Solved Potential Rootkit Infection?

Status
Not open for further replies.
B

BfB

Posts: 6   +0
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Upon visiting www.livernoismotorsports.com tonight, MSE popped up with the following below. However, when I hit "Remove", it would come back saying nothing was found and all was fine. I then updated my Java from version 22 to 23 (latest), as well as MSE to the latest definition from today, and then upon revisiting the website above there weren't any issues this time.

Java/CVE-2010-0840.W

Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:C:\Users\James Parker\AppData\Local\Temp\jar_cache53302636819750324.tmp->bpac/a.class
file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache1122406371245836493.tmp->bpac/a.class
file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache4528957759937422929.tmp->bpac/a.class
file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache53302636819750324.tmp->bpac/a.class
file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache5539500176732367532.tmp->bpac/a.class

Get more information about this item online.

Here are the requested scans:
Step 2: TFC ran.
Step 3: Malwarebytes Anti-Malware updated and ran with no infections found. Log below.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5382
Windows 6.1.7600
Internet Explorer 9.0.7930.16406

12/22/2010 11:13:26 PM
mbam-log-2010-12-22 (23-13-26).txt

Scan type: Quick scan
Objects scanned: 165936
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Step 4: GMER ran. Log below.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-22 23:40:23
Windows 6.1.7600
Running: vfjybj22.exe
---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4ce6e7a7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4ce6e7a7@000761a910f4 0x49 0xB0 0x9F 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?APC UPS Service?wltrys
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4372
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4ce6e7a7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4ce6e7a7@000761a910f4 0x49 0xB0 0x9F 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?APC UPS Service?wltrys

---- EOF - GMER 1.0.15 ----
Step 5: DDS ran. Logs below.
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by James Parker at 23:42:53.48 on Wed 12/22/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2149 [GMT -7:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AOL Desktop 9.6a\waol.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\aol\1270162693\ee\aolsoftware.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\OEM05Mon.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AOL Desktop 9.6a\shellmon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\James Parker\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============
uSearch Page =
uSearch Bar =
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6a\AOL.EXE" -b
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
mRun: [<NO NAME>]
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1278269957501
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.11.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
Hosts: 74.208.10.249 gs.apple.com

============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [2010-9-29 118888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57:43];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-8-26 146928]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05:03];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-10-15 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-31 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-26 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-6 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-6 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-6 94808]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\Windows\System32\drivers\OEM05Afx.sys [2007-6-8 212864]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\System32\drivers\OEM05Vfx.sys [2007-3-5 12288]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\System32\drivers\OEM05Vid.sys [2007-7-20 266720]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-4-23 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-23 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-6 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-6 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-6 94808]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-8-20 48480]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-3-16 21504]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2010-4-1 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================
2010-12-23 06:41:46 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{BDFD0D35-BA36-4C61-8B03-8D276F011E6B}\mpengine.dll
2010-12-22 19:16:13 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
2010-12-22 07:15:18 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
2010-12-21 19:14:52 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
2010-12-21 07:11:15 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
2010-12-20 19:05:52 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
2010-12-19 19:05:28 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
2010-12-18 21:13:09 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
2010-12-17 20:04:04 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
2010-12-17 03:47:22 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
2010-12-16 22:58:14 40816 ----a-w- C:\Windows\System32\drivers\ElbyCDIO.sys
2010-12-16 15:46:57 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
2010-12-16 02:38:06 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
2010-12-15 19:12:58 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2010-12-15 19:12:58 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2010-12-15 19:12:58 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2010-12-15 19:12:57 112000 ----a-w- C:\Windows\System32\consent.exe
2010-12-15 14:37:54 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
2010-12-15 00:18:21 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
2010-12-14 08:58:51 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
2010-12-13 20:58:16 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
2010-12-13 07:06:27 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
2010-12-12 19:05:59 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
2010-12-12 04:19:28 -------- d-----w- C:\Program Files (x86)\HP Tuners
2010-12-11 23:58:51 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
2010-12-11 23:37:32 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
2010-12-11 07:47:12 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
2010-12-03 00:13:15 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
2010-12-02 08:40:06 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
2010-12-02 08:08:50 -------- d-----w- C:\Windows\en
2010-12-02 08:05:45 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-12-02 08:05:45 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-12-02 08:05:44 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-12-02 08:05:44 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-12-02 08:05:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2010-12-02 08:05:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2010-12-02 08:05:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
2010-12-01 19:06:31 125512 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2010-12-01 19:06:31 125512 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2010-11-25 18:29:05 89256 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
2010-11-25 10:01:02 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-25 10:01:02 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-25 10:01:00 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-25 10:01:00 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

==================== Find3M ====================

2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-17 12:44:06 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2010-11-13 01:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-10 09:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-11-10 09:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-14 04:50:40 11344 ----a-w- C:\Windows\SysWow64\wdapi921.dll
2010-09-24 12:46:32 116752 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

============= FINISH: 23:43:29.72 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 3/31/2010 11:54:01 PM
System Uptime: 12/22/2010 11:06:18 PM (0 hours ago)

Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz | CPU | 2660/1333mhz

==== Disk Partitions =========================
C: is FIXED (NTFS) - 451 GiB total, 133.194 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.813 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&343316A1&1&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&343316A1&1&02
Service: vwifimp

==== System Restore Points ===================

RP325: 12/11/2010 9:19:03 PM - Installed HP Tuners VCM Suite 2.23.
RP326: 12/12/2010 1:11:51 AM - Windows Update
RP327: 12/13/2010 7:56:52 AM - Windows Update
RP328: 12/14/2010 5:27:58 PM - Windows Update
RP329: 12/15/2010 5:37:37 PM - Windows Update
RP330: 12/16/2010 3:00:31 AM - Windows Update
RP331: 12/16/2010 8:43:11 PM - Windows Update
RP332: 12/19/2010 10:38:05 AM - Windows Update
RP333: 12/20/2010 11:47:59 AM - Windows Update
RP334: 12/21/2010 12:21:59 PM - Windows Update
RP335: 12/22/2010 12:26:16 PM - Windows Update
RP336: 12/22/2010 10:18:54 PM - Installed Java(TM) 6 Update 23
RP337: 12/22/2010 10:32:35 PM - Windows Update

==== Installed Programs ======================
µTorrent
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.1
Advantage III
AnyDVD
AOL Uninstaller (Choose which Products to Remove)
APC PowerChute Personal Edition v2.2
Apple Application Support
Apple Software Update
ATI Catalyst Registration
AVS Video Converter 7
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CloneDVD2
Coupon Printer for Windows
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
CuteFTP 8 Professional
CyberLink PowerDVD 10
D3DX10
Dell Driver Download Manager
erLT
Facebook Plug-In
Feedback Tool
Handbrake 0.9.4
HiDownloadPlatinum
HP Tuners VCM Suite 2.23
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
iPhoneBrowser
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
LimeWire 5.5.8
LiveLink 6
Logitech SetPoint
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Netflix in Windows Media Center
OpenAL
OpenOffice.org 3.2
PDF Settings CS5
PowerDVD DX
QuickBooks Pro 2008
QuickTime
RealPlayer
RealUpgrade 1.0
Rosetta Stone Version 3
RTC Client API v1.2
SCT Device Updater
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SoundFont Bank Manager
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
System Requirements Lab for Intel
uberOptions 4.80.5
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
URL Helper
Viewpoint Media Player
VirtualCloneDrive
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WinPcap 4.1.1
WinPEP 7
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========
12/22/2010 9:51:10 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
12/22/2010 9:48:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
12/22/2010 9:45:14 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
12/22/2010 11:06:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
12/22/2010 11:06:26 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/22/2010 11:06:26 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/22/2010 10:55:10 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
12/22/2010 10:25:07 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
12/22/2010 10:25:04 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
12/21/2010 12:13:55 PM, Error: BTHUSB [19] - Windows detected an error while storing the Bluetooth link key for adapter address (00:07:61:a9:10:f4) on the local adapter. The event contains the vendor-specific error code.
12/21/2010 12:11:46 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
12/17/2010 11:33:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1960.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee2 Error description: The operation timed out

==== End Of File ===========================

Thanks for your help in advance!

BfB
 
Please don't put the logs in a code box. I have to copy them and paste them in a new Notepad to see the entire entries. It also greatly cuts down on the space available for the log. I'm going to edit the posts and try to get them to display out of the code box.
 
The fix for this is a simple one:\Temp\jar_cache Note it is temp and note it is [jar[/b] and note that it in cache. That means it a temporary internet file in the Java cache.

How do I clear the Java cache?
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • Click Settings under Temporary Internet Files.
  • The Temporary Files Settings dialog box appears.
  • Click Delete Files.
  • The Delete Temporary Files dialog box appears.
    5000020303.jpg
  • There are three options on this window to clear the cache. Check all 3.
    [o] Delete Files
    [o] View Applications
    [o] View Applets
  • Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
Image courtesy java.com
==============================================
There are 22 entries like this beginning 12/2 up to 12/22, but with different CID. Do you you have any idea what they are?
2010-12-22 19:16:13 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
=============================================
There are also some other entries needing removal. Why do you think you might have a rootkit? But can you tell me what problem you're having please. Was it just the Java exploit?
============================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
First off, thanks for all your help!

Bobbye said:
The fix for this is a simple one:\Temp\jar_cache Note it is temp and note it is [jar[/b] and note that it in cache. That means it a temporary internet file in the Java cache.
Click to expand...

Cleared! I have a Win7 machine, so the process was slightly different, and only 2 options are available in regards to the latest Java update, FYI.

There are 22 entries like this beginning 12/2 up to 12/22, but with different CID. Do you you have any idea what they are?
2010-12-22 19:16:13 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
Click to expand...

I am not sure what those are, but I looked in all of them, and they are ALL empty. Would it be safe to delete?

There are also some other entries needing removal. Why do you think you might have a rootkit? But can you tell me what problem you're having please. Was it just the Java exploit?
Click to expand...

Correct, just the Java exploit and MSE prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
Click to expand...

Win7, so this option doesn't get installed.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Click to expand...

Is this also done on a Win7 (I haven't checked to see if that's the case, yet)? And, if so, how do I reenable?

Here's my ComboFix log:

ComboFix 10-12-23.02 - James Parker 12/23/2010 13:57:09.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2538 [GMT -7:00]
Running from: c:\users\James Parker\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://wlxindex
.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 21:02 . 2010-12-23 21:02 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp
2010-12-23 21:02 . 2010-12-23 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 19:17 . 2010-12-23 19:17 -------- d-----w- c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
2010-12-23 07:16 . 2010-12-23 07:16 -------- d-----w- c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
2010-12-23 06:41 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDFD0D35-BA36-4C61-8B03-8D276F011E6B}\mpengine.dll
2010-12-22 19:16 . 2010-12-22 19:16 -------- d-----w- c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
2010-12-22 07:15 . 2010-12-22 07:15 -------- d-----w- c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
2010-12-21 19:14 . 2010-12-21 19:15 -------- d-----w- c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
2010-12-21 07:11 . 2010-12-21 07:11 -------- d-----w- c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
2010-12-20 19:05 . 2010-12-20 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
2010-12-19 19:05 . 2010-12-19 19:05 -------- d-----w- c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
2010-12-18 21:13 . 2010-12-18 21:13 -------- d-----w- c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
2010-12-17 20:04 . 2010-12-17 20:04 -------- d-----w- c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
2010-12-17 03:47 . 2010-12-17 03:47 -------- d-----w- c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
2010-12-16 22:58 . 2010-12-16 22:58 40816 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-16 15:46 . 2010-12-16 15:47 -------- d-----w- c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
2010-12-16 02:38 . 2010-12-16 02:38 -------- d-----w- c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
2010-12-15 19:12 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 19:12 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 19:12 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-15 19:12 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2010-12-15 14:37 . 2010-12-15 14:38 -------- d-----w- c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
2010-12-15 00:18 . 2010-12-15 00:18 -------- d-----w- c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
2010-12-14 08:58 . 2010-12-14 08:59 -------- d-----w- c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
2010-12-13 20:58 . 2010-12-13 20:58 -------- d-----w- c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
2010-12-13 07:06 . 2010-12-13 07:06 -------- d-----w- c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
2010-12-12 19:05 . 2010-12-12 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
2010-12-12 04:19 . 2010-12-12 04:19 -------- d-----w- c:\program files (x86)\HP Tuners
2010-12-11 23:58 . 2010-12-11 23:59 -------- d-----w- c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
2010-12-11 23:37 . 2010-12-11 23:37 -------- d-----w- c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
2010-12-11 07:47 . 2010-12-11 07:47 -------- d-----w- c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
2010-12-03 00:13 . 2010-12-03 00:13 -------- d-----w- c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
2010-12-02 08:40 . 2010-12-02 08:40 -------- d-----w- c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
2010-12-02 08:08 . 2010-12-02 08:08 -------- d-----w- c:\windows\en
2010-12-02 08:05 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-02 08:05 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-02 08:05 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-02 08:05 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-02 08:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-02 08:05 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-02 08:05 . 2010-12-02 08:05 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
2010-12-02 07:09 . 2010-12-02 07:09 -------- d-----w- c:\programdata\ATI
2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2010-11-25 10:01 . 2010-11-09 03:52 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-25 10:01 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-25 10:01 . 2010-11-09 03:55 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 10:01 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-04-14 02:02 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-04-14 02:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 07:50 . 2010-10-14 06:05 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-17 12:44 . 2010-07-30 17:48 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2010-11-13 01:53 . 2010-04-22 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-10 09:54 . 2010-11-10 09:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 09:28 . 2010-11-10 09:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-10 05:35 . 2010-04-02 08:32 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-06 14:58 . 2010-10-14 06:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-06 14:58 . 2010-10-14 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-06 14:58 . 2010-10-14 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-05 08:29 . 2010-11-05 08:29 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-29 04:52 . 2010-10-29 04:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-29 04:51 . 2010-10-29 04:51 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-29 04:51 . 2010-10-29 04:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-27 04:00 . 2010-10-27 04:00 8012288 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 03:25 . 2010-10-27 03:25 21422592 ----a-w- c:\windows\system32\atio6axx.dll
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-10-27 02:54 . 2010-03-03 04:15 645120 ----a-w- c:\windows\system32\aticfx64.dll
2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:52 . 2010-10-27 02:52 478208 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 02:51 . 2010-10-27 02:51 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 02:50 . 2010-10-27 02:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-10-27 02:50 . 2010-10-27 02:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 02:49 . 2010-10-27 02:49 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-10-27 02:38 . 2009-07-13 21:59 4744704 ----a-w- c:\windows\system32\atidxx64.dll
2010-10-27 02:35 . 2010-10-27 02:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-10-27 02:35 . 2010-10-27 02:35 6815744 ----a-w- c:\windows\system32\aticaldd64.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-10-27 02:22 . 2010-10-27 02:22 5218304 ----a-w- c:\windows\system32\atiumd64.dll
2010-10-27 02:14 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 02:14 . 2010-10-27 02:14 349184 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-10-27 02:14 . 2010-10-27 02:14 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 287232 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 02:13 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-10-27 02:13 . 2010-08-26 01:20 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-10-27 02:13 . 2010-08-26 01:19 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 01:57 . 2010-10-27 01:57 3221504 ----a-w- c:\windows\system32\atiumd6a.dll
2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-10-19 20:51 . 2010-04-01 06:10 270720 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HostManager"="c:\program files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-1 1207312]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-27 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-03-17 21504]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 867824]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 212864]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 12288]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 266720]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
Wow6432Node-HKU-Default-Run-CtxfiReg - CTXFIREG.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-23 14:05:00
ComboFix-quarantined-files.txt 2010-12-23 21:05

Pre-Run: 142,103,941,120 bytes free
Post-Run: 141,691,518,976 bytes free

- - End Of File - - 6863BE013A2CE6009A31E8B3639B183C
 
I use one speech for Combofix. If you are on Windows 7, then the Recovery Console query will just be skipped.

Regarding Internet Connection:
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Click to expand...

Regarding stop of autorun
ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Click to expand...

They should be enabled when the system is rebooted, if not at the end of the scan. And you should re-enable the security.

Regarding MSE:
12/22/2010 9:51:10 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?link...tid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
Click to expand...
So it's gone.

Regarding the 'mystery' directories:
I am not sure what those are, but I looked in all of them, and they are ALL empty. Would it be safe to delete?
Click to expand...

I'll set script up to look at a couple of the Directories. If nothing shows in that, then I'll have you delete the,. They came from something and 22 is a lot!
==========================================================
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\Drivers\PortTalk.sys

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm

DirLook::
c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}

Driver::
PortTalk
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall uTorrent & LimeWire for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

Also, be aware that this type of program is a good source of Adware. Recommend uninstall:
Coupon Printer for Windows

You also have Viewpoint Media Player. This is known as Foistware- not malware, but rarely downloaded intentionally. See this site for description and removal instructions: http://www.pchell.com/support/viewpoint.shtml
 
Again, thanks for your continued help. I doubt there's any issue, but after ComboFix finished, it restarted the computer, then upon rebooting I received a prompt stating:

"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

Illegal operation attempted on a registry key that has been marked for deletion."

Also, AOL popped up a prompt wanting to install files so it could connect again (I said no). I then restarted and everything came up okay, and I didn't have any warning prompts.


Here's the latest ComboFix log for your perusal:

ComboFix 10-12-23.02 - James Parker 12/23/2010 18:04:15.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2760 [GMT -7:00]
Running from: c:\users\James Parker\Downloads\ComboFix.exe
Command switches used :: c:\users\James Parker\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\Drivers\PortTalk.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PortTalk


((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 01:09 . 2010-12-24 01:09 -------- d-----w- c:\programdata\Viewpoint
2010-12-24 01:09 . 2010-12-24 01:09 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp
2010-12-24 01:09 . 2010-12-24 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 21:06 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10CFD121-697E-44D1-86F2-0EB76C8F9E68}\mpengine.dll
2010-12-23 19:17 . 2010-12-23 19:17 -------- d-----w- c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
2010-12-23 07:16 . 2010-12-23 07:16 -------- d-----w- c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
2010-12-22 19:16 . 2010-12-22 19:16 -------- d-----w- c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
2010-12-22 07:15 . 2010-12-22 07:15 -------- d-----w- c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
2010-12-21 19:14 . 2010-12-21 19:15 -------- d-----w- c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
2010-12-21 07:11 . 2010-12-21 07:11 -------- d-----w- c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
2010-12-20 19:05 . 2010-12-20 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
2010-12-19 19:05 . 2010-12-19 19:05 -------- d-----w- c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
2010-12-18 21:13 . 2010-12-18 21:13 -------- d-----w- c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
2010-12-17 20:04 . 2010-12-17 20:04 -------- d-----w- c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
2010-12-17 03:47 . 2010-12-17 03:47 -------- d-----w- c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
2010-12-16 22:58 . 2010-12-16 22:58 40816 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-16 15:46 . 2010-12-16 15:47 -------- d-----w- c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
2010-12-16 02:38 . 2010-12-16 02:38 -------- d-----w- c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
2010-12-15 19:12 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 19:12 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 19:12 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-15 19:12 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2010-12-15 14:37 . 2010-12-15 14:38 -------- d-----w- c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
2010-12-15 00:18 . 2010-12-15 00:18 -------- d-----w- c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
2010-12-14 08:58 . 2010-12-14 08:59 -------- d-----w- c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
2010-12-13 20:58 . 2010-12-13 20:58 -------- d-----w- c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
2010-12-13 07:06 . 2010-12-13 07:06 -------- d-----w- c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
2010-12-12 19:05 . 2010-12-12 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
2010-12-12 04:19 . 2010-12-12 04:19 -------- d-----w- c:\program files (x86)\HP Tuners
2010-12-11 23:58 . 2010-12-11 23:59 -------- d-----w- c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
2010-12-11 23:37 . 2010-12-11 23:37 -------- d-----w- c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
2010-12-11 07:47 . 2010-12-11 07:47 -------- d-----w- c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
2010-12-03 00:13 . 2010-12-03 00:13 -------- d-----w- c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
2010-12-02 08:40 . 2010-12-02 08:40 -------- d-----w- c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
2010-12-02 08:08 . 2010-12-02 08:08 -------- d-----w- c:\windows\en
2010-12-02 08:05 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-02 08:05 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-02 08:05 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-02 08:05 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-02 08:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-02 08:05 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-02 08:05 . 2010-12-02 08:05 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
2010-12-02 07:09 . 2010-12-02 07:09 -------- d-----w- c:\programdata\ATI
2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2010-11-25 10:01 . 2010-11-09 03:52 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-25 10:01 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-25 10:01 . 2010-11-09 03:55 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 10:01 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-04-14 02:02 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-21 01:08 . 2010-04-14 02:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 07:50 . 2010-10-14 06:05 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-17 12:44 . 2010-07-30 17:48 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2010-11-13 01:53 . 2010-04-22 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-10 09:54 . 2010-11-10 09:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 09:28 . 2010-11-10 09:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-10 05:35 . 2010-04-02 08:32 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-06 14:58 . 2010-10-14 06:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-06 14:58 . 2010-10-14 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-06 14:58 . 2010-10-14 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-05 08:29 . 2010-11-05 08:29 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-29 04:52 . 2010-10-29 04:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-29 04:51 . 2010-10-29 04:51 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-29 04:51 . 2010-10-29 04:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-27 04:00 . 2010-10-27 04:00 8012288 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 03:25 . 2010-10-27 03:25 21422592 ----a-w- c:\windows\system32\atio6axx.dll
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-10-27 02:54 . 2010-03-03 04:15 645120 ----a-w- c:\windows\system32\aticfx64.dll
2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:52 . 2010-10-27 02:52 478208 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 02:51 . 2010-10-27 02:51 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 02:50 . 2010-10-27 02:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-10-27 02:50 . 2010-10-27 02:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 02:49 . 2010-10-27 02:49 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-10-27 02:38 . 2009-07-13 21:59 4744704 ----a-w- c:\windows\system32\atidxx64.dll
2010-10-27 02:35 . 2010-10-27 02:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-10-27 02:35 . 2010-10-27 02:35 6815744 ----a-w- c:\windows\system32\aticaldd64.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-10-27 02:22 . 2010-10-27 02:22 5218304 ----a-w- c:\windows\system32\atiumd64.dll
2010-10-27 02:14 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 02:14 . 2010-10-27 02:14 349184 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-10-27 02:14 . 2010-10-27 02:14 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 287232 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 02:13 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-10-27 02:13 . 2010-08-26 01:20 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-10-27 02:13 . 2010-08-26 01:19 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 01:57 . 2010-10-27 01:57 3221504 ----a-w- c:\windows\system32\atiumd6a.dll
2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-10-19 20:51 . 2010-04-01 06:10 270720 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC} ----


---- Directory of c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7} ----


---- Directory of c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65} ----



((((((((((((((((((((((((((((( SnapShot@2010-12-23_21.03.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-24 01:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-24 01:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-23 06:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-24 01:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-01 08:22 . 2010-12-23 06:05 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-04-01 08:22 . 2010-12-24 01:09 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-24 01:10 . 2010-12-24 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 01:10 . 2010-12-24 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-01 17:42 . 2010-12-24 00:57 434756 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2010-12-24 01:09 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2010-12-23 06:05 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-26 08:28 . 2010-12-24 01:09 37001916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841151556-1769861012-3773736603-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HostManager"="c:\program files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-1 1207312]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-27 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-03-17 21504]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 867824]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 212864]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 12288]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 266720]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"combofix"="c:\combofix\CF14583.cfxxe" [X]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\AOL Desktop 9.6a\waol.exe
.
**************************************************************************
.
Completion time: 2010-12-23 18:15:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 01:15
ComboFix2.txt 2010-12-23 21:05

Pre-Run: 141,769,629,696 bytes free
Post-Run: 141,063,184,384 bytes free

- - End Of File - - CFF57E715ED64D78275F74FC258AA5C3
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code: 
File::

Folder::
c:\programdata\Viewpoint
c:\users\QBPOSDBSrvUser\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
c:\windows\system32\mshtml.tlb

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"=-
"combofix"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
 
Thanks again!

Okay, near the end of ComboFix's creating the log file, I got a "PEV.cfxxe has stopped working" error, and I kept closing it (did it about 3 or so times).

Here's the log file you requested:

ComboFix 10-12-26.01 - James Parker 12/26/2010 22:45:51.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2791 [GMT -7:00]
Running from: c:\users\James Parker\Downloads\ComboFix.exe
Command switches used :: c:\users\James Parker\Desktop\CFScript.log
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Viewpoint
c:\programdata\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\users\Default\AppData\Local\temp
c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
c:\users\Public\invokesi.exe
c:\users\QBPOSDBSrvUser\AppData\Local\temp

----- BITS: Possible infected sites -----

hxxp://www.wbdigitalcopy.com
.
((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-26 20:33 . 2010-12-26 20:34 -------- d-----w- c:\users\James Parker\AppData\Local\{237C5622-EBFA-4E3F-B50B-B950DD8C6DCC}
2010-12-26 20:31 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BB8E30C-D191-4A3F-AF1D-8EB1E6074FE1}\mpengine.dll
2010-12-25 21:03 . 2010-12-25 21:03 -------- d-----w- c:\users\James Parker\AppData\Local\{7ECA10DB-AB73-478E-88E0-94AC519E1C35}
2010-12-25 07:34 . 2010-12-25 07:34 -------- d-----w- c:\program files (x86)\dcmsvc
2010-12-25 07:34 . 2010-12-25 07:34 -------- d-----w- c:\users\James Parker\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2010-12-25 07:34 . 2010-12-25 07:34 -------- d-----w- c:\program files (x86)\Warner Bros. Digital Copy Manager
2010-12-24 20:44 . 2010-12-24 20:44 -------- d-----w- c:\users\James Parker\AppData\Local\{7DF1130F-9C69-4DD0-B752-64D29D29B39B}
2010-12-24 07:17 . 2010-12-24 07:17 -------- d-----w- c:\users\James Parker\AppData\Local\{8A6CD67F-1E78-401A-8368-A39FA9F70EB2}
2010-12-15 19:13 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-15 19:13 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-15 19:13 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-15 19:13 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-15 19:13 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-15 19:13 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 19:13 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 19:13 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-15 19:12 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 19:12 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 19:12 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-12 04:19 . 2010-12-12 04:19 -------- d-----w- c:\program files (x86)\HP Tuners
2010-12-02 08:08 . 2010-12-02 08:08 -------- d-----w- c:\windows\en
2010-12-02 08:05 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2010-12-02 08:05 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2010-12-02 08:05 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2010-12-02 08:05 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2010-12-02 08:05 . 2010-12-02 08:05 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
2010-12-02 07:09 . 2010-12-02 07:09 -------- d-----w- c:\programdata\ATI
2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 01:09 . 2010-04-14 02:02 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-11 07:50 . 2010-10-14 06:05 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2010-11-17 12:44 . 2010-07-30 17:48 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2010-11-13 01:53 . 2010-04-22 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-10 09:54 . 2010-11-10 09:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 09:28 . 2010-11-10 09:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-10 05:35 . 2010-04-02 08:32 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-06 14:58 . 2010-10-14 06:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-11-06 14:58 . 2010-10-14 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-11-06 14:58 . 2010-10-14 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-11-05 08:29 . 2010-11-05 08:29 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-11-01 23:03 . 2010-11-25 10:01 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-11-01 22:59 . 2010-11-25 10:01 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-10-29 04:52 . 2010-10-29 04:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-29 04:51 . 2010-10-29 04:51 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-10-29 04:51 . 2010-10-29 04:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-10-27 02:13 . 2010-08-26 01:19 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-23_21.03.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-24 01:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2010-12-24 01:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-23 06:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-24 01:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-01 07:14 . 2010-12-24 01:21 46742 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-24 01:21 29628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2010-12-23 06:08 29628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-25 07:33 . 2010-12-25 07:33 33280 c:\windows\Installer\67e0a17.msi
+ 2010-12-25 07:33 . 2010-12-25 07:33 32256 c:\windows\Installer\67e0a04.msi
- 2010-06-04 15:38 . 2010-09-30 09:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 15:38 . 2010-12-25 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-04-01 06:22 . 2010-12-24 01:21 8484 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-841151556-1769861012-3773736603-1001_UserData.bin
+ 2010-04-01 08:22 . 2010-12-24 01:18 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-04-01 08:22 . 2010-12-23 06:05 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-12-24 01:18 . 2010-12-24 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 01:18 . 2010-12-24 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-01 17:42 . 2010-12-27 05:33 437386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2010-12-24 01:18 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2010-12-23 06:05 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2010-12-26 21:14 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2010-12-23 19:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-06-26 08:28 . 2010-12-24 01:18 37001916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841151556-1769861012-3773736603-1001-12288.dat
+ 2010-12-25 10:01 . 2010-12-25 10:01 20304384 c:\windows\Installer\704bf67.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HostManager"="c:\program files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-1 1207312]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-27 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-03-17 21504]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 867824]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 212864]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 12288]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 266720]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-26 22:55:03
ComboFix-quarantined-files.txt 2010-12-27 05:55
ComboFix2.txt 2010-12-24 01:15
ComboFix3.txt 2010-12-23 21:05

Pre-Run: 137,761,980,416 bytes free
Post-Run: 137,594,179,584 bytes free

- - End Of File - - 81BE76811E7EAE4AB696C4D856B752F9
 
Okay- I am hard pressed to find any malware. The appdata entries were removed- there are 4 more in the log. There is only 1 questionable entry and attempts to identify it have failed for everyone had tried. It is being started from the Registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

I suggest you check on Programs, see if find any info and if not, disable or delete it. I don't think it's malware because it would have been identified by now. So unless you have more problem, you can Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Creating a Restore Point in Windows 7:
  • Click on Start> right click on Computer> Properties
  • Select System Protection
  • Click on the Create button (near bottom)
  • Type a name for the Restore Point
  • Click on Create again to save the restore point.

Deleting all but the most recent System Protection point in Windows
  • Click Start, type Cleanmgr.exe and press ENTER
  • Select the drive-letter from the list and click OK
  • Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
  • Select the drive-letter from the list and click OK
  • Click the More Options tab
    w7-srp2.png
  • Click the Clean up… button under System Restore and Shadow Copies.
  • Click OK.

Empty the Recycle Bin

Let me know if you have any more questions.
 
dcmsvc.exe is part of Warner Brothers Digital Copy Manager, which is used for downloading digital copies of movies purchased.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back