TechSpot

Potential Rootkit Infection?

By BfB
Dec 23, 2010
  1. http://www.techspot.com/vb/topic58138.html

    Upon visiting www.livernoismotorsports.com tonight, MSE popped up with the following below. However, when I hit "Remove", it would come back saying nothing was found and all was fine. I then updated my Java from version 22 to 23 (latest), as well as MSE to the latest definition from today, and then upon revisiting the website above there weren't any issues this time.

    Java/CVE-2010-0840.W

    Category: Exploit
    Description: This program is dangerous and exploits the computer on which it is run.
    Recommendation: Remove this software immediately.

    Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.
    Items:
    file:C:\Users\James Parker\AppData\Local\Temp\jar_cache53302636819750324.tmp->bpac/a.class
    file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache1122406371245836493.tmp->bpac/a.class
    file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache4528957759937422929.tmp->bpac/a.class
    file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache53302636819750324.tmp->bpac/a.class
    file:C:\Users\JAMESP~1\AppData\Local\Temp\jar_cache5539500176732367532.tmp->bpac/a.class

    Get more information about this item online.

    Here are the requested scans:
    Step 2: TFC ran.
    Step 3: Malwarebytes Anti-Malware updated and ran with no infections found. Log below.
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5382
    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    12/22/2010 11:13:26 PM
    mbam-log-2010-12-22 (23-13-26).txt

    Scan type: Quick scan
    Objects scanned: 165936
    Time elapsed: 3 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Step 4: GMER ran. Log below.
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-22 23:40:23
    Windows 6.1.7600
    Running: vfjybj22.exe
    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4ce6e7a7
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e4ce6e7a7@000761a910f4 0x49 0xB0 0x9F 0xD5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application@Sources MSDMine?APC UPS Service?wltrys
    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 4372
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4ce6e7a7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e4ce6e7a7@000761a910f4 0x49 0xB0 0x9F 0xD5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\eventlog\Application@Sources MSDMine?APC UPS Service?wltrys

    ---- EOF - GMER 1.0.15 ----
    Step 5: DDS ran. Logs below.
    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by James Parker at 23:42:53.48 on Wed 12/22/2010
    Internet Explorer: 9.0.7930.16406
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2149 [GMT -7:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Logitech\SetPoint\LBTWiz.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\AOL Desktop 9.6a\waol.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\aol\1270162693\ee\aolsoftware.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\OEM05Mon.exe
    C:\Windows\SysWOW64\Ctxfihlp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Windows\SysWOW64\CTXFISPI.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AOL Desktop 9.6a\shellmon.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\James Parker\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============
    uSearch Page =
    uSearch Bar =
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6a\AOL.EXE" -b
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
    mRun: [<NO NAME>]
    mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1278269957501
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.11.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun-x64: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
    Hosts: 74.208.10.249 gs.apple.com

    ============= SERVICES / DRIVERS ===============
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
    R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [2010-9-29 118888]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57:43];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-8-26 146928]
    R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05:03];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-10-15 146928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-31 13336]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-26 8012288]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-6 202840]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-6 1417304]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-6 94808]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
    R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\Windows\System32\drivers\OEM05Afx.sys [2007-6-8 212864]
    R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\System32\drivers\OEM05Vfx.sys [2007-3-5 12288]
    R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\System32\drivers\OEM05Vid.sys [2007-7-20 266720]
    S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 67656]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-4-23 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-4-23 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-6 202840]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-6 1417304]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-6 94808]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-8-20 48480]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-3-16 21504]
    S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2010-4-1 16384]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================
    2010-12-23 06:41:46 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{BDFD0D35-BA36-4C61-8B03-8D276F011E6B}\mpengine.dll
    2010-12-22 19:16:13 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    2010-12-22 07:15:18 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
    2010-12-21 19:14:52 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
    2010-12-21 07:11:15 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
    2010-12-20 19:05:52 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
    2010-12-19 19:05:28 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
    2010-12-18 21:13:09 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
    2010-12-17 20:04:04 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
    2010-12-17 03:47:22 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
    2010-12-16 22:58:14 40816 ----a-w- C:\Windows\System32\drivers\ElbyCDIO.sys
    2010-12-16 15:46:57 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
    2010-12-16 02:38:06 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
    2010-12-15 19:12:58 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2010-12-15 19:12:58 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2010-12-15 19:12:58 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2010-12-15 19:12:57 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-12-15 14:37:54 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
    2010-12-15 00:18:21 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
    2010-12-14 08:58:51 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
    2010-12-13 20:58:16 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
    2010-12-13 07:06:27 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
    2010-12-12 19:05:59 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
    2010-12-12 04:19:28 -------- d-----w- C:\Program Files (x86)\HP Tuners
    2010-12-11 23:58:51 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
    2010-12-11 23:37:32 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
    2010-12-11 07:47:12 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
    2010-12-03 00:13:15 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
    2010-12-02 08:40:06 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
    2010-12-02 08:08:50 -------- d-----w- C:\Windows\en
    2010-12-02 08:05:45 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2010-12-02 08:05:45 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2010-12-02 08:05:44 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2010-12-02 08:05:44 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2010-12-02 08:05:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2010-12-02 08:05:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2010-12-02 08:05:15 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
    2010-12-01 19:06:31 125512 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
    2010-12-01 19:06:31 125512 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
    2010-11-25 18:29:05 89256 ----a-w- C:\Windows\SysWow64\ElbyCDIO.dll
    2010-11-25 10:01:02 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-25 10:01:02 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-25 10:01:00 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
    2010-11-25 10:01:00 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    ==================== Find3M ====================

    2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-17 12:44:06 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
    2010-11-13 01:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-10 09:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-11-10 09:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
    2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll
    2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe
    2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
    2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
    2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
    2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
    2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
    2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll
    2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
    2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
    2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-10-14 04:50:40 11344 ----a-w- C:\Windows\SysWow64\wdapi921.dll
    2010-09-24 12:46:32 116752 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

    ============= FINISH: 23:43:29.72 ===============
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/31/2010 11:54:01 PM
    System Uptime: 12/22/2010 11:06:18 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0TP406
    Processor: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz | CPU | 2660/1333mhz

    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 451 GiB total, 133.194 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.813 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&343316A1&1&02
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #2
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&343316A1&1&02
    Service: vwifimp

    ==== System Restore Points ===================

    RP325: 12/11/2010 9:19:03 PM - Installed HP Tuners VCM Suite 2.23.
    RP326: 12/12/2010 1:11:51 AM - Windows Update
    RP327: 12/13/2010 7:56:52 AM - Windows Update
    RP328: 12/14/2010 5:27:58 PM - Windows Update
    RP329: 12/15/2010 5:37:37 PM - Windows Update
    RP330: 12/16/2010 3:00:31 AM - Windows Update
    RP331: 12/16/2010 8:43:11 PM - Windows Update
    RP332: 12/19/2010 10:38:05 AM - Windows Update
    RP333: 12/20/2010 11:47:59 AM - Windows Update
    RP334: 12/21/2010 12:21:59 PM - Windows Update
    RP335: 12/22/2010 12:26:16 PM - Windows Update
    RP336: 12/22/2010 10:18:54 PM - Installed Java(TM) 6 Update 23
    RP337: 12/22/2010 10:32:35 PM - Windows Update

    ==== Installed Programs ======================
    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.4.1
    Advantage III
    AnyDVD
    AOL Uninstaller (Choose which Products to Remove)
    APC PowerChute Personal Edition v2.2
    Apple Application Support
    Apple Software Update
    ATI Catalyst Registration
    AVS Video Converter 7
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CloneDVD2
    Coupon Printer for Windows
    Creative ALchemy
    Creative Audio Control Panel
    Creative Console Launcher
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative WaveStudio 7
    CuteFTP 8 Professional
    CyberLink PowerDVD 10
    D3DX10
    Dell Driver Download Manager
    erLT
    Facebook Plug-In
    Feedback Tool
    Handbrake 0.9.4
    HiDownloadPlatinum
    HP Tuners VCM Suite 2.23
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Internet TV for Windows Media Center
    iPhoneBrowser
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    LimeWire 5.5.8
    LiveLink 6
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector 32-bit
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    Netflix in Windows Media Center
    OpenAL
    OpenOffice.org 3.2
    PDF Settings CS5
    PowerDVD DX
    QuickBooks Pro 2008
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Rosetta Stone Version 3
    RTC Client API v1.2
    SCT Device Updater
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SoundFont Bank Manager
    SUPERAntiSpyware Free Edition
    SupportSoft Assisted Service
    System Requirements Lab for Intel
    uberOptions 4.80.5
    Uninstall AOL Emergency Connect Utility 1.0
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2466076)
    URL Helper
    Viewpoint Media Player
    VirtualCloneDrive
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    WinPcap 4.1.1
    WinPEP 7
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========
    12/22/2010 9:51:10 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
    12/22/2010 9:48:50 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
    12/22/2010 9:45:14 PM, Error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2010-0840.W&threatid=2147641020 User: JamesParker-PC\James Parker Name: Exploit:Java/CVE-2010-0840.W ID: 2147641020 Severity: Severe Category: Exploit Path: Action: Remove Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.95.2390.0, AS: 1.95.2390.0 Engine Version: 1.1.6402.0
    12/22/2010 11:06:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    12/22/2010 11:06:26 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/22/2010 11:06:26 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/22/2010 10:55:10 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
    12/22/2010 10:25:07 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
    12/22/2010 10:25:04 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
    12/21/2010 12:13:55 PM, Error: BTHUSB [19] - Windows detected an error while storing the Bluetooth link key for adapter address (00:07:61:a9:10:f4) on the local adapter. The event contains the vendor-specific error code.
    12/21/2010 12:11:46 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    12/17/2010 11:33:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.1960.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x80072ee2 Error description: The operation timed out

    ==== End Of File ===========================

    Thanks for your help in advance!

    BfB
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please don't put the logs in a code box. I have to copy them and paste them in a new Notepad to see the entire entries. It also greatly cuts down on the space available for the log. I'm going to edit the posts and try to get them to display out of the code box.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The fix for this is a simple one:\Temp\jar_cache Note it is temp and note it is [jar[/b] and note that it in cache. That means it a temporary internet file in the Java cache.

    How do I clear the Java cache?
    • Click Start > Control Panel.
    • Double-click the Java icon in the control panel.
    • Click Settings under Temporary Internet Files.
    • The Temporary Files Settings dialog box appears.
    • Click Delete Files.
    • The Delete Temporary Files dialog box appears.
      [​IMG]
    • There are three options on this window to clear the cache. Check all 3.
      [o] Delete Files
      [o] View Applications
      [o] View Applets
    • Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click OK on Temporary Files Settings window.
    Image courtesy java.com
    ==============================================
    There are 22 entries like this beginning 12/2 up to 12/22, but with different CID. Do you you have any idea what they are?
    2010-12-22 19:16:13 -------- d-----w- C:\Users\JAMESP~1\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    =============================================
    There are also some other entries needing removal. Why do you think you might have a rootkit? But can you tell me what problem you're having please. Was it just the Java exploit?
    ============================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  4. BfB

    BfB TS Rookie Topic Starter

    First off, thanks for all your help!

    Cleared! I have a Win7 machine, so the process was slightly different, and only 2 options are available in regards to the latest Java update, FYI.

    I am not sure what those are, but I looked in all of them, and they are ALL empty. Would it be safe to delete?

    Correct, just the Java exploit and MSE prompts.

    Win7, so this option doesn't get installed.

    Is this also done on a Win7 (I haven't checked to see if that's the case, yet)? And, if so, how do I reenable?

    Here's my ComboFix log:

    ComboFix 10-12-23.02 - James Parker 12/23/2010 13:57:09.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2538 [GMT -7:00]
    Running from: c:\users\James Parker\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible infected sites -----

    hxxp://wlxindex
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
    .

    2010-12-23 21:02 . 2010-12-23 21:02 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp
    2010-12-23 21:02 . 2010-12-23 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-23 19:17 . 2010-12-23 19:17 -------- d-----w- c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
    2010-12-23 07:16 . 2010-12-23 07:16 -------- d-----w- c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
    2010-12-23 06:41 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BDFD0D35-BA36-4C61-8B03-8D276F011E6B}\mpengine.dll
    2010-12-22 19:16 . 2010-12-22 19:16 -------- d-----w- c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    2010-12-22 07:15 . 2010-12-22 07:15 -------- d-----w- c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
    2010-12-21 19:14 . 2010-12-21 19:15 -------- d-----w- c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
    2010-12-21 07:11 . 2010-12-21 07:11 -------- d-----w- c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
    2010-12-20 19:05 . 2010-12-20 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
    2010-12-19 19:05 . 2010-12-19 19:05 -------- d-----w- c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
    2010-12-18 21:13 . 2010-12-18 21:13 -------- d-----w- c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
    2010-12-17 20:04 . 2010-12-17 20:04 -------- d-----w- c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
    2010-12-17 03:47 . 2010-12-17 03:47 -------- d-----w- c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
    2010-12-16 22:58 . 2010-12-16 22:58 40816 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-12-16 15:46 . 2010-12-16 15:47 -------- d-----w- c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
    2010-12-16 02:38 . 2010-12-16 02:38 -------- d-----w- c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
    2010-12-15 19:12 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-15 19:12 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 19:12 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2010-12-15 19:12 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2010-12-15 14:37 . 2010-12-15 14:38 -------- d-----w- c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
    2010-12-15 00:18 . 2010-12-15 00:18 -------- d-----w- c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
    2010-12-14 08:58 . 2010-12-14 08:59 -------- d-----w- c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
    2010-12-13 20:58 . 2010-12-13 20:58 -------- d-----w- c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
    2010-12-13 07:06 . 2010-12-13 07:06 -------- d-----w- c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
    2010-12-12 19:05 . 2010-12-12 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
    2010-12-12 04:19 . 2010-12-12 04:19 -------- d-----w- c:\program files (x86)\HP Tuners
    2010-12-11 23:58 . 2010-12-11 23:59 -------- d-----w- c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
    2010-12-11 23:37 . 2010-12-11 23:37 -------- d-----w- c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
    2010-12-11 07:47 . 2010-12-11 07:47 -------- d-----w- c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
    2010-12-03 00:13 . 2010-12-03 00:13 -------- d-----w- c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
    2010-12-02 08:40 . 2010-12-02 08:40 -------- d-----w- c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
    2010-12-02 08:08 . 2010-12-02 08:08 -------- d-----w- c:\windows\en
    2010-12-02 08:05 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2010-12-02 08:05 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    2010-12-02 08:05 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2010-12-02 08:05 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-12-02 08:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-02 08:05 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
    2010-12-02 08:05 . 2010-12-02 08:05 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
    2010-12-02 07:09 . 2010-12-02 07:09 -------- d-----w- c:\programdata\ATI
    2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
    2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
    2010-11-25 10:01 . 2010-11-09 03:52 2381824 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-25 10:01 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-11-25 10:01 . 2010-11-09 03:55 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-25 10:01 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 01:09 . 2010-04-14 02:02 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-21 01:08 . 2010-04-14 02:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 07:50 . 2010-10-14 06:05 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-17 12:44 . 2010-07-30 17:48 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
    2010-11-13 01:53 . 2010-04-22 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-10 09:54 . 2010-11-10 09:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-11-10 09:28 . 2010-11-10 09:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-11-10 05:35 . 2010-04-02 08:32 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-06 14:58 . 2010-10-14 06:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-06 14:58 . 2010-10-14 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-11-06 14:58 . 2010-10-14 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-05 08:29 . 2010-11-05 08:29 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-10-29 04:52 . 2010-10-29 04:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-29 04:51 . 2010-10-29 04:51 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-10-29 04:51 . 2010-10-29 04:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-10-27 04:00 . 2010-10-27 04:00 8012288 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-10-27 03:25 . 2010-10-27 03:25 21422592 ----a-w- c:\windows\system32\atio6axx.dll
    2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2010-10-27 02:54 . 2010-03-03 04:15 645120 ----a-w- c:\windows\system32\aticfx64.dll
    2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-10-27 02:52 . 2010-10-27 02:52 478208 ----a-w- c:\windows\system32\atieclxx.exe
    2010-10-27 02:51 . 2010-10-27 02:51 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-10-27 02:50 . 2010-10-27 02:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2010-10-27 02:50 . 2010-10-27 02:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2010-10-27 02:49 . 2010-10-27 02:49 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2010-10-27 02:49 . 2010-10-27 02:49 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2010-10-27 02:38 . 2009-07-13 21:59 4744704 ----a-w- c:\windows\system32\atidxx64.dll
    2010-10-27 02:35 . 2010-10-27 02:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2010-10-27 02:35 . 2010-10-27 02:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2010-10-27 02:35 . 2010-10-27 02:35 6815744 ----a-w- c:\windows\system32\aticaldd64.dll
    2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2010-10-27 02:22 . 2010-10-27 02:22 5218304 ----a-w- c:\windows\system32\atiumd64.dll
    2010-10-27 02:14 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
    2010-10-27 02:14 . 2010-10-27 02:14 349184 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2010-10-27 02:14 . 2010-10-27 02:14 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 31744 ----a-w- c:\windows\system32\atig6txx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 287232 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-10-27 02:13 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiuxp64.dll
    2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2010-10-27 02:13 . 2010-08-26 01:20 37888 ----a-w- c:\windows\system32\atiu9p64.dll
    2010-10-27 02:13 . 2010-08-26 01:19 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-10-27 01:57 . 2010-10-27 01:57 3221504 ----a-w- c:\windows\system32\atiumd6a.dll
    2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2010-10-19 20:51 . 2010-04-01 06:10 270720 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe" [2010-03-08 41800]
    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
    "OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-1 1207312]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-27 67656]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-23 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-03-17 21504]
    R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [x]
    R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 867824]
    S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
    S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 212864]
    S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 12288]
    S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 266720]

    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
    Wow6432Node-HKU-Default-Run-CtxfiReg - CTXFIREG.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-12-23 14:05:00
    ComboFix-quarantined-files.txt 2010-12-23 21:05

    Pre-Run: 142,103,941,120 bytes free
    Post-Run: 141,691,518,976 bytes free

    - - End Of File - - 6863BE013A2CE6009A31E8B3639B183C
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I use one speech for Combofix. If you are on Windows 7, then the Recovery Console query will just be skipped.

    Regarding Internet Connection:
    Regarding stop of autorun
    They should be enabled when the system is rebooted, if not at the end of the scan. And you should re-enable the security.

    Regarding MSE:
    So it's gone.

    Regarding the 'mystery' directories:
    I'll set script up to look at a couple of the Directories. If nothing shows in that, then I'll have you delete the,. They came from something and 22 is a lot!
    ==========================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\Drivers\PortTalk.sys
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    
    DDS::
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    
    DirLook::
    c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
    c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
    
    Driver::
    PortTalk
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe
    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall uTorrent & LimeWire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    Also, be aware that this type of program is a good source of Adware. Recommend uninstall:
    Coupon Printer for Windows

    You also have Viewpoint Media Player. This is known as Foistware- not malware, but rarely downloaded intentionally. See this site for description and removal instructions: http://www.pchell.com/support/viewpoint.shtml
     
  6. BfB

    BfB TS Rookie Topic Starter

    Again, thanks for your continued help. I doubt there's any issue, but after ComboFix finished, it restarted the computer, then upon rebooting I received a prompt stating:

    "C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

    Illegal operation attempted on a registry key that has been marked for deletion."

    Also, AOL popped up a prompt wanting to install files so it could connect again (I said no). I then restarted and everything came up okay, and I didn't have any warning prompts.


    Here's the latest ComboFix log for your perusal:

    ComboFix 10-12-23.02 - James Parker 12/23/2010 18:04:15.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2760 [GMT -7:00]
    Running from: c:\users\James Parker\Downloads\ComboFix.exe
    Command switches used :: c:\users\James Parker\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\Drivers\PortTalk.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_PortTalk


    ((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
    .

    2010-12-24 01:09 . 2010-12-24 01:09 -------- d-----w- c:\programdata\Viewpoint
    2010-12-24 01:09 . 2010-12-24 01:09 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp
    2010-12-24 01:09 . 2010-12-24 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-23 21:06 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10CFD121-697E-44D1-86F2-0EB76C8F9E68}\mpengine.dll
    2010-12-23 19:17 . 2010-12-23 19:17 -------- d-----w- c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
    2010-12-23 07:16 . 2010-12-23 07:16 -------- d-----w- c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
    2010-12-22 19:16 . 2010-12-22 19:16 -------- d-----w- c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    2010-12-22 07:15 . 2010-12-22 07:15 -------- d-----w- c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
    2010-12-21 19:14 . 2010-12-21 19:15 -------- d-----w- c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
    2010-12-21 07:11 . 2010-12-21 07:11 -------- d-----w- c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
    2010-12-20 19:05 . 2010-12-20 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
    2010-12-19 19:05 . 2010-12-19 19:05 -------- d-----w- c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
    2010-12-18 21:13 . 2010-12-18 21:13 -------- d-----w- c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
    2010-12-17 20:04 . 2010-12-17 20:04 -------- d-----w- c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
    2010-12-17 03:47 . 2010-12-17 03:47 -------- d-----w- c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
    2010-12-16 22:58 . 2010-12-16 22:58 40816 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
    2010-12-16 15:46 . 2010-12-16 15:47 -------- d-----w- c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
    2010-12-16 02:38 . 2010-12-16 02:38 -------- d-----w- c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
    2010-12-15 19:12 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-15 19:12 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 19:12 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2010-12-15 19:12 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2010-12-15 14:37 . 2010-12-15 14:38 -------- d-----w- c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
    2010-12-15 00:18 . 2010-12-15 00:18 -------- d-----w- c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
    2010-12-14 08:58 . 2010-12-14 08:59 -------- d-----w- c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
    2010-12-13 20:58 . 2010-12-13 20:58 -------- d-----w- c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
    2010-12-13 07:06 . 2010-12-13 07:06 -------- d-----w- c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
    2010-12-12 19:05 . 2010-12-12 19:06 -------- d-----w- c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
    2010-12-12 04:19 . 2010-12-12 04:19 -------- d-----w- c:\program files (x86)\HP Tuners
    2010-12-11 23:58 . 2010-12-11 23:59 -------- d-----w- c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
    2010-12-11 23:37 . 2010-12-11 23:37 -------- d-----w- c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
    2010-12-11 07:47 . 2010-12-11 07:47 -------- d-----w- c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
    2010-12-03 00:13 . 2010-12-03 00:13 -------- d-----w- c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
    2010-12-02 08:40 . 2010-12-02 08:40 -------- d-----w- c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
    2010-12-02 08:08 . 2010-12-02 08:08 -------- d-----w- c:\windows\en
    2010-12-02 08:05 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2010-12-02 08:05 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    2010-12-02 08:05 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2010-12-02 08:05 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-12-02 08:05 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-02 08:05 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
    2010-12-02 08:05 . 2010-12-02 08:05 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
    2010-12-02 07:09 . 2010-12-02 07:09 -------- d-----w- c:\programdata\ATI
    2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
    2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
    2010-11-25 10:01 . 2010-11-09 03:52 2381824 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-25 10:01 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-11-25 10:01 . 2010-11-09 03:55 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-25 10:01 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 01:09 . 2010-04-14 02:02 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-21 01:08 . 2010-04-14 02:02 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 07:50 . 2010-10-14 06:05 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-17 12:44 . 2010-07-30 17:48 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
    2010-11-13 01:53 . 2010-04-22 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-10 09:54 . 2010-11-10 09:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-11-10 09:28 . 2010-11-10 09:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-11-10 05:35 . 2010-04-02 08:32 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-06 14:58 . 2010-10-14 06:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-06 14:58 . 2010-10-14 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-11-06 14:58 . 2010-10-14 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-05 08:29 . 2010-11-05 08:29 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-10-29 04:52 . 2010-10-29 04:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-29 04:51 . 2010-10-29 04:51 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-10-29 04:51 . 2010-10-29 04:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-10-27 04:00 . 2010-10-27 04:00 8012288 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-10-27 03:25 . 2010-10-27 03:25 21422592 ----a-w- c:\windows\system32\atio6axx.dll
    2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2010-10-27 02:54 . 2010-03-03 04:15 645120 ----a-w- c:\windows\system32\aticfx64.dll
    2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-10-27 02:52 . 2010-10-27 02:52 478208 ----a-w- c:\windows\system32\atieclxx.exe
    2010-10-27 02:51 . 2010-10-27 02:51 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-10-27 02:50 . 2010-10-27 02:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2010-10-27 02:50 . 2010-10-27 02:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2010-10-27 02:49 . 2010-10-27 02:49 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2010-10-27 02:49 . 2010-10-27 02:49 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2010-10-27 02:38 . 2009-07-13 21:59 4744704 ----a-w- c:\windows\system32\atidxx64.dll
    2010-10-27 02:35 . 2010-10-27 02:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2010-10-27 02:35 . 2010-10-27 02:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2010-10-27 02:35 . 2010-10-27 02:35 6815744 ----a-w- c:\windows\system32\aticaldd64.dll
    2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2010-10-27 02:22 . 2010-10-27 02:22 5218304 ----a-w- c:\windows\system32\atiumd64.dll
    2010-10-27 02:14 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
    2010-10-27 02:14 . 2010-10-27 02:14 349184 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2010-10-27 02:14 . 2010-10-27 02:14 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 31744 ----a-w- c:\windows\system32\atig6txx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 287232 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-10-27 02:13 . 2010-03-03 03:06 39936 ----a-w- c:\windows\system32\atiuxp64.dll
    2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2010-10-27 02:13 . 2010-08-26 01:20 37888 ----a-w- c:\windows\system32\atiu9p64.dll
    2010-10-27 02:13 . 2010-08-26 01:19 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-10-27 01:57 . 2010-10-27 01:57 3221504 ----a-w- c:\windows\system32\atiumd6a.dll
    2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2010-10-27 01:37 . 2010-10-27 01:37 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2010-10-19 20:51 . 2010-04-01 06:10 270720 ------w- c:\windows\system32\MpSigStub.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC} ----


    ---- Directory of c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7} ----


    ---- Directory of c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65} ----



    ((((((((((((((((((((((((((((( SnapShot@2010-12-23_21.03.17 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2010-12-24 01:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2010-12-24 01:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2010-12-23 06:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2010-12-24 01:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-04-01 08:22 . 2010-12-23 06:05 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-04-01 08:22 . 2010-12-24 01:09 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-12-24 01:10 . 2010-12-24 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-12-24 01:10 . 2010-12-24 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-04-01 17:42 . 2010-12-24 00:57 434756 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 05:01 . 2010-12-24 01:09 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2010-12-23 06:05 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-06-26 08:28 . 2010-12-24 01:09 37001916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841151556-1769861012-3773736603-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe" [2010-03-08 41800]
    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
    "OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-1 1207312]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-27 67656]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-23 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-03-17 21504]
    R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 867824]
    S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 212864]
    S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 12288]
    S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 266720]

    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
    "combofix"="c:\combofix\CF14583.cfxxe" [X]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\AOL Desktop 9.6a\waol.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-23 18:15:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-24 01:15
    ComboFix2.txt 2010-12-23 21:05

    Pre-Run: 141,769,629,696 bytes free
    Post-Run: 141,063,184,384 bytes free

    - - End Of File - - CFF57E715ED64D78275F74FC258AA5C3
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File::
    
    Folder::
    c:\programdata\Viewpoint
    c:\users\QBPOSDBSrvUser\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
    c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
    c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
    c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
    c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
    c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
    c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
    c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
    c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
    c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
    c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
    c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
    c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
    c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
    c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
    c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
    c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
    c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
    c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
    c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
    c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
    c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
    c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
    c:\windows\system32\mshtml.tlb
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bluetooth Connection Assistant"=-
    "combofix"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
     
  8. BfB

    BfB TS Rookie Topic Starter

    Thanks again!

    Okay, near the end of ComboFix's creating the log file, I got a "PEV.cfxxe has stopped working" error, and I kept closing it (did it about 3 or so times).

    Here's the log file you requested:

    ComboFix 10-12-26.01 - James Parker 12/26/2010 22:45:51.3.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4030.2791 [GMT -7:00]
    Running from: c:\users\James Parker\Downloads\ComboFix.exe
    Command switches used :: c:\users\James Parker\Desktop\CFScript.log
    AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\programdata\Viewpoint
    c:\programdata\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
    c:\programdata\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
    c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
    c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
    c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
    c:\programdata\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
    c:\users\Default\AppData\Local\temp
    c:\users\James Parker\AppData\Local\{118F997B-6F17-4FDB-AA7D-7FF8EB5162CC}
    c:\users\James Parker\AppData\Local\{15D45BEF-F122-499C-9AC9-CEA968A5659F}
    c:\users\James Parker\AppData\Local\{19AEF55C-EE81-4BFF-9B16-DF7FD9F35CA3}
    c:\users\James Parker\AppData\Local\{1AE9D01C-8F8C-478F-999A-53A7C94EFF51}
    c:\users\James Parker\AppData\Local\{1CB5744E-52F0-4623-9BE9-071E7DFC50C8}
    c:\users\James Parker\AppData\Local\{25486F33-0503-4607-A7E6-68D582E770FF}
    c:\users\James Parker\AppData\Local\{34B03887-FB47-45D0-A4E7-8A9A60A036F4}
    c:\users\James Parker\AppData\Local\{3B67991C-06E6-4B40-A33E-33851B29DE92}
    c:\users\James Parker\AppData\Local\{4364E738-8B1A-48B9-BA33-B3BED293724C}
    c:\users\James Parker\AppData\Local\{4812FA3A-C11C-4F72-86B9-149EBC384917}
    c:\users\James Parker\AppData\Local\{4ED57F45-FD2D-480D-B357-4EDC87DF5D4A}
    c:\users\James Parker\AppData\Local\{5E7DE247-7935-466E-8C4B-DDD43B59936E}
    c:\users\James Parker\AppData\Local\{5E9F1111-5C70-4DEF-B22F-CEB45FF80E90}
    c:\users\James Parker\AppData\Local\{67FFD6F2-FDCA-46B1-83EB-D0FDB466353C}
    c:\users\James Parker\AppData\Local\{76D4B927-EF5D-401B-8AAD-12643A55D5B7}
    c:\users\James Parker\AppData\Local\{79842EC5-5C9E-401A-8625-6A8FC30D5C91}
    c:\users\James Parker\AppData\Local\{79F865B3-4F62-47B3-B29B-80D5F42D4BB7}
    c:\users\James Parker\AppData\Local\{7CCCCF26-8982-4A49-85D8-C7BED676C69E}
    c:\users\James Parker\AppData\Local\{84E17DEF-6ED3-49E2-9C70-DA0D2A259288}
    c:\users\James Parker\AppData\Local\{889D1EA5-239E-4994-8BD3-6064E81D8A65}
    c:\users\James Parker\AppData\Local\{89CBA94D-0F41-466B-8B2F-CAFCACA8F4B9}
    c:\users\James Parker\AppData\Local\{AA5D5477-D01C-4471-B6AB-4CBBAE503603}
    c:\users\James Parker\AppData\Local\{B13BA51C-D583-4068-BA62-6476E99E9709}
    c:\users\James Parker\AppData\Local\{E9426FBD-3685-41D7-A2D9-167B6865C9AC}
    c:\users\Public\invokesi.exe
    c:\users\QBPOSDBSrvUser\AppData\Local\temp

    ----- BITS: Possible infected sites -----

    hxxp://www.wbdigitalcopy.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
    .

    2010-12-26 20:33 . 2010-12-26 20:34 -------- d-----w- c:\users\James Parker\AppData\Local\{237C5622-EBFA-4E3F-B50B-B950DD8C6DCC}
    2010-12-26 20:31 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BB8E30C-D191-4A3F-AF1D-8EB1E6074FE1}\mpengine.dll
    2010-12-25 21:03 . 2010-12-25 21:03 -------- d-----w- c:\users\James Parker\AppData\Local\{7ECA10DB-AB73-478E-88E0-94AC519E1C35}
    2010-12-25 07:34 . 2010-12-25 07:34 -------- d-----w- c:\program files (x86)\dcmsvc
    2010-12-25 07:34 . 2010-12-25 07:34 -------- d-----w- c:\users\James Parker\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
    2010-12-25 07:34 . 2010-12-25 07:34 -------- d-----w- c:\program files (x86)\Warner Bros. Digital Copy Manager
    2010-12-24 20:44 . 2010-12-24 20:44 -------- d-----w- c:\users\James Parker\AppData\Local\{7DF1130F-9C69-4DD0-B752-64D29D29B39B}
    2010-12-24 07:17 . 2010-12-24 07:17 -------- d-----w- c:\users\James Parker\AppData\Local\{8A6CD67F-1E78-401A-8368-A39FA9F70EB2}
    2010-12-15 19:13 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2010-12-15 19:13 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-12-15 19:13 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-12-15 19:13 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-12-15 19:13 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
    2010-12-15 19:13 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2010-12-15 19:13 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-12-15 19:13 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
    2010-12-15 19:12 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-15 19:12 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-15 19:12 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
    2010-12-12 04:19 . 2010-12-12 04:19 -------- d-----w- c:\program files (x86)\HP Tuners
    2010-12-02 08:08 . 2010-12-02 08:08 -------- d-----w- c:\windows\en
    2010-12-02 08:05 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
    2010-12-02 08:05 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
    2010-12-02 08:05 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
    2010-12-02 08:05 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
    2010-12-02 08:05 . 2010-12-02 08:05 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a67d1bd11cb91f704\MeshBetaRemover.exe
    2010-12-02 07:09 . 2010-12-02 07:09 -------- d-----w- c:\programdata\ATI
    2010-12-01 19:06 . 2010-12-01 19:06 125512 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 01:09 . 2010-04-14 02:02 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-11 07:50 . 2010-10-14 06:05 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-25 18:29 . 2010-11-25 18:29 89256 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
    2010-11-17 12:44 . 2010-07-30 17:48 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
    2010-11-13 01:53 . 2010-04-22 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-10 09:54 . 2010-11-10 09:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-11-10 09:28 . 2010-11-10 09:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-11-10 05:35 . 2010-04-02 08:32 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-11-06 14:58 . 2010-10-14 06:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-06 14:58 . 2010-10-14 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-11-06 14:58 . 2010-10-14 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-11-05 08:29 . 2010-11-05 08:29 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-11-01 23:03 . 2010-11-25 10:01 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2010-11-01 22:59 . 2010-11-25 10:01 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2010-10-29 04:52 . 2010-10-29 04:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-29 04:51 . 2010-10-29 04:51 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-10-29 04:51 . 2010-10-29 04:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2010-10-27 02:13 . 2010-08-26 01:19 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-23_21.03.17 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2010-12-24 01:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2010-12-24 01:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2010-12-23 06:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2010-12-24 01:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2010-12-23 06:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-04-01 07:14 . 2010-12-24 01:21 46742 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2010-12-24 01:21 29628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2010-12-23 06:08 29628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-12-25 07:33 . 2010-12-25 07:33 33280 c:\windows\Installer\67e0a17.msi
    + 2010-12-25 07:33 . 2010-12-25 07:33 32256 c:\windows\Installer\67e0a04.msi
    - 2010-06-04 15:38 . 2010-09-30 09:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-06-04 15:38 . 2010-12-25 10:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-04-01 06:22 . 2010-12-24 01:21 8484 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-841151556-1769861012-3773736603-1001_UserData.bin
    + 2010-04-01 08:22 . 2010-12-24 01:18 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2010-04-01 08:22 . 2010-12-23 06:05 4373 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2010-12-24 01:18 . 2010-12-24 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-12-23 06:06 . 2010-12-23 06:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-12-24 01:18 . 2010-12-24 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-04-01 17:42 . 2010-12-27 05:33 437386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 05:01 . 2010-12-24 01:18 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2010-12-23 06:05 540632 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2010-12-26 21:14 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2010-12-23 19:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2010-06-26 08:28 . 2010-12-24 01:18 37001916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-841151556-1769861012-3773736603-1001-12288.dat
    + 2010-12-25 10:01 . 2010-12-25 10:01 20304384 c:\windows\Installer\704bf67.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1270162693\ee\AOLSoftware.exe" [2010-03-08 41800]
    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
    "OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-05-09 36864]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
    "dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-1-6 267576]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-1 1207312]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-06-27 67656]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-04-23 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-23 79360]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-03-17 21504]
    R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 867824]
    S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/15 20:57];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 09:18 146928]
    S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/15 19:05];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
    S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
    S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-06-08 212864]
    S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-03-06 12288]
    S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-07-20 266720]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ATWPKT2
    *Deregistered* - ATWPKT2
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-25 4119552]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = %SystemRoot%\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-12-26 22:55:03
    ComboFix-quarantined-files.txt 2010-12-27 05:55
    ComboFix2.txt 2010-12-24 01:15
    ComboFix3.txt 2010-12-23 21:05

    Pre-Run: 137,761,980,416 bytes free
    Post-Run: 137,594,179,584 bytes free

    - - End Of File - - 81BE76811E7EAE4AB696C4D856B752F9
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- I am hard pressed to find any malware. The appdata entries were removed- there are 4 more in the log. There is only 1 questionable entry and attempts to identify it have failed for everyone had tried. It is being started from the Registry:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
    "dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

    I suggest you check on Programs, see if find any info and if not, disable or delete it. I don't think it's malware because it would have been identified by now. So unless you have more problem, you can Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    Creating a Restore Point in Windows 7:
    • Click on Start> right click on Computer> Properties
    • Select System Protection
    • Click on the Create button (near bottom)
    • Type a name for the Restore Point
    • Click on Create again to save the restore point.

    Deleting all but the most recent System Protection point in Windows
    • Click Start, type Cleanmgr.exe and press ENTER
    • Select the drive-letter from the list and click OK
    • Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
    • Select the drive-letter from the list and click OK
    • Click the More Options tab
      [​IMG]
    • Click the Clean up… button under System Restore and Shadow Copies.
    • Click OK.

    Empty the Recycle Bin

    Let me know if you have any more questions.
     
  10. BfB

    BfB TS Rookie Topic Starter

    dcmsvc.exe is part of Warner Brothers Digital Copy Manager, which is used for downloading digital copies of movies purchased.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- good. Has the problem been resolved?
     
  12. BfB

    BfB TS Rookie Topic Starter

    Resolved, and I truly appreciate all your help!
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. Glad to help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...