---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r131 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba} 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\attrib 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk 8192 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log 1048576 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D5F.log 1048576 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D60.log 1048576 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D61.log 1048576 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome\User Data 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Cache 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R3FIZ18 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8R3FIZ18\desktop.ini 67 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 49152 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNEYZ0JD 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNEYZ0JD\desktop.ini 67 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEIH52PS 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEIH52PS\desktop.ini 67 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKUQ61H 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYKUQ61H\desktop.ini 67 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini 67 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun\Java 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Macromedia 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Macromedia\Flash Player 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\r131\TFC.exe_{4f396aba-6acf-11e0-99ff-a4badbc553ba}\image\Windows\Temp 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 25600 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{f6441f25-6a8c-11e0-82a8-a4badbc553ba}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{f6441f25-6a8c-11e0-82a8-a4badbc553ba}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{f6441f25-6a8c-11e0-82a8-a4badbc553ba}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\rkill.log 633 bytes
File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Explorer 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMCNQUY9 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMCNQUY9\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFVXZHP9 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFVXZHP9\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEJPHA4D 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEJPHA4D\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P776KH7Y 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P776KH7Y\desktop.ini 67 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\curo.reg 220 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\extra.dat 472 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\h 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\h\explorer.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\h\iexplore.exe 1536 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\lmro.reg 600 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\lmroe.reg 74 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nircmd.chm 38015 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nircmd.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nircmdc.exe 30720 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nird 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\nird\iexplore.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\pev.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\prep.bat 68 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs\explorer.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs\iexplore.exe 255488 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\procs\proc.dat 11031 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\proxycheck.exe 302187 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\rkill.bat 5003 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\rkill.reg 3087 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\s.inf 1081 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\sed.exe 98816 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\serv.dat 190 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\sh.vbs 313 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\swreg.exe 161792 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\userinit.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\winlogon.exe 31232 bytes executable
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Local\Temp\RarSFX0\wl.txt 323 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Users\Taylor\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\INF\setupapi.app.log 3066458 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf 15660 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Rescache 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Rescache\rc0007 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Rescache\rc0007\rescache.hit 4192 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\System32\DriverStore 0 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 11202 bytes

---- EOF - GMER 1.0.15 ----











DDS Log:


.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Taylor at 21:14:46.58 on Tue 04/19/2011
Internet Explorer: 9.0.8080.16413
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1697 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\ico.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Taylor\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [Mouse Suite 98 Daemon] ICO.EXE
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-2 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-22 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-2 280408]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-2 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-2 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-24 42184]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-26 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-28 705856]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-3 215552]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-24 136176]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
.
=============== Created Last 30 ================
.
2011-04-19 15:03:07 -------- d-----w- C:\Users\Taylor\AppData\Roaming\Malwarebytes
2011-04-19 15:03:02 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-19 15:03:01 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-19 15:02:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-19 15:02:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-15 01:52:14 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
2011-04-14 02:49:57 -------- d-----w- C:\PROGRA~3\LogMeIn
2011-04-14 02:49:47 -------- d-----w- C:\Program Files (x86)\LogMeIn
2011-03-26 20:07:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-26 20:07:28 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-03-01 07:50:25 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-01 07:50:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-24 06:15:44 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 13:57:01 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 13:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-22 23:29:58 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
2011-02-21 22:27:50 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-02-03 01:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2009-08-20 08:13:26 9815040 ----a-w- C:\Program Files\openofficeorg31.msi
2009-03-26 10:36:32 451928 ----a-w- C:\Program Files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- C:\Program Files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- C:\Program Files\instmsia.exe
.
============= FINISH: 21:15:31.18 ===============




















Note as well, I'm using my desktop to do all of my internet access, downloading, etc. while the laptops network is messed up. This is going to be a doozy to fix I'm thinking.
 
If I could, I ask again for help with this situation. If it's not fixed soon I will require the family member to pay someone to fix my computer for me or buy me a totally new computer. For this person's sake, as well mine, please someone help.

Thanks everyone.

Taylor
 
If it's not fixed soon I will require the family member to pay someone to fix my computer for me or buy me a totally new computer. For this person's sake, as well mine, please someone help.
Click to expand...

You are getting free help here given by all volunteers. It requires patience. IF you don't have that, spend the $$$.
=====================================================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
======================================
Pease note: I will not get back to this thread until tomorrow.
 
Alrighty, thanks Bobbye for the help with Combofix. I've got the script from the notepad here.


ComboFix 11-04-23.02 - Taylor 04/24/2011 12:41:24.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1840 [GMT -4:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\Taylor\AppData\Roaming\inst.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 16:47 . 2011-04-24 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 01:25 . 2011-04-23 03:13 -------- d-----w- c:\users\Taylor\AppData\Roaming\IObit
2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\programdata\IObit
2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\program files (x86)\IObit
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
2011-03-26 20:07 . 2011-04-19 05:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-26 20:07 . 2011-03-26 20:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-13 04:47 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-13 04:47 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 14:04 . 2010-07-02 06:09 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 14:04 . 2011-01-21 22:08 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:57 . 2010-07-02 06:10 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:57 . 2011-02-22 18:38 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 13:55 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
2011-02-21 22:27 . 2010-06-30 04:16 40648 ----a-w- c:\windows\avastSS.scr
2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
.
**************************************************************************
.
Completion time: 2011-04-24 12:54:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-24 16:54
.
Pre-Run: 163,784,753,152 bytes free
Post-Run: 163,618,410,496 bytes free
.
- - End Of File - - 1CD23EDFC8C0AA5B97C4BBB38EE59DFA
 
Sorry- my internet was down:

Please run this Custom Script

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DXSETUP.exe
c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DSETUP.dll
c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\dsetup32.dll
c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DSETUP.dll
c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DXSETUP.exe
c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\dsetup32.dll
c:\users\Marc\AppData\Local\Blegozab.bin
Folder::
c:\program files\Driver-Soft
c:\programdata\jEcIbKpEnAi06504
 c:\programdata\oHk06511aGpMj06511
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================================
How is the system running now?
 
Hey there Bobbye. Thanks again bro for the help. Here's the new log. (Hope this worked right haha :) )

ComboFix 11-04-23.02 - Taylor 04/25/2011 22:06:35.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1430 [GMT -4:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 02:04 . 2011-04-26 02:05 -------- d-----w- C:\32788R22FWJFW
2011-04-21 01:25 . 2011-04-23 03:13 -------- d-----w- c:\users\Taylor\AppData\Roaming\IObit
2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\programdata\IObit
2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\program files (x86)\IObit
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-13 04:47 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-13 04:47 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 14:04 . 2010-07-02 06:09 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 14:04 . 2011-01-21 22:08 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:57 . 2010-07-02 06:10 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:57 . 2011-02-22 18:38 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 13:55 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:55 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 13:54 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
2011-02-21 22:27 . 2010-06-30 04:16 40648 ----a-w- c:\windows\avastSS.scr
2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-24_16.49.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-26 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 16:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2011-04-24 16:26 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-26 01:45 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-02 02:44 . 2011-04-26 01:45 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3613868978-245932973-150743863-1000_UserData.bin
- 2011-04-24 16:47 . 2011-04-24 16:47 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-25 03:39 . 2011-04-25 03:39 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-26 01:36 . 2011-04-26 01:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-26 01:36 . 2011-04-26 01:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-26 01:36 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2011-04-24 16:48 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2011-04-24 16:48 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-04-26 01:36 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2010-06-05 02:19 . 2011-04-25 03:39 274976 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-04-24 16:47 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-25 03:39 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3613868978-245932973-150743863-1000UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-25 23:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-25 22:41:28
ComboFix-quarantined-files.txt 2011-04-26 02:41
ComboFix2.txt 2011-04-24 16:54
.
Pre-Run: 163,407,826,944 bytes free
Post-Run: 163,857,072,128 bytes free
.
- - End Of File - - 2422CF1C04BD4AAE33CD759BFB22EA26
 
When script has been run through Combofix, the following line shows in the header:
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

First Combofix scan:
ComboFix 11-04-23.02 - Taylor 04/24/2011 12:41:24.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1840 [GMT -4:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
Indicates:
Completion time: 2011-04-24 12:54:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-24 16:54
Pre-Run: 163,784,753,152 bytes free
Post-Run: 163,618,410,496 bytes free
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files\Setup.exe
c:\users\Taylor\AppData\Roaming\inst.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
Click to expand...

Log after script:
ComboFix 11-04-23.02 - Taylor 04/25/2011 22:06:35.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1430 [GMT -4:00]
Again shows Running from: c:\users\Taylor\Desktop\ComboFix.exe\ instead of:
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt[/b
Indicates:
Completion time: 2011-04-25 22:41:28
ComboFix-quarantined-files.txt 2011-04-26 02:41
No record of deletion- prior or current.
No indication it is the log run from the script.
This line is missing:
Command switches used :: c:\documents and settings\xxx \Desktop\CFScript.txt
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
ComboFix2.txt 2011-04-24 16:54
Pre-Run: 163,407,826,944 bytes free
Post-Run: 163,857,072,128 bytes free
.
Click to expand...

It looks like you just ran Combofixx twice without running the script in between.
 
Ahh gotcha, thanks Bobbye for catching that. Again, thanks for your patience. Here's the new one. I got this one right :)


ComboFix 11-04-23.02 - Taylor 04/27/2011 19:25:53.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1802 [GMT -4:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
Command switches used :: c:\users\Taylor\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DSETUP.dll"
"c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\dsetup32.dll"
"c:\program files\Common Files\Windows Live\.cache\210228eb1cbfe9710\DXSETUP.exe"
"c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DSETUP.dll"
"c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\dsetup32.dll"
"c:\program files\Common Files\Windows Live\.cache\228677581cbfe9711\DXSETUP.exe"
"c:\users\Marc\AppData\Local\Blegozab.bin"
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 23:39 . 2011-04-27 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 01:25 . 2011-04-23 03:13 -------- d-----w- c:\users\Taylor\AppData\Roaming\IObit
2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\programdata\IObit
2011-04-21 01:25 . 2011-04-21 01:25 -------- d-----w- c:\program files (x86)\IObit
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 03:43 . 2010-07-04 04:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-26 03:43 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-26 03:43 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-26 03:43 . 2010-07-04 04:43 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-18 17:25 . 2010-06-30 04:16 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-07-02 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:25 . 2011-01-21 22:08 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:18 . 2010-07-02 06:10 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:17 . 2011-02-22 18:38 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:16 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-24_16.49.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-27 23:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-27 23:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 16:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-27 23:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-02 06:03 . 2011-04-26 15:56 63246 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-24 16:26 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-27 23:16 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-02 02:44 . 2011-04-27 23:16 20228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3613868978-245932973-150743863-1000_UserData.bin
- 2011-04-24 16:47 . 2011-04-24 16:47 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-27 04:17 . 2011-04-27 04:17 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-27 23:14 . 2011-04-27 23:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-27 23:14 . 2011-04-27 23:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-24 16:48 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2011-04-27 23:14 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2011-04-27 23:14 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2011-04-24 16:48 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2010-06-05 02:19 . 2011-04-27 01:25 275024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-04-27 04:16 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-24 16:47 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-17 00:07 . 2011-04-21 02:00 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
+ 2010-08-17 00:07 . 2011-04-27 04:16 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9g9zknfn.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-27 20:00:11
ComboFix-quarantined-files.txt 2011-04-28 00:00
ComboFix2.txt 2011-04-26 02:41
ComboFix3.txt 2011-04-24 16:54
.
Pre-Run: 164,053,143,552 bytes free
Post-Run: 163,693,277,184 bytes free
.
- - End Of File - - FA943C5F24E93711E97280F5A4AC124C
 
Okay- now you have it! There is one other log from the DDS scan> it's named Attach.txt.. It has some additional information that will help me help you. You don't need to run the scan again, just search for it in your computer and paste it in next reply. Note: you do not have to zip it- just ignore that.

Please tell me what program you are using from IObit I'm checking the Combofix log now.

Edit: I'd also like you to run this Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Combo fix looks good- just a few entries to remove. Are you still losing the internet connection? This is not something usually due to malware> Many of the malware programs deal in stealing your information, then sending it to some particular site. If there is no connection, that can't be done.

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files  
c:\windows\Temp\logishrd\LVPrcInj02.dll
c:\windows\Temp\logishrd\LVPrcInj02.dll
c:\windows\Temp\logishrd\LVPrcInj01.dll
c:\windows\Temp\logishrd\LVPrcInj01.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================================
Let me know how the system is doing.
 
Gotcha gotcha. The Attach log from the laptop is right here.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/1/2010 10:35:08 PM
System Uptime: 4/19/2011 5:52:22 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | Microprocessor | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 152.019 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 165.031 GiB free.
Y: is FIXED (NTFS) - 15 GiB total, 8.253 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A
Device ID: PCI\VEN_8086&DEV_293A&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&EF
Manufacturer: Intel
Name: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293A
PNP Device ID: PCI\VEN_8086&DEV_293A&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&EF
Service: usbehci
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C
Device ID: PCI\VEN_8086&DEV_293C&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&D7
Manufacturer: Intel
Name: Intel(R) ICH9 Family USB2 Enhanced Host Controller - 293C
PNP Device ID: PCI\VEN_8086&DEV_293C&SUBSYS_02AA1028&REV_03\3&18D45AA6&0&D7
Service: usbehci
.
==== System Restore Points ===================
.
RP203: 3/15/2011 7:03:05 PM - Installed Adobe Reader X.
RP204: 3/22/2011 11:33:01 PM - Scheduled Checkpoint
RP205: 3/25/2011 12:32:17 AM - Windows Update
RP206: 4/2/2011 12:10:27 AM - Scheduled Checkpoint
RP207: 4/10/2011 12:09:47 AM - Scheduled Checkpoint
RP208: 4/13/2011 10:49:22 PM - Installed LogMeIn
RP209: 4/13/2011 11:04:36 PM - Installed Java(TM) 6 Update 24
RP210: 4/14/2011 9:38:41 PM - Windows Update
RP211: 4/19/2011 6:11:42 PM - Removed Dell Getting Started Guide.
RP212: 4/19/2011 7:26:29 PM - Removed Google Earth Plug-in.
RP213: 4/19/2011 7:27:16 PM - Removed LogMeIn
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
avast! Free Antivirus
Banctec Service Agreement
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Digital Voice Recorder
DVD Shrink 3.2
Feedback Tool
Google Chrome
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
Handbrake 0.9.4
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 24
Junk Mail filter update
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NOOK for PC
PowerDVD DX
QuickTime
Roxio Burn
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.1
SmartSound Common Data
SmartSound Quicktracks 5
Spybot - Search & Destroy
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VLC media player 1.1.7
VoiceOver Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
4/19/2011 9:59:32 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/19/2011 7:52:22 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/19/2011 7:36:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
4/19/2011 7:09:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
4/19/2011 6:20:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
4/19/2011 5:52:58 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.
4/19/2011 5:52:42 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
4/19/2011 5:52:38 PM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
4/19/2011 1:40:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
4/17/2011 11:42:08 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
4/15/2011 12:49:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
4/14/2011 11:48:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/14/2011 1:10:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================



I used IObit thinking it might be able to pick something up. I reacted to soon and wasn't thinking straight. I scanned my computer with it and I think I may have filled a few security holes. But that's all I remember. I'm not for sure if I ran a ccleaner like option that it had or no. I could be thinking of my desktop computer that I did that on.


I'll go ahead and run Security Check real quick and post it in my next post.

One more thing before I go as well, my laptop, at least from what I've seen, it hasn't been dropping the internet connection. I worry though that their could be some problems still within it. I'm not sure. Anytime you open yourself up to pornography your going to get hurt and i don't want to do anymore banking/private services until I know for sure I'm safe.
 
Here's the checkup log as you asked for Bobbye. Thanks.

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 16
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````
 
Okay, so here are the OTM "logs" that I had to get. The first time I ran OTM it got over half way thru and my laptop completely froze in processing. OTM stopped responding, Window's Explorer became unresponsive, after waiting a while the only option was to manually shut down the laptop.

It still opened a notepad .txt document when I turned the laptop on again. The first log is the log that I got when the computer became unresponsive. I ran OTM again since it wasn't able to fully get thru it's processes and the second .txt is the full scan that OTM was able to get thru.

(Also Note: OTM asked me on the last scan to reboot and I did. That's what produced the 2nd Scan log for me.)

1st Scan:


Files moved on Reboot...
File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VG7A34G6\background-banner-middle-v45[1].jpg moved successfully.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R6DD9TY\background_banner_green_50_v45[1].jpg moved successfully.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R6DD9TY\background_button_green_full[2].png moved successfully.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R6DD9TY\list-item-plus[1].png moved successfully.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CJI8NGS\background-banner-right-v45[1].jpg moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



2nd Scan:

All processes killed
========== FILES ==========
LoadLibrary failed for c:\windows\Temp\logishrd\LVPrcInj02.dll
File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\Temp\logishrd\LVPrcInj02.dll
File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in c:\windows\Temp\logishrd\LVPrcInj01.dll
File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in c:\windows\Temp\logishrd\LVPrcInj01.dll
File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Taylor
->Temp folder emptied: 1767899 bytes
->Temporary Internet Files folder emptied: 64639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8327991 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241296 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 323798553 bytes

Total Files Cleaned = 319.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04282011_130009

Files moved on Reboot...
File move failed. c:\windows\Temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
File move failed. c:\windows\Temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...




Sorry again about that Bobbye, hopefully nothing has gotten messed up now. Also a side note, my Avast! logo isn't showing in my current running processes in Task Manager or at the Bottom right of Windows on boot up. I have to manually double click the Avast! icon that's on my desktop in order for it to start running. I've check to make sure, "Start on Boot up" is clicked. But the problem still persists. I don't know if it's something as easy as doing a reinstall of Avast! or if it's something malware has done. I dunno. Thanks again.
 
Just want to mention this: Total Files Cleaned = 319.00 mb from the OTM log. That is a lot of files! The program is set to remove temp files and cache file also. These were in your account:
User: Taylor
->Temp folder emptied: 1767899 bytes
->Temporary Internet Files folder emptied: 64639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8327991 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
Click to expand...

You might want to check your browser settings regarding temp folders and temporary internet files. You can control this as follows in Firefox:
Tools> Options> Privacy section> Uncheck 'Remember download history'> Reset the History days to fewer (mine is set for only 3 days)> 'Remember Search & form history' is optional>> I don't have this checked.

If you use Internet Explorer: Tools> Internet Options> General tab> Temporary internet files click on Settings> Check 'Never'> Move slider to the left, decreasing space allowed> Advanced tab> Security section> Check 'Empty TIF folder when browser is closed.'> OK> Apply> OK

This, along with routine disc cleanup, defrag, error check will keep things you don't need from taking up space and using memory.
========================================
I'm not sure what you're saying about Notepad opening when you startup, but try this:
Go to Folder Options in the Control Panel> Click on View tab> Make sure this is checked 'do not show hidden files and folders.' Make sure this is checked 'Hide protected and system files (Recommended)'> Click on Apply> OK. Reboot and see if Notepad is gone.
======================================
The most common program from IObit that I see is Advanced System Care.. I always advise uninstall because neither is the program good, nor the site considered safe. But you have a couple of entries left:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
KillAll::
File::
Folder::
c:\programdata\IObit
c:\program files (x86)\IObit
c:\users\Taylor\AppData\Roaming\IObit
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Suggest you update the Windows Installer. You v2.0 from 2002. I think it's v5 now.
 
Hey there Bobbye. Sorry for the mix up. Notepad doesn't open up everytime I boot up. In my response I was saying when my computer became unresponsive during the OTM, that on reboot the log of that OTM scan showed up in Notepad (sorry for confusion). I got the Combofix scan log, I was also wondering what you thought about the avast! issue. Thanks Bobbye, I appreciate it.

ComboFix 11-04-23.02 - Taylor 04/28/2011 16:17:38.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1755 [GMT -4:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
Command switches used :: c:\users\Taylor\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit
c:\program files (x86)\IObit\IObit Security 360\Downloaded\silverlight.exe.tmp
c:\program files (x86)\IObit\IObit Security 360\IS360DataBase.db
c:\program files (x86)\IObit\IObit Security 360\license.dat
c:\program files (x86)\IObit\IObit Security 360\Quarantine Zone\info.db
c:\program files (x86)\IObit\IObit Security 360\SecurityHoles.db
c:\program files (x86)\IObit\IObit Security 360\SecurityHoles.ini
c:\program files (x86)\IObit\IObit Security 360\unins000.exe
c:\program files (x86)\IObit\IObit Security 360\UpdateLog.txt
c:\programdata\IObit
c:\programdata\IObit\IObit Security 360\config.ini
c:\programdata\IObit\IObit Security 360\Ignore.ini
c:\programdata\IObit\IObit Security 360\PD_Stat.ini
c:\programdata\IObit\IObit Security 360\PS_Config.ini
c:\users\Taylor\AppData\Roaming\IObit
c:\users\Taylor\AppData\Roaming\IObit\Advanced SystemCare V4\Main.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 20:31 . 2011-04-28 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-28 16:28 . 2011-04-28 16:28 -------- d-----w- C:\_OTM
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\users\Taylor\AppData\Roaming\Malwarebytes
2011-04-19 15:03 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-19 15:03 . 2011-04-19 15:03 -------- d-----w- c:\programdata\Malwarebytes
2011-04-19 15:02 . 2011-04-19 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-19 15:02 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 01:52 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE7F8EAF-F550-4F8A-84D1-A90DE552CE59}\mpengine.dll
2011-04-14 03:05 . 2011-04-14 03:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\programdata\LogMeIn
2011-04-14 02:49 . 2011-04-19 23:27 -------- d-----w- c:\program files (x86)\LogMeIn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-26 03:43 . 2010-07-04 04:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-26 03:43 . 2010-08-18 16:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-26 03:43 . 2010-08-18 16:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-26 03:43 . 2010-07-04 04:43 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-23 02:20 . 2010-08-18 17:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-23 02:20 . 2010-07-04 04:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-23 02:20 . 2010-07-04 04:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-23 02:19 . 2010-08-26 04:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-18 17:25 . 2010-06-30 04:16 40112 ----a-w- c:\windows\avastSS.scr
2011-04-18 17:25 . 2010-07-02 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-18 17:25 . 2011-01-21 22:08 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:18 . 2010-07-02 06:10 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:17 . 2011-02-22 18:38 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-18 17:16 . 2010-07-02 06:10 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-07-02 06:10 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-07-02 06:10 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:13 . 2010-07-02 06:10 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-13 13:43 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:02 . 2011-03-01 15:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-01 15:02 . 2011-03-01 15:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-01 15:02 . 2011-03-01 15:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-01 15:02 . 2011-03-01 15:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-01 15:02 . 2011-03-01 15:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-01 15:02 . 2011-03-01 15:02 448512 ----a-w- c:\windows\system32\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-01 15:02 . 2011-03-01 15:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-01 15:02 . 2011-03-01 15:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-01 15:02 . 2011-03-01 15:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-01 15:02 . 2011-03-01 15:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-01 15:02 . 2011-03-01 15:02 2272768 ----a-w- c:\windows\system32\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 1791488 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-01 15:02 . 2011-03-01 15:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 161280 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-01 15:02 . 2011-03-01 15:02 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-01 15:02 . 2011-03-01 15:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-01 15:02 . 2011-03-01 15:02 1490944 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-01 15:02 . 2011-03-01 15:02 1426432 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-01 15:02 . 2011-03-01 15:02 1387520 ----a-w- c:\windows\system32\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-01 15:02 . 2011-03-01 15:02 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-01 15:02 . 2011-03-01 15:02 1125376 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-01 15:02 . 2011-03-01 15:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-01 15:02 . 2011-03-01 15:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-01 15:02 . 2011-03-01 15:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-01 07:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-01 07:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-22 23:29 . 2011-02-22 23:23 20364702 ----a-w- C:\vlc-1.1.7-win32.exe
2011-02-19 12:05 . 2011-03-14 21:11 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-14 21:11 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-14 21:11 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-14 21:11 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-14 21:11 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 01:40 . 2010-07-02 07:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2010-07-02 06:50 270720 ------w- c:\windows\system32\MpSigStub.exe
2009-08-20 08:13 . 2009-08-20 08:13 9815040 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-24_16.49.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-28 20:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-24 16:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-28 20:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-28 20:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 16:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-02 06:03 . 2011-04-28 20:35 63730 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-24 16:26 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-28 20:36 41176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-02 02:44 . 2011-04-28 20:36 20446 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3613868978-245932973-150743863-1000_UserData.bin
+ 2011-04-28 20:31 . 2011-04-28 20:31 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-04-24 16:47 . 2011-04-24 16:47 3062 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-28 20:32 . 2011-04-28 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-28 20:32 . 2011-04-28 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-24 16:48 . 2011-04-24 16:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-28 20:32 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2011-04-24 16:48 . 2009-10-07 06:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2011-04-24 16:48 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-04-28 20:32 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2010-06-05 02:19 . 2011-04-28 18:25 275096 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-04-28 20:31 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-04-24 16:47 467464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-17 00:07 . 2011-04-21 02:00 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
+ 2010-08-17 00:07 . 2011-04-28 20:31 2517364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3613868978-245932973-150743863-1000-12288.dat
- 2009-07-14 02:34 . 2011-04-15 02:02 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-04-28 16:30 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-30 560128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-25 23:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-01-18 368640]
"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-05 94720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9g9zknfn.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2011-04-28 17:04:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-28 21:04
ComboFix2.txt 2011-04-28 00:00
ComboFix3.txt 2011-04-26 02:41
ComboFix4.txt 2011-04-24 16:54
.
Pre-Run: 163,188,789,248 bytes free
Post-Run: 163,116,867,584 bytes free
.
- - End Of File - - 77FA2BA0ACFE26BF1AC35FCCF1E9CAA6
 
About Avast: I went back to the DDS log to see if there was ant error related to Avast. There wasn't. But I did find this:
4/19/2011 5:52:58 PM, Error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the file specified.

You can disable that Service: Start> Run> type in services.msc> enter> Double click on the McAfee Service> Set the Startup type to Disabled. Exit Services.
============================================
But you can check for the Avast icon in the Notification Area this way:
Right click on the Taskbar> Properties> In the Notification ares Check 'Hide inactive icons'> Then check Customize Find the icon for Avast and make sure the dialog box is set to Always Show> Then close.

To see if the entries are checked on the Startup Menu using the msconfig utility:
  • Click on the Windows 7 start icon in the bottom left corner of your screen.
  • Type MSCONFIG in the search box> press enter or double-click on the MSCONFIG program that appears in the search results.
    msconfig_win7_2.gif
  • Click on Selective Startup
  • Click on the Startup tab. You will now see the System Msconfig Utility
    msconfig_win7_4.gif


    Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services. So most of the startup items you see here are optional.
  • If there are any Avast entries that are not checked, Please check.
  • When finished> click on OK
    Reboot the computer.
  • When you see this message come up: Check 'don't show this message again'> then Restart.
msconfig_win7_5.gif

Images courtesy NetSquirrel
============
The Combofix log is fine. I would like to mention again that you check for update for Windows Installer You have 2 entries from 2002 for the v2 version. I thin the Windows 7 version is v5, so check Microsoft updates.

Are there any remaining problems related to malware?
 
Hey there Bobbye, I think that were good. I did have a question concerning firewalls. I personally don't get on pornographic websites or anything of the like. I for the most part know which websites to go to and not to go to (I try to stay alert and safe when I'm on the web). Do you think I need to get something other than Windows Firewall? I haven't had any other problems until this, but maybe I need the extra protection???

Was just wanting your recommendation if I needed one. Again Bobbye, I thank you very much for the assistance. Thanks again.

Taylor
 
Quick update:

Check msconfig, avast! isn't even listed in the start up log anymore. I don't know why I didn't think to check that anyways, but it isn't there anymore.

On top of that, McAfee is acting awkward. McAfee SystemGuards was set to manual start up, so I turned it off to disabled. But the service McAfee Real-time Scanner you can only start the service. Everything else is grayed out (even when running services as Admin). I don't know what's up with that, but when I try to start the service to see if I can then manually disable, on starting it, it pops up with this:

Windows could not start the McAfee Real Time Scanner services on Local Computer.

Error 2: The system cannot find the file specified.

I dunno, I just updated some of WIndows updates, I'll see if that helps anything. Let me know what you think if you could Bobbye.

Taylor
 
Update:

The problem with avast! not being there on start up and msconfig still not showing is persisting. I'll reinstall to see if that will help.

The McAfee Real-time Scanner problem still persists. I dunno.
 
Please reinstall Avast if that is your antivirus programs of choice.
Please run the McAfee removal tool:

Do this in the following order:
  1. DownloadAvast Free Version again and save it to your desktop. Do not run yet
  2. Download McAfee Removal Tool and save it to your desktop.Do not run yet.
    =======================================
  3. Boot into Safe Mode
    [o] Restart your computer and start pressing the F8 key on your keyboard.
    [o] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  4. Double click on the McAfee Removal Tool to run. Follow the prompts.
  5. Double click the new Avast setup to run. If you get a message about already having it 'do you want to replace it', answer Yes.
  6. Reboot back in to Normal Mode.

Let me know if this handles the problem.
 
You're very welcome for the help Taylor.

About firewalls: Here is a very basic and non-technical description:
I have never been impressed with the Windows Firewall because it only 'listens' at incoming ports. The way firewalls work is to 'listen' at ports and hopefully prevent traffic from accessing the system. But there are both incoming and outgoing ports on the system> for instance:
When you put an address in the browser, it will use an outgoing port to request the site and the site will 'answer 'and load on the system through an incoming port.

So, if the Windows Firewall misses a scanner and malware gets into the system and is the type to send your information to a site on the internet, the Windows FW won't 'hear' it because it doesn't listed at outgoing ports.

If you are only using software Firewalls, It is better to have one that is bidirectional, that is, listens to both incoming and outgoing ports. The following free firewalls will do that:
Comodo
Zone Alarm

An alternative to this would be to use a router along with the Windows firewall. Routers have hardware firewalls built into them. I ran ZoneAlarm Firewall for years. Eventually, I got a router. I left A running for a few months, but not a single scan got past the router. So I uninstalled ZoneAlarm and enabled the Windows Firewall and I have been well protected.

Does this answer the Firewall question? When we finish, I'll have you remove the cleaning tools and give you some additional security tips.
 
Gotcha. Gotcha. The McAfee uninstaller did the job for it. Avast is working again on start up, everything seems to be working out fine.

Again my thanks Bobbye. I run off a wireless router, so I think I'll do without a software firewall. I think were finished. If you want go ahead and run me through the cleaning and tips.

Thanks again Bobbye.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back