TechSpot

Search redirect malware hit PC, need help

By jbmeyer
Oct 31, 2011
  1. My PC has been afflicted with some form of search redirect malware that redirects google and other search results to load erroneous pages after clicking on a result, this occurs under IE and Crhome. I am also experienced fairly routine blue screen events on the PC now, every few hours or so of activity. Realizing that this problem will not simply go away, I found this forum to see if I could find some assistance. I have followed the 5-step malware removal instructions up thru step 3, and have posted my results below. For whatever reason, I cannot download the DDS script as suggested in step 4, the bleepingcomputer.com site just does not seem to have it available, or I am being blocked from getting it somehow -- are others having such problems???

    My results up thru step 3 are shown below, any and all help in this matter is much much appreciated:

    Step 1 - Utilizing Microsoft Security Essentials (definitions fully updated) - found no problems.

    Step 2 - ran Malwarebytes Ant-Malware, results below:


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8021

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/25/2011 6:41:55 PM
    mbam-log-2011-10-25 (18-41-55).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 450762
    Time elapsed: 1 hour(s), 29 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Step 3 - ran GMER, results below:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-31 11:43:01
    Windows 6.1.7601 Service Pack 1
    Running: 5glfh97s.exe; Driver: C:\Users\John\AppData\Local\Temp\pxloypod.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2370536414-983749384-3936569394-1001@RefCount 4

    ---- EOF - GMER 1.0.15 ----
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! The redirect and the BSOD may or may not be related. But let's see if we can get DDS running:

    Please download this file: xp_scr_fix

    Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

    You should then be able to run DDS.scr. It's the .scr file extension causing the problem.

    Please leave the 2 DDS log if scan proceeds. If it does not, let me know specifically what happens.
    ==============================================
    You can also run Combofix. That isn't an either/or with DDS> both of possible:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Solved DDS problem, posted log, still need help

    Used IE instead of Chrome to download DDS script, still don't understand why this happens, but that's a small issue compared to larger problems here.

    See DDS.log below:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by John at 13:50:41 on 2011-10-31
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1031 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Bandoo\Bandoo.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\vsnpstd3.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Windows\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry
    uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
    uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
    uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [snpstd3] c:\windows\vsnpstd3.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DATAMNGR] c:\progra~1\wi3c8a~1\datamngr\DATAMN~1.EXE
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTkzNjMyMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA"&"prod=90"&"ver=10.0.1391
    StartupFolder: c:\users\john\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC} : NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    TCP: Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC} : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKslab02c74c;MpKslab02c74c;c:\programdata\microsoft\microsoft antimalware\definition updates\{ad553876-bd1e-41ac-8560-cfdefb5d5db5}\MpKslab02c74c.sys [2011-10-31 28752]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2011-2-21 153600]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2011-2-21 121856]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
    R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-27 39272]
    R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-23 1153368]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    R3 pxloypod;pxloypod;c:\users\john\appdata\local\temp\pxloypod.sys [2011-10-31 100864]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-20 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-20 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-30 1343400]
    S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-8-24 1104656]
    .
    =============== Created Last 30 ================
    .
    2011-10-31 16:52:41 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad553876-bd1e-41ac-8560-cfdefb5d5db5}\MpKslab02c74c.sys
    2011-10-31 16:52:40 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad553876-bd1e-41ac-8560-cfdefb5d5db5}\offreg.dll
    2011-10-31 16:52:37 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ad553876-bd1e-41ac-8560-cfdefb5d5db5}\mpengine.dll
    2011-10-31 16:02:33 -------- d-----w- c:\users\john\appdata\local\{E6FF941F-06D0-4A50-9513-333D263A386C}
    2011-10-31 16:02:18 -------- d-----w- c:\users\john\appdata\local\{5958497D-ADAD-4D25-8D02-A4FC886DF598}
    2011-10-30 15:12:06 -------- d-----w- c:\users\john\appdata\local\{C45AB9A6-0240-4BF4-8254-F1A2A183B485}
    2011-10-30 15:11:54 -------- d-----w- c:\users\john\appdata\local\{755C0C83-ADF5-4792-B7D2-3FEC0C0F6689}
    2011-10-30 02:21:15 -------- d-----w- c:\users\john\appdata\local\{D6C8C450-F1EC-4BB3-B068-DA85DB9A26D3}
    2011-10-30 02:21:04 -------- d-----w- c:\users\john\appdata\local\{07FF8BE1-A8FE-4F4D-94E9-0F288C7C9E21}
    2011-10-29 12:58:11 -------- d-----w- c:\users\john\appdata\local\{57E21ACE-9E96-4E51-BFF3-F959F76C665D}
    2011-10-29 12:58:00 -------- d-----w- c:\users\john\appdata\local\{8F33B3F3-1E51-47F6-9F9D-71621120354A}
    2011-10-29 00:57:22 -------- d-----w- c:\users\john\appdata\local\{6CC01C18-2E1F-4933-9861-57E6B3726B48}
    2011-10-29 00:57:11 -------- d-----w- c:\users\john\appdata\local\{3D680668-D658-4FE4-8200-0BDE762B3A51}
    2011-10-28 12:56:35 -------- d-----w- c:\users\john\appdata\local\{103BD07D-31D4-4E43-9BEF-A49367B3B927}
    2011-10-28 12:56:24 -------- d-----w- c:\users\john\appdata\local\{61F2241C-0343-47E3-85AB-650287A91D25}
    2011-10-28 00:11:29 -------- d-----w- c:\users\john\appdata\local\{C38FC954-78B5-4C57-A131-441CD9CA31D8}
    2011-10-28 00:11:18 -------- d-----w- c:\users\john\appdata\local\{06A6D127-FA0B-4C62-893C-E510026DDE3A}
    2011-10-27 12:10:42 -------- d-----w- c:\users\john\appdata\local\{C86794CF-1FC3-4561-9570-96C1A1671C0F}
    2011-10-27 12:10:31 -------- d-----w- c:\users\john\appdata\local\{78A531AB-2C75-416B-B8F2-84C63ABF7C3D}
    2011-10-27 00:09:54 -------- d-----w- c:\users\john\appdata\local\{3B78D9E0-49BD-45DA-A1B8-0F1C5119541C}
    2011-10-27 00:09:43 -------- d-----w- c:\users\john\appdata\local\{AA3DB2EC-9475-4ABD-B33A-21E50C28098D}
    2011-10-26 12:09:08 -------- d-----w- c:\users\john\appdata\local\{2542908E-D4D7-4338-94C0-F46EBAF73356}
    2011-10-26 12:08:57 -------- d-----w- c:\users\john\appdata\local\{8627EA74-9A73-42DB-AAEC-7BED9C9D2000}
    2011-10-26 12:08:46 -------- d-----w- c:\users\john\appdata\local\{FFBE2B2D-1700-4D47-967D-1F2F70ACB502}
    2011-10-26 12:08:35 -------- d-----w- c:\users\john\appdata\local\{AF8B243C-F9D4-46CA-8451-8998AFE4C0C8}
    2011-10-26 00:08:10 -------- d-----w- c:\users\john\appdata\local\{20B27EC2-5BC4-4666-B674-9927ADDC6AEB}
    2011-10-26 00:07:58 -------- d-----w- c:\users\john\appdata\local\{FCA695B5-F96B-478D-9A70-9988B488C324}
    2011-10-25 21:42:40 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes
    2011-10-25 21:42:25 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-25 21:42:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-25 21:42:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-25 12:07:30 -------- d-----w- c:\users\john\appdata\local\{BA546490-C10A-4409-A69C-EA6C7C3D900D}
    2011-10-25 12:07:17 -------- d-----w- c:\users\john\appdata\local\{BBDC40BE-020B-4815-8A6E-53C8F7C9B28F}
    2011-10-25 12:06:59 -------- d-----w- c:\users\john\appdata\local\{70B645DC-775C-4B06-9C3B-D7335BCB44FD}
    2011-10-25 12:06:45 -------- d-----w- c:\users\john\appdata\local\{44E59FCD-0732-4D4C-B492-C5ACE393BEB2}
    2011-10-24 14:02:31 -------- d-----w- c:\users\john\appdata\local\{6EDE0F1F-F493-422D-9FEF-98EC9E41FB5A}
    2011-10-24 14:02:20 -------- d-----w- c:\users\john\appdata\local\{0D0E38E2-9688-4E90-9325-195E357111F3}
    2011-10-23 23:42:53 -------- d-----w- c:\users\john\appdata\local\{B352F5C9-6F13-432C-BFFA-76DD02C145CC}
    2011-10-23 23:42:43 -------- d-----w- c:\users\john\appdata\local\{A32D6A7F-0176-46FB-857F-9429B8204F8E}
    2011-10-23 23:42:32 -------- d-----w- c:\users\john\appdata\local\{BA9C61BB-B71A-4A01-8D67-351CE7BBEA60}
    2011-10-23 23:42:21 -------- d-----w- c:\users\john\appdata\local\{10308935-7290-48B5-B1F4-92F202C7C8FF}
    2011-10-23 19:00:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-23 19:00:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-23 18:52:26 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-10-23 17:28:37 -------- d-----w- c:\users\john\appdata\local\temp
    2011-10-23 15:12:37 -------- d-----w- C:\Combo-Fix.exe29559C
    2011-10-23 11:41:55 -------- d-----w- c:\users\john\appdata\local\{AD624341-0269-4C12-AFB5-28E7D311577B}
    2011-10-23 11:41:44 -------- d-----w- c:\users\john\appdata\local\{74C4707D-F0E6-481A-B909-38DDC4B60961}
    2011-10-22 16:16:53 -------- d-----w- c:\users\john\appdata\local\{9C157157-4D7D-4FD4-B207-C7E1081894BB}
    2011-10-22 16:16:19 -------- d-----w- c:\users\john\appdata\local\{B29ACD72-9A68-4DEA-988B-1684CF1897D0}
    2011-10-22 16:15:54 -------- d-----w- c:\users\john\appdata\local\{FF911891-B2D8-4D4E-A9B9-71EBA2C46F88}
    2011-10-22 02:18:15 -------- d-----w- c:\program files\iTunes
    2011-10-22 02:18:15 -------- d-----w- c:\program files\iPod
    2011-10-22 02:15:22 -------- d-----w- c:\program files\Bonjour
    2011-10-22 02:14:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-10-22 02:14:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-10-22 02:14:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-10-22 02:14:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-10-22 02:14:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-10-22 02:14:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-10-22 02:14:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-10-22 01:49:06 -------- d-----w- c:\users\john\appdata\local\{94EB172A-8EE6-4910-84D3-8785C49F0FB9}
    2011-10-22 01:48:53 -------- d-----w- c:\users\john\appdata\local\{EA227192-9E0C-4418-A10C-A6A4E9783FDB}
    2011-10-21 04:57:37 98816 ----a-w- c:\windows\sed.exe
    2011-10-21 04:57:37 518144 ----a-w- c:\windows\SWREG.exe
    2011-10-21 04:57:37 256000 ----a-w- c:\windows\PEV.exe
    2011-10-21 04:57:37 208896 ----a-w- c:\windows\MBR.exe
    2011-10-21 04:19:02 -------- d-----w- c:\users\john\appdata\local\{FF3DEC86-FB1F-4686-BA8C-AADB55197A86}
    2011-10-21 04:18:50 -------- d-----w- c:\users\john\appdata\local\{CE3132B7-1BB1-4B4F-BF48-B3405C78C256}
    2011-10-21 04:18:34 -------- d-----w- c:\users\john\appdata\local\{00BC2FB7-0621-4BC0-9F53-839A853BD34F}
    2011-10-20 15:10:21 -------- d-----w- c:\users\john\appdata\local\{95BEE55A-BA96-4EA9-BA58-525DAB1DF664}
    2011-10-20 15:10:05 -------- d-----w- c:\users\john\appdata\local\{7EE83231-AE47-4AD5-BF24-DAEBF6148A3E}
    2011-10-20 12:00:00 184 ----a-w- c:\programdata\microsoft\microsoft antimalware\localcopy\{DDCA8712-1E21-66EB-F588-330BE1C2C51E}-tmp41f69acf.bat
    2011-10-13 11:32:00 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 11:32:00 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 11:31:58 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 11:31:58 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 11:31:51 2334720 ----a-w- c:\windows\system32\win32k.sys
    2011-10-11 11:46:54 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e509b4f9-c7bb-48ec-bc0b-0ddb365714dd}\gapaengine.dll
    2011-10-09 04:55:56 -------- d-----w- c:\users\john\appdata\local\{F1D3B49B-42D5-4DC1-A612-6989114C39CC}
    2011-10-09 04:55:46 -------- d-----w- c:\users\john\appdata\local\{21BEA239-7C88-4040-8C3D-88E9919B4EAA}
    2011-10-08 15:52:14 -------- d-----w- c:\users\john\appdata\local\{94BA274A-5ED3-4D4D-82FE-A89E7E3CBA20}
    2011-10-08 15:52:03 -------- d-----w- c:\users\john\appdata\local\{E3F36717-0EB3-4FAD-A2E3-467C210E11F0}
    2011-10-08 03:51:25 -------- d-----w- c:\users\john\appdata\local\{BB3764E3-032C-4DF1-B8DE-B174146F9D6F}
    2011-10-08 03:51:11 -------- d-----w- c:\users\john\appdata\local\{CCBDC31F-A86F-4E56-8D85-3D767DE4B808}
    2011-10-08 03:50:57 -------- d-----w- c:\users\john\appdata\local\{A0219028-3D3C-4D43-B64F-03D043EF1AC9}
    2011-10-06 21:19:16 -------- d-----w- c:\users\john\appdata\local\{FE1A3194-C9B8-4127-B8A5-808DC7839558}
    2011-10-06 09:18:47 -------- d-----w- c:\users\john\appdata\local\{872A40D8-9EF8-4BB8-B5F8-8BDC879386A1}
    2011-10-05 21:18:19 -------- d-----w- c:\users\john\appdata\local\{F3AD100F-2D19-4266-93BF-04CAE530EAE8}
    2011-10-05 09:17:50 -------- d-----w- c:\users\john\appdata\local\{405364C1-8145-491E-BBE3-6133B3DA987F}
    2011-10-04 21:17:20 -------- d-----w- c:\users\john\appdata\local\{59526DE9-3ECA-4FE8-AF49-084A1A32E468}
    2011-10-04 09:16:49 -------- d-----w- c:\users\john\appdata\local\{3FDBA441-EAAD-4F7D-B561-4143ED9B7746}
    2011-10-03 21:16:21 -------- d-----w- c:\users\john\appdata\local\{CD8DA331-FF77-4DED-8C95-41BD88959835}
    2011-10-03 09:15:51 -------- d-----w- c:\users\john\appdata\local\{ADCF4020-5A82-46F6-9EDF-5772AE841CDE}
    2011-10-02 21:15:19 -------- d-----w- c:\users\john\appdata\local\{B38C5243-E798-4DCC-B007-018B8D77BCB8}
    2011-10-02 09:14:46 -------- d-----w- c:\users\john\appdata\local\{F8896B95-DFF1-4E6B-B657-EEBF0761A3FE}
    2011-10-01 21:10:28 -------- d-----w- c:\users\john\appdata\local\{237AB358-2678-482F-8702-86EC2EB550E5}
    2011-10-01 21:10:16 -------- d-----w- c:\users\john\appdata\local\{4D806884-0562-47F2-9CC5-3FBB86C6D707}
    .
    ==================== Find3M ====================
    .
    2011-10-24 02:33:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-14 16:47:40 53760 ----a-w- c:\windows\system32\OVDecode.dll
    2011-09-14 16:46:58 13625856 ----a-w- c:\windows\system32\amdocl.dll
    2011-09-14 16:38:28 37376 ----a-w- c:\windows\system32\amdoclcl.dll
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    ============= FINISH: 13:57:36.34 ===============
     
  4. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    and here is Attach.txt

    See Attach.txt below:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/9/2010 4:44:51 PM
    System Uptime: 10/31/2011 10:42:18 AM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M2N68-AM SE2
    Processor: AMD Athlon(tm) II X2 250 Processor | AM2 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 4.445 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 373 GiB total, 110.085 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8590d562
    Device ID: ROOT\LEGACY_MPKSL8590D562\0000
    Manufacturer:
    Name: MpKsl8590d562
    PNP Device ID: ROOT\LEGACY_MPKSL8590D562\0000
    Service: MpKsl8590d562
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl912937b0
    Device ID: ROOT\LEGACY_MPKSL912937B0\0000
    Manufacturer:
    Name: MpKsl912937b0
    PNP Device ID: ROOT\LEGACY_MPKSL912937B0\0000
    Service: MpKsl912937b0
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_83A41043&REV_A2\3&267A616A&0&38
    Manufacturer: NVIDIA
    Name: NVIDIA nForce 10/100 Mbps Ethernet
    PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_83A41043&REV_A2\3&267A616A&0&38
    Service: NVNET
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl0f087856
    Device ID: ROOT\LEGACY_MPKSL0F087856\0000
    Manufacturer:
    Name: MpKsl0f087856
    PNP Device ID: ROOT\LEGACY_MPKSL0F087856\0000
    Service: MpKsl0f087856
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl49eafb6b
    Device ID: ROOT\LEGACY_MPKSL49EAFB6B\0000
    Manufacturer:
    Name: MpKsl49eafb6b
    PNP Device ID: ROOT\LEGACY_MPKSL49EAFB6B\0000
    Service: MpKsl49eafb6b
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: AODDriver4.01
    Device ID: ROOT\LEGACY_AODDRIVER4.01\0000
    Manufacturer:
    Name: AODDriver4.01
    PNP Device ID: ROOT\LEGACY_AODDRIVER4.01\0000
    Service: AODDriver4.01
    .
    ==== System Restore Points ===================
    .
    RP305: 10/31/2011 12:21:52 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Amazon MP3 Downloader 1.0.10
    AMD Catalyst Install Manager
    Any Video Converter 3.2.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Profiles
    Audacity 1.2.6
    AVG PC Tuneup 2011
    Bandoo
    Batman: Arkham Asylum
    Bing Bar
    BioShock
    Bonjour
    Catalyst Control Center InstallProxy
    CDex - Open Source Digital Audio CD Extractor
    Conduit Engine
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dual-Core Optimizer
    Epson Event Manager
    EPSON NX620 Series Printer Uninstall
    EPSON Scan
    ExtractNow
    EZNEC Demo v. 5.0
    Facebook Plug-In
    FlipShare
    GameSpy Arcade
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    iLivid
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Logitech Gaming Software 5.02
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft IntelliType Pro 8.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office SharePoint Designer MUI (English) 2007
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visio 2010 Service Pack 1 (SP1)
    Microsoft Visio Professional 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WorldWide Telescope
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NVIDIA Drivers
    NVIDIA PhysX
    OGA Notifier 2.0.0048.0
    PageRage Toolbar
    PC Camera
    Photo Resizer
    PVSonyDll
    QuickPar 0.9
    QuickTime
    REA's TESTware for the AP World History
    Red Faction: Guerrilla
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2584066)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Visio 2010 (KB2553008)
    Skype Toolbars
    Skype™ 5.3
    Spybot - Search & Destroy
    Steam
    Team Fortress 2
    TileGem
    TiVo Desktop 2.8.2
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Windows iLivid Toolbar
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/31/2011 12:15:43 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    10/31/2011 10:42:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x00000000, 0x855d0030, 0x000007d1, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103111-23899-01.
    10/31/2011 10:42:44 AM, Error: Service Control Manager [7000] - The AODDriver4.01 service failed to start due to the following error: The system cannot find the path specified.
    10/30/2011 8:01:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x00000000, 0x856b3440, 0x000007d1, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103011-19780-01.
    10/30/2011 1:51:02 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
    10/30/2011 1:44:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RemoteAccess service.
    10/27/2011 6:32:37 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-1 is not functioning.
    10/27/2011 6:32:37 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-0 is not functioning.
    10/27/2011 6:32:37 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-1 is not functioning.
    10/27/2011 6:32:37 AM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-0 is not functioning.
    10/25/2011 7:05:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x00000000, 0x85d50030, 0x000007d1, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102511-16832-01.
    10/25/2011 10:44:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
    10/24/2011 2:09:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x00000000, 0x88459c30, 0x000007d1, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102411-36847-01.
    .
    ==== End Of File ===========================
     
  5. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Combofix log

    ComboFix 11-10-30.04 - John 10/31/2011 16:58:38.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1062 [GMT -5:00]
    Running from: c:\users\John\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Rina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    c:\users\Rina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
    c:\users\Rina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
    .
    ---- Previous Run -------
    .
    C:\Combo-Fix.exe
    c:\combo-fix.exe\CF18500.3XE
    c:\combo-fix.exe\en-US\CF18500.3XE.mui
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-31 22:42 . 2011-10-31 22:45 -------- d-----w- c:\users\John\AppData\Local\temp
    2011-10-31 22:42 . 2011-10-31 22:42 -------- d-----w- c:\users\Rina\AppData\Local\temp
    2011-10-31 22:42 . 2011-10-31 22:42 -------- d-----w- c:\users\Jack\AppData\Local\temp
    2011-10-31 22:42 . 2011-10-31 22:42 -------- d-----w- c:\users\Elisa\AppData\Local\temp
    2011-10-31 22:42 . 2011-10-31 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-31 22:42 . 2011-10-31 22:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-10-31 19:07 . 2011-10-31 19:07 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B54A1D9-7ED4-431B-BE6C-040306A877B5}\MpKslea8eee3c.sys
    2011-10-31 19:07 . 2011-10-31 19:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B54A1D9-7ED4-431B-BE6C-040306A877B5}\offreg.dll
    2011-10-31 19:07 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B54A1D9-7ED4-431B-BE6C-040306A877B5}\mpengine.dll
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-25 21:42 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-23 19:00 . 2011-10-23 20:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-23 19:00 . 2011-10-23 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-22 02:18 . 2011-10-22 02:18 -------- d-----w- c:\program files\iTunes
    2011-10-22 02:18 . 2011-10-22 02:18 -------- d-----w- c:\program files\iPod
    2011-10-22 02:15 . 2011-10-22 02:15 -------- d-----w- c:\program files\Bonjour
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-20 12:00 . 2011-10-20 12:00 184 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DDCA8712-1E21-66EB-F588-330BE1C2C51E}-tmp41f69acf.bat
    2011-10-20 11:56 . 2011-10-20 12:16 -------- d--h--w- c:\users\Rina\AppData\Roaming\Hage
    2011-10-20 11:56 . 2011-10-20 19:54 -------- d--h--w- c:\users\Rina\AppData\Roaming\Ozrai
    2011-10-17 02:28 . 2011-10-17 03:28 -------- d-----w- c:\users\Jack\AppData\Roaming\Skype
    2011-10-13 11:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 11:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 11:31 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 11:31 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 11:31 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
    2011-10-11 11:46 . 2011-10-11 11:46 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E509B4F9-C7BB-48EC-BC0B-0DDB365714DD}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-24 02:33 . 2011-05-17 01:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 03:48 . 2011-08-06 12:19 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-03 10:06 . 2011-05-08 01:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-14 16:47 . 2011-09-14 16:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
    2011-09-14 16:46 . 2011-09-14 16:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
    2011-09-14 16:38 . 2011-09-14 16:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-05 23:33 . 2010-11-28 04:57 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-08-05 03:10 . 2011-08-11 08:38 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-21_05.54.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-10 02:48 . 2011-10-24 02:31 36162 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2011-10-31 15:44 41022 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 04:50 . 2011-10-06 03:22 86016 c:\windows\System32\DriverStore\infpub.dat
    + 2009-07-14 04:50 . 2011-10-24 02:24 86016 c:\windows\System32\DriverStore\infpub.dat
    + 2011-05-10 13:06 . 2011-05-10 13:06 42496 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_x86_neutral_f4beb178c072c664\usbaapl.sys
    + 2011-05-10 13:06 . 2011-05-10 13:06 18432 c:\windows\System32\DriverStore\FileRepository\netaapl.inf_x86_neutral_9a884b80d653b7cf\netaapl.sys
    + 2010-01-10 00:28 . 2011-10-31 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-01-10 00:28 . 2011-10-21 04:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:28 . 2011-10-31 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-01-10 00:28 . 2011-10-21 04:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2011-10-21 04:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2011-10-31 15:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-05-25 02:26 . 2011-07-28 20:54 13312 c:\windows\System32\atiglpxx.dll
    + 2011-07-28 20:54 . 2011-07-28 20:54 13312 c:\windows\System32\atiglpxx.dll
    + 2011-07-28 20:54 . 2011-07-28 20:54 32768 c:\windows\System32\atigktxx.dll
    - 2011-05-25 02:25 . 2011-07-28 20:54 32768 c:\windows\System32\atigktxx.dll
    - 2009-07-14 04:34 . 2011-10-20 12:28 88720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:34 . 2011-10-27 16:55 88720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2010-01-10 00:15 . 2011-10-13 15:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:15 . 2011-10-25 00:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-10-22 01:48 . 2011-10-22 01:48 25088 c:\windows\Installer\305fd87.msi
    + 2011-10-24 01:58 . 2011-10-24 01:58 88102 c:\windows\Installer\{F940D29F-DDAB-390B-1307-B132C693DD39}\ARPPRODUCTICON.exe
    + 2011-10-24 01:58 . 2011-10-24 02:22 88102 c:\windows\Installer\{9CE4B7FA-8626-316B-B483-FCEF49E27430}\NewShortcut5_4DEA5338A7B840A3B51CDC742625BF49.exe
    + 2011-10-24 01:58 . 2011-10-24 02:22 88102 c:\windows\Installer\{9CE4B7FA-8626-316B-B483-FCEF49E27430}\NewShortcut4_4DEA5338A7B840A3B51CDC742625BF49.exe
    + 2011-10-24 01:58 . 2011-10-24 02:22 88102 c:\windows\Installer\{9CE4B7FA-8626-316B-B483-FCEF49E27430}\NewShortcut3_4DEA5338A7B840A3B51CDC742625BF49.exe
    + 2011-10-24 01:58 . 2011-10-24 02:22 88102 c:\windows\Installer\{9CE4B7FA-8626-316B-B483-FCEF49E27430}\NewShortcut2_4DEA5338A7B840A3B51CDC742625BF49.exe
    + 2011-10-24 01:58 . 2011-10-24 02:22 88102 c:\windows\Installer\{9CE4B7FA-8626-316B-B483-FCEF49E27430}\ARPPRODUCTICON.exe
    + 2010-02-07 20:49 . 2011-10-24 19:20 4464 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1004_UserData.bin
    + 2010-01-10 02:48 . 2011-10-30 18:54 7788 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1001_UserData.bin
    - 2011-10-21 04:51 . 2011-10-21 04:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-10-30 18:52 . 2011-10-31 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-10-30 18:52 . 2011-10-31 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-21 04:51 . 2011-10-21 04:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-01-10 11:04 . 2011-10-31 14:19 289224 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 02:05 . 2011-10-30 15:17 626354 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2011-10-18 21:14 626354 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2011-10-18 21:14 107816 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:05 . 2011-10-30 15:17 107816 c:\windows\System32\perfc009.dat
    + 2011-10-24 02:33 . 2011-10-24 02:33 247968 c:\windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    + 2011-10-24 02:33 . 2011-10-24 02:33 335520 c:\windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.dll
    - 2011-08-29 22:59 . 2011-07-19 10:05 157472 c:\windows\System32\javaws.exe
    + 2011-10-30 15:53 . 2011-10-03 10:06 157472 c:\windows\System32\javaws.exe
    - 2011-08-29 22:59 . 2011-05-08 01:16 145184 c:\windows\System32\javaw.exe
    + 2011-10-30 15:53 . 2011-10-03 10:06 145184 c:\windows\System32\javaw.exe
    - 2011-08-29 22:59 . 2011-07-19 10:05 145184 c:\windows\System32\java.exe
    + 2011-10-30 15:53 . 2011-10-03 10:06 145184 c:\windows\System32\java.exe
    - 2009-07-14 04:50 . 2011-10-06 03:22 143360 c:\windows\System32\DriverStore\infstrng.dat
    + 2009-07-14 04:50 . 2011-10-24 02:24 143360 c:\windows\System32\DriverStore\infstrng.dat
    + 2009-07-14 04:50 . 2011-10-24 02:24 143360 c:\windows\System32\DriverStore\infstor.dat
    - 2009-07-14 04:50 . 2011-10-06 03:15 143360 c:\windows\System32\DriverStore\infstor.dat
    + 2011-03-30 18:46 . 2011-03-30 18:46 100880 c:\windows\System32\drivers\AtihdW73.sys
    - 2010-09-29 01:49 . 2011-07-28 21:33 356352 c:\windows\System32\atipdlxx.dll
    + 2011-07-28 21:33 . 2011-07-28 21:33 356352 c:\windows\System32\atipdlxx.dll
    - 2009-07-14 04:47 . 2011-10-21 04:50 391728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:47 . 2011-10-30 18:51 391728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-20 19:53 . 2011-10-24 02:28 513996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-12288.dat
    + 2011-09-23 16:16 . 2011-09-23 16:16 628736 c:\windows\Installer\1e8ab1.msi
    + 2011-10-22 02:18 . 2011-10-22 02:18 380928 c:\windows\Installer\{29ED20C9-5E15-4969-9279-25BF3727A3DA}\iTunesIco.exe
    + 2011-09-14 09:54 . 2011-09-14 09:54 227176 c:\windows\Installer\$PatchCache$\Managed\05A9B00A0903FFC4C9AD28ADB0DEAA12\4.0.0\OutlookChangeNotifierAddIn.dll
    + 2011-05-10 13:06 . 2011-05-10 13:06 4517664 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_x86_neutral_f4beb178c072c664\usbaaplrc.dll
    + 2010-04-20 01:29 . 2010-04-20 01:29 1461992 c:\windows\System32\DriverStore\FileRepository\netaapl.inf_x86_neutral_9a884b80d653b7cf\wdfcoinstaller01009.dll
    - 2011-10-06 22:38 . 2011-10-21 04:50 1569376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-10-06 22:38 . 2011-10-24 02:28 1569376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-12-14 13:41 . 2011-10-23 14:42 2840944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1006-8192.dat
    - 2011-02-07 23:08 . 2011-10-14 08:30 2993392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1004-8192.dat
    + 2011-02-07 23:08 . 2011-10-24 02:28 2993392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1004-8192.dat
    + 2010-12-05 17:26 . 2011-10-25 19:18 3448580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-8192.dat
    + 2011-09-23 16:14 . 2011-09-23 16:14 5621760 c:\windows\Installer\a3e34.msi
    + 2011-10-22 02:14 . 2011-10-22 02:14 9538048 c:\windows\Installer\319eb15.msi
    + 2011-10-22 02:14 . 2011-10-22 02:14 2358784 c:\windows\Installer\319eaba.msi
    + 2010-01-10 00:08 . 2011-10-05 15:09 48324552 c:\windows\System32\MRT.exe
    - 2010-01-10 00:08 . 2011-10-14 08:06 48324552 c:\windows\System32\MRT.exe
    + 2011-07-28 21:44 . 2011-07-28 21:44 18388480 c:\windows\System32\atioglxx.dll
    - 2011-05-25 03:31 . 2011-07-28 21:44 18388480 c:\windows\System32\atioglxx.dll
    + 2011-10-22 02:15 . 2011-10-22 02:15 44664320 c:\windows\Installer\319f54a.msi
    + 2011-10-22 02:12 . 2011-10-22 02:12 26755072 c:\windows\Installer\319ea97.msi
    + 2011-10-22 02:10 . 2011-10-22 02:10 20311040 c:\windows\Installer\319e79f.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\prxtbPage.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\PageRage\prxtbPage.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-05-16 19:51 194912 ------w- c:\program files\Yontoo Layers\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\prxtbPage.dll" [2011-03-28 176936]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    "TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
    "TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
    "TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
    "TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTkzNjMyMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA&prod=90&ver=10.0.1391" [?]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl0f087856;MpKsl0f087856;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0209AC4E-D9C4-4289-BBC5-3CF5A16CA916}\MpKsl0f087856.sys [x]
    R1 MpKsl49eafb6b;MpKsl49eafb6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C08BE0-1CDF-4B13-8F5D-0CBFC2D5122F}\MpKsl49eafb6b.sys [x]
    R1 MpKsl8590d562;MpKsl8590d562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D748FEB-2C0D-465B-BDDA-2F108C3D294F}\MpKsl8590d562.sys [x]
    R1 MpKsl912937b0;MpKsl912937b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1D324BE-2AAC-4ACB-966F-4B91FBAE9330}\MpKsl912937b0.sys [x]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
    R4 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
    S1 MpKslea8eee3c;MpKslea8eee3c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B54A1D9-7ED4-431B-BE6C-040306A877B5}\MpKslea8eee3c.sys [2011-10-31 28752]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
    S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    S3 pxloypod;pxloypod;c:\users\John\AppData\Local\Temp\pxloypod.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLAB02C74C
    *NewlyCreated* - MPKSLEA8EEE3C
    *NewlyCreated* - PXLOYPOD
    *Deregistered* - MpKslab02c74c
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2370536414-983749384-3936569394-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:1e,2a,f6,56,c4,d2,2f,17,e5,09,82,30,67,3b,56,d5,9f,51,61,4b,86,67,17,
    39,71,6e,1b,41,5d,02,5a,50,72,f9,a9,7d,6a,42,2e,a0,39,75,d8,06,f7,8d,9c,19,\
    "??"=hex:cc,7c,b8,4e,21,96,58,df,52,95,ed,b3,65,f0,5c,24
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-10-31 18:06:06
    ComboFix-quarantined-files.txt 2011-10-31 23:05
    ComboFix2.txt 2011-10-21 06:15
    .
    Pre-Run: 4,659,372,032 bytes free
    Post-Run: 5,283,889,152 bytes free
    .
    - - End Of File - - C9FA1DC35979612558EC9E59D617AC8A
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry, got behind.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\users\John\AppData\Local\Temp\pxloypod.sys
    Folder::
    c:\users\John\AppData\Local\temp
    c:\users\Rina\AppData\Local\temp
    c:\users\Jack\AppData\Local\temp
    c:\users\Elisa\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Administrator\AppData\Local\temp
    c:\users\Rina\AppData\Roaming\Hage
    c:\users\Rina\AppData\Roaming\Ozrai
    DDS::
    uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
    TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - c:\program files\pagerage\prxtbPage.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
    mRun: [DATAMNGR] c:\progra~1\wi3c8a~1\datamngr\DATAMN~1.EXE
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{9565115d-c7d6-46d3-bd63-b67b481a4368}"=-
    [HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9565115d-c7d6-46d3-bd63-b67b481a4368}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    [HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    Driver::
    pxloypod
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Then please go ahead and run this online virus scan:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    Leave both logs in next reply please.
     
  7. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    ran combofix with script

    Here's the log:

    ComboFix 11-11-05.02 - John 11/05/2011 16:38:33.5.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1295 [GMT -5:00]
    Running from: C:\Users\John\Desktop\ComboFix.exe
    Command switches used :: C:\Users\John\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\users\John\AppData\Local\Temp\pxloypod.sys"


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    c:\users\Administrator\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Elisa\AppData\Local\temp
    c:\users\Jack\AppData\Local\temp
    c:\users\John\AppData\Local\temp
    c:\users\John\AppData\Local\temp\~DF05BA499096FD3D13.TMP
    c:\users\John\AppData\Local\temp\~DF712EE64B0C965938.TMP
    c:\users\John\AppData\Local\temp\~DF7EFC63C7A410524D.TMP
    c:\users\John\AppData\Local\temp\~DFAF1481E7E7903D4A.TMP
    c:\users\John\AppData\Local\temp\~DFCF1EF117C6BF7EDE.TMP
    c:\users\John\AppData\Local\temp\~DFF1DA2D01458724AC.TMP
    c:\users\John\AppData\Local\temp\catchme.dll
    c:\users\John\AppData\Local\temp\fla28FD.tmp
    c:\users\John\AppData\Local\temp\FXSAPIDebugLogFile.txt
    c:\users\Rina\AppData\Local\temp
    c:\users\Rina\AppData\Local\temp\AdobeARM.log
    c:\users\Rina\AppData\Local\temp\FXSAPIDebugLogFile.txt
    c:\users\Rina\AppData\Local\temp\jusched.log
    c:\users\Rina\AppData\Local\temp\TWAIN.LOG
    c:\users\Rina\AppData\Local\temp\Twain001.Mtx
    c:\users\Rina\AppData\Local\temp\Twunk001.MTX
    c:\users\Rina\AppData\Local\temp\Twunk002.MTX


    ((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))


    2011-11-05 19:50:35 . 2011-11-05 19:50:35 -------- d-----w- C:\Program Files\ESET
    2011-11-05 19:47:11 . 2011-11-05 21:17:26 56200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79873F72-825F-4B4C-B4C3-FF8FCE6EC9A8}\offreg.dll
    2011-11-04 22:44:30 . 2011-10-07 03:48:07 6668624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{79873F72-825F-4B4C-B4C3-FF8FCE6EC9A8}\mpengine.dll
    2011-11-03 00:47:31 . 2011-11-03 00:47:31 -------- d-----w- C:\Program Files\ADLSoft UnCompressor
    2011-11-03 00:47:15 . 2011-11-03 00:47:26 -------- d-----w- C:\Program Files\Incredibar.com
    2011-11-03 00:39:13 . 2011-11-03 00:39:13 -------- d-----w- C:\Program Files\Yontoo Layers Runtime
    2011-11-03 00:38:33 . 2011-11-03 00:39:10 -------- d-----w- C:\Users\Jack\PDFReader
    2011-10-25 21:42:40 . 2011-10-25 21:42:40 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes
    2011-10-25 21:42:25 . 2011-10-25 21:42:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-25 21:42:20 . 2011-10-25 21:42:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2011-10-25 21:42:20 . 2011-08-31 22:00:50 22216 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2011-10-23 19:00:46 . 2011-10-23 20:20:14 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-10-23 19:00:46 . 2011-10-23 19:17:19 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
    2011-10-22 02:18:15 . 2011-10-22 02:18:57 -------- d-----w- C:\Program Files\iTunes
    2011-10-22 02:18:15 . 2011-10-22 02:18:15 -------- d-----w- C:\Program Files\iPod
    2011-10-22 02:15:22 . 2011-10-22 02:15:24 -------- d-----w- C:\Program Files\Bonjour
    2011-10-22 02:14:19 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-22 02:14:18 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-22 02:14:18 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-22 02:14:18 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-22 02:14:18 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-22 02:14:18 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-22 02:14:18 . 2011-10-22 02:14:18 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-20 12:00:00 . 2011-10-20 12:00:00 184 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DDCA8712-1E21-66EB-F588-330BE1C2C51E}-tmp41f69acf.bat
    2011-10-17 02:28:00 . 2011-10-17 03:28:00 -------- d-----w- C:\Users\Jack\AppData\Roaming\Skype
    2011-10-13 11:32:00 . 2011-08-17 04:24:12 465408 ----a-w- C:\Windows\system32\psisdecd.dll
    2011-10-13 11:32:00 . 2011-08-17 04:19:27 75776 ----a-w- C:\Windows\system32\psisrndr.ax
    2011-10-13 11:31:58 . 2011-08-27 04:26:27 571904 ----a-w- C:\Windows\system32\oleaut32.dll
    2011-10-13 11:31:58 . 2011-08-27 04:26:27 233472 ----a-w- C:\Windows\system32\oleacc.dll
    2011-10-13 11:31:51 . 2011-09-06 02:28:37 2334720 ----a-w- C:\Windows\system32\win32k.sys
    2011-10-11 11:46:54 . 2011-10-11 11:46:38 703824 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E509B4F9-C7BB-48EC-BC0B-0DDB365714DD}\gapaengine.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-10-24 02:33:04 . 2011-05-17 01:48:27 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 03:48:07 . 2011-08-06 12:19:24 6668624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-03 10:06:03 . 2011-05-08 01:17:01 472808 ----a-w- C:\Windows\system32\deployJava1.dll
    2011-09-14 16:47:40 . 2011-09-14 16:47:40 53760 ----a-w- C:\Windows\system32\OVDecode.dll
    2011-09-14 16:46:58 . 2011-09-14 16:46:58 13625856 ----a-w- C:\Windows\system32\amdocl.dll
    2011-09-14 16:38:28 . 2011-09-14 16:38:28 37376 ----a-w- C:\Windows\system32\amdoclcl.dll
    2011-08-31 04:05:04 . 2011-08-31 04:05:04 83816 ----a-w- C:\Windows\system32\dns-sd.exe
    2011-08-31 04:05:04 . 2011-08-31 04:05:04 73064 ----a-w- C:\Windows\system32\dnssd.dll
    2011-08-31 04:05:04 . 2011-08-31 04:05:04 178536 ----a-w- C:\Windows\system32\dnssdX.dll


    ((((((((((((((((((((((((((((( SnapShot_2011-10-31_22.46.09 )))))))))))))))))))))))))))))))))))))))))

    + 2009-07-14 04:55:35 . 2011-11-05 21:19:18 41560 C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-01-10 00:28:40 . 2011-10-31 15:42:44 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:28:40 . 2011-11-05 21:17:30 32768 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:28:40 . 2011-11-05 21:17:30 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41:53 . 2011-10-31 15:42:44 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41:53 . 2011-11-05 21:17:30 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-07 20:49:40 . 2011-11-01 16:20:38 4524 C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1004_UserData.bin
    + 2011-11-05 19:47:10 . 2011-11-05 21:17:26 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-30 18:52:37 . 2011-10-31 15:42:42 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-05 19:47:10 . 2011-11-05 21:17:26 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-30 18:52:37 . 2011-10-31 15:42:42 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-01-10 11:04:22 . 2011-11-05 22:28:57 290632 C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 04:47:10 . 2011-11-05 19:46:17 391728 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:47:10 . 2011-10-30 18:51:12 391728 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-20 19:53:55 . 2011-11-03 00:50:43 572652 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-12288.dat
    + 2010-12-14 13:41:35 . 2011-11-03 00:50:41 2884652 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1006-8192.dat
    + 2010-12-14 13:41:33 . 2011-11-02 22:18:13 2327636 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1005-8192.dat
    + 2011-02-07 23:08:03 . 2011-11-05 19:46:22 4057207 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1004-8192.dat
    + 2010-12-05 17:26:05 . 2011-11-05 19:46:19 3448580 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-8192.dat
    - 2010-12-05 17:26:05 . 2011-10-25 19:18:38 3448580 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-8192.dat

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
    2011-10-02 15:45:44 294096 ----a-w- C:\Program Files\Incredibar.com\Incredibar\1.5.0.2\bh\Incredibar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "C:\Program Files\Incredibar.com\Incredibar\1.5.0.2\IncredibarTlbr.dll" [2011-10-02 15:45:46 260816]

    [HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}]
    [HKEY_CLASSES_ROOT\Incredibar.dskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\Incredibar.dskBnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 21:03:34 4283256]
    "TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2010-08-24 22:02:18 2264336]
    "TivoTransfer"="C:\Program Files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 22:02:20 608528]
    "TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 22:02:14 437520]
    "TranscodingService"="C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 22:02:28 856336]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 21:07:20 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 17:44:34 31072]
    "fssui"="C:\Program Files\Windows Live\Family Safety\fsui.exe" [2011-05-13 20:27:02 884584]
    "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 18:53:10 77824]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 18:37:59 88584]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 22:58:10 37296]
    "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 04:59:06 937920]
    "EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 16:12:12 976320]
    "snpstd3"="C:\Windows\vsnpstd3.exe" [2006-09-19 14:07:28 827392]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 20:03:38 1298320]
    "PAC7302_Monitor"="C:\Windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 16:01:16 319488]
    "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2011-06-15 20:16:48 997920]
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 18:06:06 254696]
    "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 12:22:28 59240]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-07-05 23:36:48 421888]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-10-09 23:06:40 421736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTkzNjMyMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA&prod=90&ver=10.0.1391" [?]

    C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R1 MpKsl0f087856;MpKsl0f087856;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0209AC4E-D9C4-4289-BBC5-3CF5A16CA916}\MpKsl0f087856.sys [x]
    R1 MpKsl49eafb6b;MpKsl49eafb6b;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1C08BE0-1CDF-4B13-8F5D-0CBFC2D5122F}\MpKsl49eafb6b.sys [x]
    R1 MpKsl8590d562;MpKsl8590d562;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D748FEB-2C0D-465B-BDDA-2F108C3D294F}\MpKsl8590d562.sys [x]
    R1 MpKsl912937b0;MpKsl912937b0;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C1D324BE-2AAC-4ACB-966F-4B91FBAE9330}\MpKsl912937b0.sys [x]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
    R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36:53 135664]
    R3 amdiox86;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox86.sys [x]
    R3 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-03-16 03:27:14 183560]
    R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36:53 135664]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 18:18:50 43392]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 20:25:24 65024]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 20:39:26 208944]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 02:37:50 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 10:21:14 15872]
    R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
    R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-30 08:20:29 1343400]
    R4 TivoBeacon2;TiVo Beacon Service;C:\Program Files\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 22:02:08 1104656]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-07-28 21:35:24 176128]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 11:00:00 153600]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 11:00:00 121856]
    S2 FlipShareServer;FlipShare Server;C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 19:22:42 1085440]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 20:31:10 1153368]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2011-07-28 22:22:04 8396800]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2011-07-28 20:53:46 247296]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW73.sys [2011-03-30 18:46:36 100880]


    Contents of the 'Scheduled Tasks' folder

    2011-11-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36:59 . 2010-02-05 01:36:53]

    2011-11-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36:59 . 2010-02-05 01:36:53]


    ------- Supplementary Scan -------

    uStart Page = hxxp://mystart.incredibar.com/mb110?a=6OyixyOf9t&i=26
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4


    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2370536414-983749384-3936569394-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:1e,2a,f6,56,c4,d2,2f,17,e5,09,82,30,67,3b,56,d5,9f,51,61,4b,86,67,17,
    39,71,6e,1b,41,5d,02,5a,50,72,f9,a9,7d,6a,42,2e,a0,39,75,d8,06,f7,8d,9c,19,\
    "??"=hex:cc,7c,b8,4e,21,96,58,df,52,95,ed,b3,65,f0,5c,24

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)

    Completion time: 2011-11-05 17:49:02
    ComboFix-quarantined-files.txt 2011-11-05 22:48:53
    ComboFix2.txt 2011-11-05 17:13:00
    ComboFix3.txt 2011-10-31 23:06:20
    ComboFix4.txt 2011-10-21 06:15:03

    Pre-Run: 3,955,662,848 bytes free
    Post-Run: 4,441,296,896 bytes free

    - - End Of File - - AE1C58B77C591856DE6029274AC6BB05
     
  8. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    tried to run eset scan, machine shuts down

    Tried next step to run eset scan, but after about an hour of scanning (99%), finding 9 infected files, the PC does a full shutdown...not sure why. Have tried several times, same result every time. Is there any way to recover a log from this?

    The infected files indicated Zugo, Yontoo A&B, OpenStream NC, and InstallCore.C infections. Let me know if this help and thanks for your follow-up!
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I can't do anything with this because I don't know where they are located. The virus scan will show entries in the Qoobox, which is the folder Combofix sends quarantined files and System Volume which is where the restore points are kept. If the entries are in either of these only, they are no longer active in the system. Unfortunately the virus scan doesn't read that.

    I removed some of these and Combofix removed others.(Yontoo, System Restore) InstallCore.C comes with all CNet downloads. I'm seeing Zugo bundled with Bing bars. I suspect the Bing/Zugo is pre-checked on some download screens and not downloaded by itself from the MS home site.

    There is a Trojan Downloader OpenStream,found with Java applets, especially if there is an outdated version of Java. The cache needs to be emptied as follows:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ---------------------------
      Did you check and see if there is a log for Eset? Perhaps you can search for an entry> Use Windows Explorer to go to the Directories on the Local Drive (C): Look for any Eset entry. Also check the desktop.
      [*] Push [b]Export of text file[/b] and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
      ----------------------------------------------------------------
      [b]Let's talk about why your system is malware waiting to happen![/b]
      1)User 'John' ran 65 appdata from 10/1- 10/31
      2) 7 QuickTime plugins> Files size of each: 159744, all on 10/22
      3) Running program like [b]Bandoo:[/b]
      Description: [QUOTE]Bandoo boosts your instant messages and the whole communication with friends to a new fun and crazy level with tons of cool Emoticons, Nudges, Winks, Images and more in a huge variety. Go crazy with our INTERACTIVE WINKS - the Winks are now coming to live and you are the one controlling them - Messaging was never more fun. (This is from Bandoo site)[/QUOTE]

      [B]Comments from CNet download site:[/B]
      [QUOTE]1. Most annoying f***'ing app ever and how the heck did this install on my machine. All I know is that I can't even type a "thanks" in a hotmail email without having some annoying f***ing emotion appearing instead.
      2. There are no pros. THIS IS A VIRUS!
      3. DO NOT DOWNLOAD!!!!![/QUOTE]
      Plus you got malware from CNet: [b]InstallCore.C[/b]
      ---------------------------------------------------
      4) This Homepage, which now appears in the log, is not one I would recommend
      uStart Page = hxxp://mystart.incredibar.com/mb110?a=6OyixyOf9t&i=26
      ---------------------------------------------------
      Putting it bluntly, you can't have a 'cutsie' system and a secure system. [b]ALL[/b] of these type sites have to make their money- most do it in ads. Malware writers are learning to drop their code in places where the 'unsafe' will frequeny visit.Spyware, Trojan.Droppers and Backdoor.bots are also frequent visitors.
      =====================================
      I' like to run the following to see if we can sort out who is going where and at least reset the Cookies. On SAS, be sure to check the line for removal of the entries it finds. I will still see them, but they will be handled:
      [IMG]http://www.superantispyware.com/images/SASLogo48x48.gif
      SuperAntiSpyware Home Edition Free Version
      • Please download SuperAntiSpyware from HERE
      • Launch SuperAntiSpyware and click on 'Check for updates'.
      • Wait for the updates to be installed
      • On the main screen click on 'Scan your computer'.
      • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
      • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
      • Make sure everything found has a checkmark next to it,then press 'Next'.
      • Click on 'Finish' when you've done.
      It's possible that the program will ask you to reboot in order to delete some files.

      Obtain the SuperAntiSpyware log as follows:
      • Click on 'Preferences'.
      • Click on the 'Statistics/Logs' tab.
      • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
      It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
      =========================================
      Then run HJT to see if there are remaining bad entries:
      Download HijackThis and save to your desktop.
      • Extract it to a directory on your hard drive called c:\HijackThis.
      • Then navigate to that directory and double-click on the hijackthis.exe file.
      • When started click on the Scan button and then the Save Log button to create a log of your information.
      • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
      • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
      • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

      NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
      ======================================
      There are 3 users on the system: John and Rina each have different malware on their accounts. Elisa must have dropped by as I don't see infected files there
     
  10. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Ran SuperAntiSpyware, see log below, pt 1

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/06/2011 at 06:59 PM

    Application Version : 5.0.1134

    Core Rules Database Version : 7904
    Trace Rules Database Version: 5716

    Scan type : Complete Scan
    Total Scan Time : 00:56:43

    Operating System Information
    Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 352
    Memory threats detected : 0
    Registry items scanned : 39587
    Registry threats detected : 0
    File items scanned : 86347
    File threats detected : 1686

    Adware.Tracking Cookie

    Edit: Excess Tracking Cookies reviewed and deleted by Bobbye.
     
  11. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Edit: Excess Tracking Cookies reviewed and deleted by Bobbye.
     
  12. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Edit: Excess Tracking Cookies reviewed and deleted by Bobbye.
     
  13. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Edit: Excess Tracking Cookies reviewed and deleted by Bobbye.
     
  14. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    log from HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:12:08 PM, on 11/6/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\vsnpstd3.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Windows\PixArt\PAC7302\Monitor.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Users\John\Downloads\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb110?a=6OyixyOf9t&i=26
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\Incredibar\1.5.0.2\bh\Incredibar.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\Incredibar\1.5.0.2\IncredibarTlbr.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTkzNjMyMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA"&"prod=90"&"ver=10.0.1391
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry
    O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
    O4 - HKCU\..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 11855 bytes
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh my goodness! Total tracking Cookies found on accounts of John, Eliza, Jack and Rina are File threats detected : 1686!

    Most of the Tracking Cookies are the usually from internet ads, banners, etc. But if you don't prevent them or ever clean them out, the computer will get so heavy, it will go through the table, the floor and what ever is under it!

    All of you- or better said, each of you needs to reset the Cookies on your accounts as follows:

    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    -------------------------------------------
    This number of Tracking Cookies would seem to indicate that none of you are doing any type of Maintenance> deleting temporary internet files, deleting Cookies,, disc cleanup, error checking, defrag. Set up a schedule, do it regularly.
    ========================================
    If you did not check this line when you ran SAS, run it again and do so.
    [*] Make sure everything found has a checkmark next to it,then press 'Next'.
    I do not need the log.

    Shutting down for night. Will check HJT in AM.
     
  16. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Update

    I have reset cookies for IE and Chrome, (Firefox not used) as you have suggested, and have rerun SAS, all items checked. I have also changed the IE home page (set by malware, not by me). I also deleted the Java temporary files as previously suggested.

    Additionally, I have with some consistency, once a month, maybe more, run Windows Disk Cleanup, but obviously things are not under control.

    Not sure what next steps should be? TIA...
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Small comment If you had used Firefox and put the 2 addons on it, you would not have gotten any of those Tracking Cookies!
    --------------------------------
    Since Eset found Zugo, I have picked up the BingBar entries for removal. There is a Bing/Zugo combination that I'm seeing frequently. I don't know the source, but you do not want Zugo on the system. Also found Yontoo, Bandoo and removed remaining Incredibar entries.
    ====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\Microsoft\BingBar\BBSvc.EXE
    Folder::
    C:\Program Files\Incredibar.com
    C:\Program Files\Yontoo Layers Runtime
    DDS::
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{F9639E4A-801B-4843-AEE3-03D9DA199E77}"=-
    [HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}]
    [HKEY_CLASSES_ROOT\Incredibar.dskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\Incredibar.dskBnd]
    Driver::
    BBSvc
    
    Reboot::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ======================================
    Reopen Hijackthis to 'do system scan only.' Check each of the following, if present

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb110?a=6OyixyOf9t&i=26
    O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\Incredibar\1.5.0.2\bh\Incredibar.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\Incredibar\1.5.0.2\IncredibarTlbr.dll
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTkzNjM yMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSU MrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA"&"prod=90 "&"ver=10.0.1391
    O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
    O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files\Bandoo\Bandoo.exe


    Close all Windows except HijackThis and click on "Fix Checked."
    ===================================
    Click on Start> in Search, type in services.msc> enter> Find each of the following and double click to open> Change Startup type to Disabled> Stop the Service.
    BandooCoordinator
    BingBar Update Service

    Exit Services when through
     
  18. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Ran CF Script, here is log...

    Also ran HiJack this, but had previously removed Bandoo, IncrediBar and BingBar programs, so only had AVGUninstallURL entry to fix, which I did. Neither BandooCoordinator or BingBar Update services displayed in the services.msc window, so nothing to change there.

    ComboFix log follows, let me know next steps, TIA!

    ComboFix 11-11-05.02 - John 11/08/2011 6:48.6.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1361 [GMT -6:00]
    Running from: c:\users\John\Desktop\ComboFix.exe
    Command switches used :: c:\users\John\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\Microsoft\BingBar\BBSvc.EXE"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Microsoft\BingBar\BBSvc.EXE
    c:\program files\Yontoo Layers Runtime
    c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_BBSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-08 13:32 . 2011-11-08 14:08 -------- d-----w- c:\users\John\AppData\Local\temp
    2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- c:\users\Rina\AppData\Local\temp
    2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- c:\users\Jack\AppData\Local\temp
    2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- c:\users\Elisa\AppData\Local\temp
    2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-08 13:32 . 2011-11-08 13:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-11-08 03:01 . 2011-11-08 03:01 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8374E5C-91EB-48AE-8D26-7503B16344E3}\MpKsle1a83760.sys
    2011-11-08 03:01 . 2011-11-08 13:35 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8374E5C-91EB-48AE-8D26-7503B16344E3}\offreg.dll
    2011-11-08 03:01 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8374E5C-91EB-48AE-8D26-7503B16344E3}\mpengine.dll
    2011-11-06 23:25 . 2011-11-06 23:25 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
    2011-11-06 23:24 . 2011-11-06 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-06 23:24 . 2011-11-06 23:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-05 19:50 . 2011-11-05 19:50 -------- d-----w- c:\program files\ESET
    2011-11-03 00:47 . 2011-11-03 00:47 -------- d-----w- c:\program files\ADLSoft UnCompressor
    2011-11-03 00:38 . 2011-11-03 00:39 -------- d-----w- c:\users\Jack\PDFReader
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-23 19:00 . 2011-10-23 20:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-23 19:00 . 2011-10-23 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-22 02:18 . 2011-10-22 02:18 -------- d-----w- c:\program files\iTunes
    2011-10-22 02:18 . 2011-10-22 02:18 -------- d-----w- c:\program files\iPod
    2011-10-22 02:15 . 2011-10-22 02:15 -------- d-----w- c:\program files\Bonjour
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-20 12:00 . 2011-10-20 12:00 184 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DDCA8712-1E21-66EB-F588-330BE1C2C51E}-tmp41f69acf.bat
    2011-10-17 02:28 . 2011-10-17 03:28 -------- d-----w- c:\users\Jack\AppData\Roaming\Skype
    2011-10-13 11:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 11:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 11:31 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 11:31 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 11:31 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
    2011-10-11 11:46 . 2011-10-11 11:46 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E509B4F9-C7BB-48EC-BC0B-0DDB365714DD}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-24 02:33 . 2011-05-17 01:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 03:48 . 2011-08-06 12:19 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-03 10:06 . 2011-05-08 01:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-14 16:47 . 2011-09-14 16:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
    2011-09-14 16:46 . 2011-09-14 16:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
    2011-09-14 16:38 . 2011-09-14 16:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-10-31_22.46.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-10 02:48 . 2011-11-07 01:08 36690 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2011-11-08 14:08 42028 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-01-10 00:28 . 2011-10-31 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:28 . 2011-11-08 13:35 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:28 . 2011-11-08 13:35 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2011-10-31 15:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2011-11-08 13:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-01-21 02:19 . 2011-11-07 03:58 7214 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1006_UserData.bin
    + 2010-02-07 20:49 . 2011-11-01 16:20 4524 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1004_UserData.bin
    + 2010-01-10 02:48 . 2011-11-08 14:08 8072 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1001_UserData.bin
    + 2011-11-07 12:40 . 2011-11-08 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-30 18:52 . 2011-10-31 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-30 18:52 . 2011-10-31 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-07 12:40 . 2011-11-08 13:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-01-10 11:04 . 2011-11-08 12:20 292200 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 02:05 . 2011-11-08 13:40 626354 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2011-10-30 15:17 626354 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2011-10-30 15:17 107816 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:05 . 2011-11-08 13:40 107816 c:\windows\System32\perfc009.dat
    - 2009-07-14 04:47 . 2011-10-30 18:51 391728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:47 . 2011-11-07 12:39 391728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-20 19:53 . 2011-11-03 00:50 572652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-12288.dat
    + 2010-12-14 13:41 . 2011-11-07 12:39 2896084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1006-8192.dat
    + 2010-12-14 13:41 . 2011-11-02 22:18 2327636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1005-8192.dat
    + 2011-02-07 23:08 . 2011-11-05 19:46 4057207 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1004-8192.dat
    + 2010-12-05 17:26 . 2011-11-07 12:39 3708352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    "TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
    "TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
    "TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
    "TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-06 4615552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTkzNjMyMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA&prod=90&ver=10.0.1391" [?]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl0f087856;MpKsl0f087856;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0209AC4E-D9C4-4289-BBC5-3CF5A16CA916}\MpKsl0f087856.sys [x]
    R1 MpKsl49eafb6b;MpKsl49eafb6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C08BE0-1CDF-4B13-8F5D-0CBFC2D5122F}\MpKsl49eafb6b.sys [x]
    R1 MpKsl8590d562;MpKsl8590d562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D748FEB-2C0D-465B-BDDA-2F108C3D294F}\MpKsl8590d562.sys [x]
    R1 MpKsl912937b0;MpKsl912937b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1D324BE-2AAC-4ACB-966F-4B91FBAE9330}\MpKsl912937b0.sys [x]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
    R4 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
    S1 MpKsle1a83760;MpKsle1a83760;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8374E5C-91EB-48AE-8D26-7503B16344E3}\MpKsle1a83760.sys [2011-11-08 28752]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
    S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36]
    .
    2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2370536414-983749384-3936569394-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:1e,2a,f6,56,c4,d2,2f,17,e5,09,82,30,67,3b,56,d5,9f,51,61,4b,86,67,17,
    39,71,6e,1b,41,5d,02,5a,50,72,f9,a9,7d,6a,42,2e,a0,39,75,d8,06,f7,8d,9c,19,\
    "??"=hex:cc,7c,b8,4e,21,96,58,df,52,95,ed,b3,65,f0,5c,24
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-08 08:29:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-08 14:29
    ComboFix2.txt 2011-11-05 22:49
    ComboFix3.txt 2011-11-05 17:13
    ComboFix4.txt 2011-10-31 23:06
    ComboFix5.txt 2011-11-08 12:39
    .
    Pre-Run: 4,197,842,944 bytes free
    Post-Run: 4,580,904,960 bytes free
    .
    - - End Of File - - CE68A674B362BC23DE06F139047A5C03
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, looks good. The BingBar Update Service was zapped in Combofix! I do see the prgram currently running though- note SeaPort:
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    I found the following which in one way answers my question and in another ought to put Microsoft to shame:

    Attributes for bold and color text are mine.
    Full article can be found > http://www.riskanalytics.com/blog/?p=270

    If you choose, instructions for removing/deleting/stopping this process can be found HERE.

    Some interesting sites in cyberspace about partner attempts to get their search engine on our computer and things they do to accomplish it!

    So the progress goes like this:
    Have SeaPort> BingBar bundled with it> some app says you need an addon to run it> Now have Zugo> which changes the homepage and search engine and becomes the Bing/Zugo bar.
    =====================================
    I'd like you to attempt the Eset scan again.

    Please let me know how the system is doing now.
     
  20. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    reran Eset scan, PC shutdown...

    I reran the Eset scan, PC continues to shutdown at some point after reaching 99% (runs for over an hour). Here is a little more detail about what showed in the status window, not sure if this is helpful or not...

    -a variant of the Win32/Toolbar.zugo application was found
    -a variant of the Win32/InstallCore.C application was found
    -a variant of the Win32/Adware.Yontoo.B application was found
    -a variant of the Win32/Adware.Yontoo.A application was found
    -Java/TrojanDownloader.OpenStream.NC trojan was found

    One option is that I could try to stop the scan before it shuts down, at least capturing a log for some of these infections. Though the shutdown leads me to think there is something else that plagues this PC at the 99.9% point of the scan. Let me know recommended next steps...as always TIA.

    As for Seaport, I will address this after we reach a better point of stability, unless you indicate otherwise.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Unfortunately, this is the wrong part of the scan! While it tells me what was found, it does not tell me what it's on- so I can remove it. OTM works by removing the file or folder name given, not the name of the infection.

    Please search in the system and see if you can find the log. If you're getting this much info from the scan it should have a log somewhere.
    --------------------------------------------
    If you did not empty the Java cache, do it now:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com

    I'm really tired and shutting down for the night.
     
  22. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    OK, I understand that the virus info that I supplied is not helpful. I have found the Eset log, but it only shows info about the install, nothing regarding any virus scan because the PC shuts down before this information can be added to the log. Do you still want this log? I have tried to run Eset several different times, both in normal and safe modes, same results.

    Also, I have cleared the Java plug-in cache, multiple times now.

    Am I out of options? The PC seemed to be improving with the SAS work, etc...but when I run the Eset scan, all the same infections still seem to identify during the scan, and then poof, the system shuts down and I can proceed no further. I am still thinking that I should stop the scan at a certain point post 99% and save the log, at least this provides some information. Let me know what you think, TIA!
     
  23. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    took my own advice...

    Stopped Eset scan after discovering nine threats...here they are:

    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application
    C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
    C:\Qoobox\Quarantine\C\Program Files\Yontoo Layers\YontooIEClient.dll.vir Win32/Adware.Yontoo.A application
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
    C:\Qoobox\Quarantine\C\Users\Jack\AppData\Local\temp\ICReinstall\PDFReaderSetup.exe.vir a variant of Win32/InstallCore.C application
    C:\Qoobox\Quarantine\C\Users\Jack\AppData\Local\temp\is1438683437\zgInstaller.exe.vir a variant of Win32/Toolbar.Zugo application
    C:\Users\Elisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\58cf3ce6-4692b267 a variant of Java/TrojanDownloader.OpenStream.NCM trojan
    C:\Users\Jack\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.C application
    C:\Users\Jack\PDFReader\Uninstall\Uninstall.exe a variant of Win32/InstallCore.C application
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, looks like a 'Java leak' from something. Logs show the most current version v6u29 is installed.

    Java/TrojanDownloader.Agent.NCA may be invoked when visiting a malicious website by referencing a malicious Java class file within a Java archive file (.JAR).
    (Your first mention of OpenStream was 'NC'. The section of Eset you left had OpenStream.NCM, then Google offered OpenStream.NCA. There is also an OpenStream.NCV! These are usually alieases from different AVs or varianlt of same malware.
    ====================================
    .Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    FileLook::
    c:\windows\system32\DllHost.exe
    ClearJavaCache::
    RegNull::
    [HKEY_USERS\S-1-5-21-2370536414-983749384-3936569394-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    
    Reboot::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Let's check the security:
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  25. jbmeyer

    jbmeyer TS Rookie Topic Starter Posts: 35

    Ran combofix with script, here is the log.

    ComboFix 11-11-05.02 - John 11/09/2011 15:44:28.7.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1269 [GMT -6:00]
    Running from: c:\users\John\Desktop\ComboFix.exe
    Command switches used :: c:\users\John\Desktop\cfscript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\users\Rina\AppData\Local\temp
    2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\users\Jack\AppData\Local\temp
    2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\users\Elisa\AppData\Local\temp
    2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-09 22:27 . 2011-11-09 22:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-11-09 03:59 . 2011-11-09 22:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F8037F2-443E-4724-98A9-D3538EA153E0}\offreg.dll
    2011-11-09 03:59 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F8037F2-443E-4724-98A9-D3538EA153E0}\mpengine.dll
    2011-11-08 13:32 . 2011-11-09 23:03 -------- d-----w- c:\users\John\AppData\Local\temp
    2011-11-06 23:25 . 2011-11-06 23:25 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
    2011-11-06 23:24 . 2011-11-06 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-06 23:24 . 2011-11-06 23:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-05 19:50 . 2011-11-05 19:50 -------- d-----w- c:\program files\ESET
    2011-11-03 00:47 . 2011-11-03 00:47 -------- d-----w- c:\program files\ADLSoft UnCompressor
    2011-11-03 00:38 . 2011-11-03 00:39 -------- d-----w- c:\users\Jack\PDFReader
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-25 21:42 . 2011-10-25 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-23 19:00 . 2011-10-23 20:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-23 19:00 . 2011-10-23 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-22 02:18 . 2011-10-22 02:18 -------- d-----w- c:\program files\iTunes
    2011-10-22 02:18 . 2011-10-22 02:18 -------- d-----w- c:\program files\iPod
    2011-10-22 02:15 . 2011-10-22 02:15 -------- d-----w- c:\program files\Bonjour
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-22 02:14 . 2011-10-22 02:14 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-20 12:00 . 2011-10-20 12:00 184 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DDCA8712-1E21-66EB-F588-330BE1C2C51E}-tmp41f69acf.bat
    2011-10-17 02:28 . 2011-10-17 03:28 -------- d-----w- c:\users\Jack\AppData\Roaming\Skype
    2011-10-13 11:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-13 11:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-13 11:31 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-13 11:31 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-13 11:31 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
    2011-10-11 11:46 . 2011-10-11 11:46 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E509B4F9-C7BB-48EC-BC0B-0DDB365714DD}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-24 02:33 . 2011-05-17 01:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 03:48 . 2011-08-06 12:19 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-03 10:06 . 2011-05-08 01:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-14 16:47 . 2011-09-14 16:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
    2011-09-14 16:46 . 2011-09-14 16:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
    2011-09-14 16:38 . 2011-09-14 16:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
    2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\DllHost.exe ---
    Company: Microsoft Corporation
    File Description: COM Surrogate
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: dllhost.exe
    File size: 7168
    Created time: 2009-07-13 23:43
    Modified time: 2009-07-14 01:14
    MD5: A63DC5C2EA944E6657203E0C8EDEAF61
    SHA1: ACE762C51DB1908C858C898D7E0F9B36F788D2D9
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-10-31_22.46.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wabimp.dll
    + 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wabimp.dll
    + 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wabimp.dll
    + 2009-07-13 23:42 . 2009-07-14 01:16 41984 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wabimp.dll
    + 2010-01-10 02:48 . 2011-11-07 01:08 36690 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2011-11-08 23:19 42060 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-01-10 00:28 . 2011-11-09 22:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-01-10 00:28 . 2011-10-31 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-01-10 00:28 . 2011-11-09 22:29 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:41 . 2011-10-31 15:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:41 . 2011-11-09 22:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-01-21 02:19 . 2011-11-07 03:58 7214 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1006_UserData.bin
    + 2010-02-07 20:49 . 2011-11-01 16:20 4524 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1004_UserData.bin
    + 2010-01-10 02:48 . 2011-11-08 14:08 8072 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2370536414-983749384-3936569394-1001_UserData.bin
    - 2011-10-30 18:52 . 2011-10-31 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-09 02:56 . 2011-11-09 22:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-30 18:52 . 2011-10-31 15:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-09 02:56 . 2011-11-09 22:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-05-21 02:25 . 2010-11-20 12:29 187776 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\FWPKCLNT.SYS
    + 2009-07-13 23:12 . 2009-07-14 01:20 187472 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\FWPKCLNT.SYS
    + 2010-01-10 11:04 . 2011-11-09 13:40 293112 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 02:05 . 2011-11-09 22:33 626354 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2011-10-30 15:17 626354 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2011-11-09 22:33 107816 c:\windows\System32\perfc009.dat
    - 2009-07-14 02:05 . 2011-10-30 15:17 107816 c:\windows\System32\perfc009.dat
    + 2009-07-14 04:47 . 2011-11-09 02:55 391728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 04:47 . 2011-10-30 18:51 391728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-20 19:53 . 2011-11-03 00:50 572652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-12288.dat
    + 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.21830_none_579ad6f7c13ca999\wab32res.dll
    + 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7601.17699_none_56d95b58a847985d\wab32res.dll
    + 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.21062_none_5595e0fdc42cfa49\wab32res.dll
    + 2009-07-13 23:42 . 2009-07-14 01:11 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.1.7600.16891_none_54eafc02ab2861b9\wab32res.dll
    + 2010-12-14 13:41 . 2011-11-07 12:39 2896084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1006-8192.dat
    + 2010-12-14 13:41 . 2011-11-02 22:18 2327636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1005-8192.dat
    + 2011-02-07 23:08 . 2011-11-09 02:55 4057207 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1004-8192.dat
    + 2010-12-05 17:26 . 2011-11-09 02:55 3750940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2370536414-983749384-3936569394-1001-8192.dat
    + 2011-05-20 08:01 . 2011-11-09 21:25 125307612 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    "TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
    "TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
    "TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
    "TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-06 4615552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTkzNjMyMzQ5LUZQOSs2LVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNzctU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1GTDEwKzEtRERUKzA&prod=90&ver=10.0.1391" [?]
    .
    c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 MpKsl0f087856;MpKsl0f087856;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0209AC4E-D9C4-4289-BBC5-3CF5A16CA916}\MpKsl0f087856.sys [x]
    R1 MpKsl49eafb6b;MpKsl49eafb6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1C08BE0-1CDF-4B13-8F5D-0CBFC2D5122F}\MpKsl49eafb6b.sys [x]
    R1 MpKsl8590d562;MpKsl8590d562;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D748FEB-2C0D-465B-BDDA-2F108C3D294F}\MpKsl8590d562.sys [x]
    R1 MpKsl912937b0;MpKsl912937b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1D324BE-2AAC-4ACB-966F-4B91FBAE9330}\MpKsl912937b0.sys [x]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
    R4 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
    S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36]
    .
    2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{3EA3B73C-52E7-4632-9399-71C3A80B61CC}: NameServer = 192.168.2.1,8.8.4.4,8.8.4.4
    .
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\program files\Windows Live\Family Safety\fsssvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Internet Explorer\iexplore.exe
    c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-09 17:23:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-09 23:23
    ComboFix2.txt 2011-11-08 14:30
    ComboFix3.txt 2011-11-05 22:49
    ComboFix4.txt 2011-11-05 17:13
    ComboFix5.txt 2011-11-09 21:35
    .
    Pre-Run: 4,222,251,008 bytes free
    Post-Run: 4,306,898,944 bytes free
    .
    - - End Of File - - 1EC6BE812728515E747A1A01DE9242C3
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...