Resolved Internet continually being used

Status
Not open for further replies.

JohnWP

Posts: 10   +0
My useage monitor shows continual upload and download of data, even when no browser or email application is open. I've attached an HJT log.
 

Attachments

  • hijackthis.log
    11.9 KB · Views: 1
Welcome to TechSpot, John.

I'll be glad to check the logs from the programs given in the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

WE do not 'screen' for malware using HijackThis. Hopefully we can see if there is malware running in the background. If you are using any file sharing programs, they should be uninstalled or disabled.
====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Log File

Many thanks for your time, here is the Malwarebytes log file.


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7476

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

16/08/2011 08:45:38
mbam-log-2011-08-16 (08-45-38).txt

Scan type: Quick scan
Objects scanned: 187009
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-16 09:04:06
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000066 WDC_WD10 rev.80.0
Running: 0ffjls3w.exe; Driver: C:\Users\John\AppData\Local\Temp\pwtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\windrvNT.sys ZwQueryDirectoryFile [0xAC90A842]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp networx.sys (NetFilter SDK TDI Hook Driver (WPP)/NetFilterSDK.com)
AttachedDevice \Driver\tdx \Device\Udp networx.sys (NetFilter SDK TDI Hook Driver (WPP)/NetFilterSDK.com)

---- EOF - GMER 1.0.15 ----
 
DDS Log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by John at 16:20:19 on 2011-08-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2814.1559 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\vsnp2std.exe
C:\Windows\VM305_STI.EXE
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.aldi.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [024h Lucky Reminder] "c:\program files\024h lucky reminder\LuckyReminder.exe" /m
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device...
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=15414&locale=en_UK&apn_uid=f92c8427-bcb5-4ff8-88f1-6b4f6b3ecd05&apn_ptnrs=N8&apn_sauid=1E96CCB9-3E4C-4FE0-9CC3-01AEE49B0935&apn_dtid=YYYYYYYYGB&q=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\john\appdata\roaming\mozilla\firefox\profiles\2dtlkfwg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: FreeOnlineRadioPlayerRecorder Community Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FreemakeConverter: fmconverter@gmail.com - c:\program files\freemake\freemake video converter\browserplugin\Firefox
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-9-8 39472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-4 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-5 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-20 309848]
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-3-14 51640]
R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-3 216912]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-15 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-20 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-5 42184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2010-9-7 4096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 603240]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2010-12-7 52824]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-5-31 30392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CPTMobileCS;CPTMobileCS; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-13 136176]
S2 tbbLoaderService;tbbLoaderService; [x]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-9-27 17984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-13 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-12-23 38976]
S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2010-12-23 53312]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-7 25088]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-17 1343400]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2006-5-8 391688]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-16 14:23:48 -------- d-----w- c:\users\john\appdata\local\{F0D5BB3F-512A-4048-9AEF-F6E82FD9ABB6}
2011-08-16 14:23:37 -------- d-----w- c:\users\john\appdata\local\{D0DAB491-81B8-4B31-96CE-21DC04CAD515}
2011-08-16 07:58:13 -------- d-----w- c:\users\john\appdata\local\{5235452C-676F-4A4B-94A2-9F819D9CF6F0}
2011-08-16 07:38:51 -------- d-----w- c:\users\john\appdata\roaming\Malwarebytes
2011-08-16 07:38:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 07:38:46 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 07:38:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 07:38:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 07:32:43 -------- d-----w- c:\users\john\appdata\local\{E80F238D-794B-4433-B5D0-C129F112CAF8}
2011-08-16 07:32:32 -------- d-----w- c:\users\john\appdata\local\{45434D17-AB2C-49F9-A682-002A7A191478}
2011-08-16 07:23:42 -------- d-----w- c:\users\john\appdata\local\{E98E7436-B92D-43C0-BBBE-DB0B5CCA1D09}
2011-08-16 07:23:31 -------- d-----w- c:\users\john\appdata\local\{8F841B78-FEB0-451E-8F3E-2C20D996D4F5}
2011-08-15 20:45:39 -------- d-----w- C:\Tools
2011-08-15 20:30:53 -------- d-----w- c:\users\john\appdata\local\{6FBE9D48-27EE-46E8-9EAA-1E29C723E771}
2011-08-15 20:30:40 -------- d-----w- c:\users\john\appdata\local\{162C34DF-EEAE-472D-8EB9-45B1719E2440}
2011-08-15 15:51:45 -------- d-----w- c:\users\john\appdata\local\{74A61D18-CC8A-4AB6-BFEB-1102118424E7}
2011-08-15 15:51:34 -------- d-----w- c:\users\john\appdata\local\{71AD1B17-5E60-4203-BAE3-516856E97461}
2011-08-15 15:12:29 -------- d-----w- c:\users\john\appdata\local\{E301AE87-985C-4D9E-B2F9-9D1AFAB4192E}
2011-08-15 15:08:35 -------- d-----w- c:\users\john\appdata\local\{FD655268-E8CC-48DB-A042-77F7471B3676}
2011-08-15 15:08:23 -------- d-----w- c:\users\john\appdata\local\{9A25A9D5-D7E4-460E-8669-499AA9890911}
2011-08-15 14:26:26 -------- d-----w- c:\program files\Trend Micro
2011-08-15 14:05:49 -------- d-----w- c:\users\john\appdata\local\{69836BBB-F2D5-4C3C-B237-71FB2260149D}
2011-08-15 14:05:38 -------- d-----w- c:\users\john\appdata\local\{48F63781-021A-44B9-B6B8-F728AAFAF0D5}
2011-08-15 13:46:49 -------- d-----w- c:\users\john\appdata\local\{39C3D6CD-DD3D-4A04-935A-FECF4FCB1BD6}
2011-08-15 13:46:28 -------- d-----w- c:\users\john\appdata\local\{E113C2D4-167E-4506-A900-19FD5EE550C2}
2011-08-15 13:38:57 -------- d-----w- c:\users\john\appdata\local\{652BA45D-4F1F-4511-A3DC-971B2721A5C8}
2011-08-15 13:38:34 -------- d-----w- c:\users\john\appdata\local\{27C2046D-EBD4-4F2F-81C8-02B1846D4949}
2011-08-15 12:12:20 -------- d-----w- c:\users\john\appdata\local\{5668B599-6AB1-47D3-BD9E-274CC29CD8DF}
2011-08-15 12:12:09 -------- d-----w- c:\users\john\appdata\local\{C8218681-18BA-49FF-9091-D9FE4C8234B3}
2011-08-15 11:45:33 -------- d-----w- c:\users\john\appdata\local\{197FB695-4274-48B4-95F8-914F57180F74}
2011-08-15 11:45:21 -------- d-----w- c:\users\john\appdata\local\{686F8873-2BF1-4631-B767-2654D26297F0}
2011-08-15 08:43:34 -------- d-----w- c:\users\john\appdata\local\{36E885D4-25B5-45EA-AF83-52302FDCA966}
2011-08-15 08:43:18 -------- d-----w- c:\users\john\appdata\local\{FAAFF6DD-6106-4171-A4A3-7A20BA893FC5}
2011-08-15 02:35:33 -------- d-----w- c:\users\john\appdata\local\{49B24762-3C6B-4F30-B9C9-EE0C73506B9A}
2011-08-15 02:35:22 -------- d-----w- c:\users\john\appdata\local\{B251ACD5-EF49-4B5F-B426-BDE2ADA4FF84}
2011-08-13 20:56:03 -------- d-----w- c:\users\john\appdata\local\{E58EA261-E5D7-4FB7-9C1A-9FB6F40414B3}
2011-08-13 20:55:51 -------- d-----w- c:\users\john\appdata\local\{B2F6305D-83B8-45E1-B79F-D0AEDD793476}
2011-08-13 14:27:38 -------- d-----w- c:\users\john\appdata\local\{7CFC5C3E-A4A2-4004-879C-9E44AA66F9BA}
2011-08-13 14:27:28 -------- d-----w- c:\users\john\appdata\local\{9D11124B-B473-422A-A65A-BA52073C53B9}
2011-08-13 12:20:49 -------- d-----w- c:\users\john\appdata\local\{574498F7-1F4A-4063-A4E7-F43C7E7BD382}
2011-08-13 12:20:38 -------- d-----w- c:\users\john\appdata\local\{C0630A15-E933-411B-9FC7-13C0DD6E80E3}
2011-08-13 12:16:51 -------- d-----w- c:\users\john\appdata\local\{A93A3D27-5260-4C7E-AE52-7BE5E112A880}
2011-08-13 12:16:40 -------- d-----w- c:\users\john\appdata\local\{D902B4D0-905E-4FDA-AAAD-7C5ADC9E12F5}
2011-08-13 10:55:55 -------- d-----w- c:\users\john\appdata\local\{5B8A5773-02F9-48EB-BEB2-45AA5CA546ED}
2011-08-13 10:55:44 -------- d-----w- c:\users\john\appdata\local\{737E5ACD-E1B9-437F-99F1-9A4817A77D0F}
2011-08-12 07:55:28 -------- d-----w- c:\users\john\appdata\local\{82A86BC3-4360-42CF-A515-27163566ED4C}
2011-08-12 07:55:17 -------- d-----w- c:\users\john\appdata\local\{8574DABF-F43D-4D7B-922B-FED921756CD5}
2011-08-12 07:27:55 -------- d-----w- c:\users\john\appdata\local\{34375710-B7CE-43FC-80BB-21AA6DE0045F}
2011-08-12 07:27:42 -------- d-----w- c:\users\john\appdata\local\{87113D1D-B98F-4413-8511-69A6978C1E5B}
2011-08-12 07:22:03 -------- d-----w- C:\77399587e00fa6e89a1ce9edd1ab8824
2011-08-12 07:17:24 -------- d-----w- c:\users\john\appdata\local\{EF0D1341-EDE2-4E6A-A560-B908A6E619E6}
2011-08-12 07:17:08 -------- d-----w- c:\users\john\appdata\local\{5F555436-4454-4F27-9F07-3D4D3CF470F2}
2011-08-11 21:56:34 -------- d-----w- c:\users\john\appdata\local\{47DEF489-D73C-4028-9F1C-95E1F3F1752C}
2011-08-11 21:56:22 -------- d-----w- c:\users\john\appdata\local\{777E1AA3-0B4D-4FEB-92E0-7CE24DEA3591}
2011-08-11 21:38:53 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-08-11 21:38:30 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-08-11 21:37:23 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-08-11 21:37:02 -------- d-----w- c:\program files\Application Verifier
2011-08-11 21:34:31 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-08-11 13:57:10 -------- d-----w- c:\users\john\appdata\local\{4F8166A3-77EA-429D-841E-A7EA7F4F3273}
2011-08-11 13:56:59 -------- d-----w- c:\users\john\appdata\local\{53D6556E-C8C5-420F-8192-B3B6BE508D08}
2011-08-11 12:19:43 -------- d-----w- c:\users\john\appdata\local\{CA70DB12-D6A0-440E-81E9-FA5CC82A92F5}
2011-08-11 12:19:30 -------- d-----w- c:\users\john\appdata\local\{ECA79E15-1AA9-4312-96BC-62FF20B0487A}
2011-08-11 07:39:12 -------- d-----w- c:\users\john\appdata\local\{F0A929B7-6E1B-409F-9DC9-BC80D33D9022}
2011-08-11 07:39:01 -------- d-----w- c:\users\john\appdata\local\{7FBC4FDF-DB43-4AC7-B9E0-23F227B5EBA0}
2011-08-10 22:51:47 -------- d-----w- c:\users\john\appdata\local\{FD89214D-C251-4813-AAEC-7D782AC476EC}
2011-08-10 22:51:32 -------- d-----w- c:\users\john\appdata\local\{EC59C4B9-7EE7-476E-B99F-ED5D1DDEBCA1}
2011-08-10 21:12:11 -------- d-----w- c:\users\john\appdata\local\{7B064187-7D02-4B4B-A5AD-6FCD67A3CB2A}
2011-08-10 21:11:57 -------- d-----w- c:\users\john\appdata\local\{E5FCAFF5-1F5C-4B74-A1B6-79938D4D8183}
2011-08-10 20:53:45 -------- d-----w- c:\users\john\appdata\local\{674F1EBB-3D2A-45CD-86CC-DA8D344860F5}
2011-08-10 20:53:34 -------- d-----w- c:\users\john\appdata\local\{4D20FE65-58DC-40D4-B6A9-DBC31860E9F3}
2011-08-10 20:25:33 -------- d-----w- C:\461f73c93dbeb6b28611c2389cec38
2011-08-10 20:16:29 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 20:16:29 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 20:16:28 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 20:16:28 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 20:16:27 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-10 20:16:26 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 20:13:12 -------- d-----w- c:\users\john\appdata\local\{429E1F7A-DD43-480A-9049-9CE8F7BCD675}
2011-08-10 20:13:00 -------- d-----w- c:\users\john\appdata\local\{E802C02B-3C50-43BA-8AAE-FAED6BB72F00}
2011-08-10 12:58:55 -------- d-----w- c:\users\john\appdata\local\{F90F70CB-5356-4D35-A017-ED44A1A856A2}
2011-08-10 12:58:44 -------- d-----w- c:\users\john\appdata\local\{A61177B8-0FE6-4545-A1FD-D46491E330B9}
2011-08-10 07:26:15 -------- d-----w- c:\users\john\appdata\local\{44D0C087-9D38-4609-A47F-D2D5E529E070}
2011-08-10 07:25:58 -------- d-----w- c:\users\john\appdata\local\{383CC9F0-F06C-4A4B-966C-11DF4B6E5AF0}
2011-08-09 20:22:15 -------- d-----w- c:\users\john\appdata\local\{29EA38FC-CB4B-4762-8C14-B83E26EEFD71}
2011-08-09 20:21:58 -------- d-----w- c:\users\john\appdata\local\{45ECF77C-CE0B-4F0A-B5B7-D480E607D887}
2011-08-09 19:36:35 -------- d-----w- c:\users\john\appdata\local\{82C4E282-C19E-4F5C-9D72-319D1C8274BE}
2011-08-09 19:36:24 -------- d-----w- c:\users\john\appdata\local\{9178B765-ED05-4F56-A615-A97386EC421E}
2011-08-09 17:55:28 -------- d-----w- c:\users\john\appdata\local\{78378DF0-60EC-4ABE-BE7A-8821CCEC439A}
2011-08-09 17:55:16 -------- d-----w- c:\users\john\appdata\local\{FA4CEE9A-C664-4ECA-89E5-EBE469B7C349}
2011-08-09 07:05:59 -------- d-----w- c:\users\john\appdata\local\{FA788C31-10DC-43B5-9AEE-A05EC6B60EA5}
2011-08-09 06:48:30 -------- d-----w- c:\users\john\appdata\local\{E6EAE424-D767-4E4D-A4AB-C005CB517A73}
2011-08-09 06:48:18 -------- d-----w- c:\users\john\appdata\local\{33B9445D-981D-4A68-9757-3E55E3492C52}
2011-08-08 15:14:09 -------- d-----w- c:\users\john\appdata\local\{987391EA-08B2-4222-BE11-57A45E7D30E8}
2011-08-08 15:13:58 -------- d-----w- c:\users\john\appdata\local\{1DFA0AD9-1F67-4F38-8D4D-25749B451F63}
2011-08-08 14:52:45 -------- d-----w- c:\users\john\appdata\local\{28C69618-B557-4CBD-8CC8-F94188454FB1}
2011-08-08 14:52:34 -------- d-----w- c:\users\john\appdata\local\{4E37B10B-4D22-43E6-BBCD-5E0F46A3A29A}
2011-08-08 14:47:42 -------- d-----w- c:\users\john\appdata\local\{9AF2C132-F351-4757-B56B-F6C31EBC1475}
2011-08-08 14:47:31 -------- d-----w- c:\users\john\appdata\local\{10B23A1A-B6FE-485C-A28E-F024B219B2AC}
2011-08-08 14:34:01 -------- d-----w- c:\users\john\appdata\local\{BE789C39-F149-4714-8E68-846E138C371E}
2011-08-08 14:33:50 -------- d-----w- c:\users\john\appdata\local\{1144DCB5-3C99-4D09-A323-13DCD6F1BFA4}
2011-08-08 14:03:03 -------- d-----w- c:\users\john\appdata\local\{28703892-1E56-4E24-8940-FBE3E6063C9B}
2011-08-08 14:02:52 -------- d-----w- c:\users\john\appdata\local\{86BBB37F-71F5-491A-AF13-871004026BE1}
2011-08-08 10:14:46 -------- d-----w- c:\users\john\appdata\local\{C18C5F2E-7645-4126-AEE1-A72F18037646}
2011-08-08 10:14:29 -------- d-----w- c:\users\john\appdata\local\{732CDE31-9458-408E-9D77-CB10E9634FE8}
2011-08-08 07:29:11 -------- d-----w- c:\users\john\appdata\local\{22AFFEC9-C44F-429A-B6DE-977D87ED91CE}
2011-08-08 07:29:00 -------- d-----w- c:\users\john\appdata\local\{B5D05F59-6136-4FE3-8912-8CDAA981F3F4}
2011-08-07 17:25:05 -------- d-----w- c:\users\john\appdata\local\{BE5B1AFF-67FB-4147-9D5A-84EE95C91923}
2011-08-07 17:24:54 -------- d-----w- c:\users\john\appdata\local\{E3F97CF6-034E-471B-9676-F9AD39BD2AD5}
2011-08-07 09:08:50 -------- d-----w- c:\users\john\appdata\local\{CC763E93-70EC-48BB-BE2C-CEF04549A25B}
2011-08-07 09:08:39 -------- d-----w- c:\users\john\appdata\local\{360FDB6B-B4B1-4190-83EF-AE4A5AA8FE0A}
2011-08-07 09:05:24 -------- d-----w- c:\users\john\appdata\local\{0EC9FDAE-B4FC-498A-B03D-D9CD80922E3C}
2011-08-07 09:05:13 -------- d-----w- c:\users\john\appdata\local\{1CC82146-9B3C-4682-A596-BB80CFC2C35A}
2011-08-07 09:04:11 -------- d-----w- c:\users\john\appdata\local\{A324E6C9-18B7-479B-BFFE-26BCEC3A3846}
2011-08-07 09:04:00 -------- d-----w- c:\users\john\appdata\local\{8784DBCA-2A67-4E17-927B-09FDD98B058D}
2011-08-07 09:02:48 -------- d-----w- c:\users\john\appdata\local\{8A010F80-A1F2-49E2-9ADF-7F730C90675C}
2011-08-07 09:02:37 -------- d-----w- c:\users\john\appdata\local\{CF8612BD-74F5-4A99-AFFA-EE9D8BC9F64E}
2011-08-07 07:21:23 -------- d-----w- c:\users\john\appdata\local\{AF9F5B2F-41D3-4231-B4D9-3BD786ED974E}
2011-08-07 07:21:12 -------- d-----w- c:\users\john\appdata\local\{761F64F0-B3FC-4C1E-BE92-F93F41D7E4FD}
2011-08-06 09:29:52 -------- d-----w- c:\users\john\appdata\local\{504038E8-B62D-4A46-B378-065DAD01E649}
2011-08-06 09:28:38 -------- d-----w- c:\users\john\appdata\local\{5354568F-672E-42A3-8ABE-6D681CB59740}
2011-08-06 09:28:27 -------- d-----w- c:\users\john\appdata\local\{2FECDD78-A36D-403F-8137-852D7995FE9B}
2011-08-06 09:21:51 -------- d-----w- c:\users\john\appdata\local\{33F401CC-0E44-41F6-BC53-323B27DEFCFD}
2011-08-06 09:21:40 -------- d-----w- c:\users\john\appdata\local\{BF84FA22-8C5E-4B32-9363-537E39B1720A}
2011-08-06 09:03:01 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bb61a8cc-b6f5-4751-a0e2-226b46839d69}\mpengine.dll
2011-08-06 09:00:03 -------- d-----w- c:\users\john\appdata\local\{F08C47AF-6773-46F3-AF06-AA88150A7B14}
2011-08-06 08:59:52 -------- d-----w- c:\users\john\appdata\local\{9AC9A47B-E315-4D5A-BEEE-35D0030CD7F8}
2011-08-05 15:29:26 -------- d-----w- c:\users\john\appdata\local\{EA489822-161B-4BB7-94B3-848BD3379569}
2011-08-05 15:29:15 -------- d-----w- c:\users\john\appdata\local\{70179188-A6D5-4F01-893F-F4665755E9BA}
2011-08-05 10:21:07 -------- d-----w- c:\users\john\appdata\local\{03C21EA2-B384-4B3B-A817-225CAF2B073B}
2011-08-05 10:20:56 -------- d-----w- c:\users\john\appdata\local\{5B16B198-D38D-4B02-BE4A-D0F2F7666AE4}
2011-08-05 05:51:57 -------- d-----w- c:\programdata\Tarma Installer
2011-08-05 05:51:57 -------- d-----w- c:\program files\DIY Kyoto
2011-08-05 05:27:24 -------- d-----w- c:\users\john\appdata\local\{C6910970-FA8C-4467-A5CA-FA45394C9C3E}
2011-08-05 05:27:05 -------- d-----w- c:\users\john\appdata\local\{624925E3-4570-4D14-AB49-2283A6BD5D8E}
2011-08-04 21:53:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-04 21:53:25 -------- d-----w- c:\program files\Lavasoft
2011-08-04 19:47:26 -------- d-----w- c:\users\john\appdata\local\{20C8E428-7A1A-465B-8615-5D6BCA973775}
2011-08-04 19:47:15 -------- d-----w- c:\users\john\appdata\local\{34A957CC-CC8D-467E-8B6B-0490E4444673}
2011-08-04 15:40:32 -------- d-----w- c:\users\john\appdata\local\{DD7A80CB-985A-4020-BFC6-70DEDF8C3C2C}
2011-08-04 15:40:14 -------- d-----w- c:\users\john\appdata\local\{35F9947F-47E8-4C32-84DA-5CD0B351F4B6}
2011-08-03 17:33:49 -------- d-----w- c:\program files\Lightworks
2011-08-03 17:20:53 -------- d-----w- c:\users\john\appdata\local\{8517EADB-2596-45C6-B032-3D6E6ABDC8EF}
2011-08-03 17:20:41 -------- d-----w- c:\users\john\appdata\local\{90207858-FFBE-40A7-9C95-B3B777A1BE7A}
2011-08-03 14:39:06 -------- d-----w- c:\users\john\appdata\local\{2550D4BC-14A4-4FEF-B388-D8AE47BCABF3}
2011-08-03 14:38:55 -------- d-----w- c:\users\john\appdata\local\{C5AAD98E-3F79-44C8-9BCA-6086D7BCD944}
2011-08-03 13:40:24 -------- d-----w- c:\users\john\appdata\local\{DC214B8A-9B10-4748-84B1-A711B58AD85B}
2011-08-03 13:40:12 -------- d-----w- c:\users\john\appdata\local\{43D8ECB9-C64B-49E1-8586-ACC7C7B039E0}
2011-08-03 13:14:41 -------- d-----w- c:\users\john\appdata\local\{6E6658BE-7151-4648-B880-596F6F3C06ED}
2011-08-03 13:14:25 -------- d-----w- c:\users\john\appdata\local\{C6B30CFA-4172-4BA8-BF1C-0B46FF37B541}
2011-08-03 10:43:11 -------- d-----w- c:\users\john\appdata\local\{AF3BA700-7070-4C7C-B825-3821FFCBA601}
2011-08-03 09:06:41 -------- d-----w- c:\users\john\appdata\local\{704911BB-66BA-4C11-A0CE-6000FD013065}
2011-08-03 09:04:48 -------- d-----w- c:\users\john\appdata\local\{24DCB479-C062-4DFA-9DE8-60A1D21E2AE8}
2011-08-03 09:04:28 -------- d-----w- c:\users\john\appdata\local\{815C95CC-D662-4593-B90E-BA55E07E2A04}
2011-08-02 17:55:05 -------- d-----w- c:\users\john\appdata\local\{8045FEC8-15BB-4296-B22B-20D9BE5CFF2D}
2011-08-02 17:54:53 -------- d-----w- c:\users\john\appdata\local\{7F48100A-B37E-4A08-93F7-69F86E1F618A}
2011-08-02 16:38:13 -------- d-----w- c:\users\john\appdata\local\{FCFFAF70-ED6E-4F47-97FA-78690087DF95}
2011-08-02 16:38:02 -------- d-----w- c:\users\john\appdata\local\{11F3747D-6821-4663-B2A6-CC1DDFA762D5}
2011-08-02 08:07:31 -------- d-----w- c:\users\john\appdata\local\{D465FA84-C37B-47E5-8E48-75EE811A4B77}
2011-08-02 08:07:13 -------- d-----w- c:\users\john\appdata\local\{40D33837-E0E1-46B1-AB97-211ED52BF90B}
2011-08-01 21:26:54 -------- d-----w- c:\users\john\appdata\local\{96333C06-D566-41D3-A2AE-C06D97CB730A}
2011-08-01 21:26:43 -------- d-----w- c:\users\john\appdata\local\{E11B8BEF-3DA6-4208-94E0-4537F2E9A3AC}
2011-08-01 19:31:00 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-08-01 19:25:26 15712 ----a-w- c:\program files\common files\windows live\.cache\c43a08b31cc508003\MeshBetaRemover.exe
2011-08-01 19:24:58 -------- d-----w- c:\users\john\appdata\local\{04E1ADE0-A7AA-41E5-A8E8-7B7A5CE575C8}
2011-08-01 19:23:18 -------- d-----w- c:\users\john\appdata\local\{350DA65F-A2CA-4DB4-99DB-97F674A62CBF}
2011-08-01 19:23:07 -------- d-----w- c:\users\john\appdata\local\{D5226CCC-5236-4954-8AC4-0BFEEAA78B94}
2011-08-01 08:09:29 -------- d-----w- c:\users\john\appdata\local\{53B818EC-6418-4FF7-B8BA-2CBB08D01D32}
2011-08-01 07:54:36 -------- d-----w- c:\users\john\appdata\local\{914ECD5D-044F-4409-9B3C-552ADF729CC4}
2011-07-30 06:23:08 -------- d-----w- c:\users\john\appdata\local\{2F592A67-6A24-420B-857E-E8B22FBD4EC9}
2011-07-28 18:02:24 -------- d-----w- c:\windows\MSAgent
2011-07-28 17:24:08 -------- d-----w- c:\users\john\appdata\local\{0A4F6EFF-6E30-43C2-B4DA-EF094FB39358}
2011-07-28 04:56:49 -------- d-----w- c:\users\john\appdata\local\{EB1E745D-AEB5-4BB9-AF63-C8D4A9EBA966}
2011-07-28 03:22:19 -------- d-----w- c:\program files\Ask.com
2011-07-27 16:18:26 -------- d-----w- c:\users\john\appdata\local\{DF610C63-3538-4681-A533-512589C4122E}
2011-07-26 19:53:28 -------- d-----w- c:\users\john\appdata\local\{A4A2AD45-F132-47F2-AF27-3F691146ADC2}
2011-07-26 06:35:08 -------- d-----w- c:\users\john\appdata\local\{FDE04222-9A77-4371-AB31-20DCF5B6FA80}
2011-07-25 14:02:09 -------- d-----w- c:\users\john\appdata\local\{B36C4D93-3D30-471E-AC81-0BF5E0391382}
2011-07-24 07:31:50 -------- d-----w- c:\users\john\appdata\local\{96E65376-D1E7-4850-90EB-D5DF56FDBA3D}
2011-07-23 16:52:50 -------- d-----w- c:\users\john\appdata\local\{0337AA20-29B0-460A-A6D7-0E1C489FF075}
2011-07-22 15:55:50 -------- d-----w- c:\users\john\appdata\local\{A2A4AA60-E97B-48F0-B2E6-5515FCC59017}
2011-07-21 21:19:09 -------- d-----w- c:\users\john\appdata\local\{BE279EA4-2FC8-4B9A-BD16-88D2EBCC0DFF}
2011-07-21 06:42:39 -------- d-----w- c:\users\john\appdata\local\{08CF9D50-23E9-4894-8797-171690743112}
2011-07-20 21:12:24 -------- d-----w- c:\users\john\appdata\local\{4DBB0530-60DA-4BC3-A803-458D82024B7B}
2011-07-20 06:09:29 -------- d-----w- c:\users\john\appdata\local\{672B512F-041D-4A47-90A8-79233067E882}
2011-07-19 16:27:48 -------- d-----w- c:\users\john\appdata\local\{2480983A-3957-4AD4-8402-1282F8993E9B}
2011-07-18 14:47:00 -------- d-----w- c:\users\john\appdata\local\{E84A2D50-1C61-42DD-A3C5-2C000DEF7E38}
2011-07-17 21:21:44 -------- d-----w- c:\users\john\appdata\local\{4D693C69-AD79-481E-A0F2-B8B9E15FE697}
.
==================== Find3M ====================
.
2011-08-04 21:58:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 22:25:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 16:22:10.63 ===============
 
Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01/09/2010 21:14:38
System Uptime: 16/08/2011 15:21:14 (1 hours ago)
.
Motherboard: MEDIONPC | | MS-7646
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 676.557 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 10.065 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
W: is FIXED (NTFS) - 1863 GiB total, 567.409 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP532: 10/08/2011 21:18:35 - Windows Update
RP533: 11/08/2011 08:55:15 - Windows Update
RP534: 12/08/2011 08:17:19 - Windows Update
RP535: 12/08/2011 09:01:24 - Windows Update
RP536: 14/08/2011 20:30:44 - Windows Backup
RP538: 15/08/2011 11:58:26 - Revo Uninstaller's restore point - Adobe Digital Editions
RP540: 15/08/2011 12:13:31 - Revo Uninstaller's restore point - Adobe Digital Editions
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
024h Lucky Reminder v1.83
ACDSee
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AMCap
AML Free Registry Cleaner 4.21
Any Video Converter 3.1.8
Apple Application Support
Apple Software Update
Application Verifier
Ask Toolbar
ATI Catalyst Install Manager
Audacity 1.2.6
AutoHotkey 1.0.48.05
avast! Free Antivirus
BB FlashBack 2 Express
Bing Bar
BT Broadband Desktop Help
Canon MP Navigator EX 1.0
CanoScan 8800F
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CDBurnerXP
Compatibility Pack for the 2007 Office system
Conduit Engine
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD Copy
D3DX10
Debugging Tools for Windows (x86)
DeskPins (remove only)
DVD Shrink 3.2
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R285_290 Manual
Express Rip
Folder Lock
Foxit Creator
Free 3GP Video Converter version 4.0.1.718
Free PDF to Word Converter 5.1.0.383
Free Video Cutter 1.1
Freemake Video Converter version 2.1.0
GMapCatcher
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Holmes 1.05
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Lightworks
Logitech Webcam Software
MailWasher Free 6.5.4
Malwarebytes' Anti-Malware version 1.51.1.1800
Media Player Classic - Home Cinema v1.5.0.2827
MediaJoin
Medion Home Cinema
Memory-Map OS Edition 2004
Memory-Map OS Edition Version 5
Mesh Runtime
Messenger Companion
Micrografx Picture Publisher 8
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft AutoRoute 2007
Microsoft AutoRoute 2010
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework 2.0 SDK (x86) ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 6
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
NetWorx 5.1.7
Nokia Connectivity Cable Driver
OGA Notifier 2.0.0048.0
Orbit Downloader
Orca
PageManager
Paragon Partition Manager 9.0 Special Edition
PC Connectivity Solution
PlayReady PC Runtime x86
PrimoPDF -- by Nitro PDF Software
Privacy Guardian 4.1
QuickTime
RAD Video Tools
Rapport
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Recover My Files
Recuva
Registry Mechanic 8.0
Revo Uninstaller 1.92
RoboForm 7-4-1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SilverFast CanonSDK-SE 6.6.2r4a
SilverFast CanonSDK-SE TWAIN 6.5.5r2
SIW version 2010.07.14
Snooper Map Downloader
SoundTap Streaming Audio Recorder
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Switch Sound File Converter
SyncToy 2.1 (x86)
tbbMeter Loader Service
TightVNC 2.0.2
Tonido 2.25.0.13193
TrueCrypt
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 PC Camera (SN9C201&202)
Ventura Updater
VideoLAN VLC media player 0.8.6b
VideoReDo Plus Version 3.10.3.609
VideoReDo/Plus Version 2.5.6.512
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
WavePad Sound Editor
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Resource Kit Tools
Windows SDK IntellisenseNFX
WinMPG VideoConvert 6.6.2
WinRAR archiver
Wise PC Engineer 6.3.6
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
16/08/2011 15:22:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr
16/08/2011 15:22:18, Error: Service Control Manager [7000] - The WinFLdrv service failed to start due to the following error: No more data is available.
16/08/2011 15:22:08, Error: Service Control Manager [7000] - The tbbLoaderService service failed to start due to the following error: The system cannot find the path specified.
16/08/2011 15:22:07, Error: Service Control Manager [7000] - The CPTMobileCS service failed to start due to the following error: The system cannot find the path specified.
12/08/2011 08:13:48, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/08/2011 08:13:48, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
10/08/2011 23:50:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================
 
John, it's pretty easy to see why the internet is constantly being used:

1. There are 130 entries of c:\users\john\appdata\local\{varying numerical strings} on the system between 7/17 and 8/16/2011. This is an enormous number of appdata.

2. There are numerous entries for TB, BHO, auto-updaters>>> one of these is for the Askbar This is usually not something a user intentionally install. It's frequently pre-checked on a download screen and when it installs, it put trash all over the system. Other auto-updaters are Vuze Remote Toolbar, Conduit Engine, BingBar helper.

3. There are extensive activities for the Orbit Downloader. Activities from this include;
[o] Ability to grab and download embedded Flash Video files from sites like YouTube, Dailymotion, Metacafe, etc.
[o] It 'accelerates' downloads by acting as a peer-to-peer client, utilizing bandwidth of other users.
[o] Orbit Downloader is an advertising-supported product since it may change the web browser's homepage upon installation and also offers to install software that are not critical for its operation.

4. On 8/10, these processes were activated:
They are for ODBC (Open Database Connectivity) - a standard software interface for accessing database management systems (DBMS). Any application can use ODBC to query data from a database, regardless of the platform it is on or DBMS it uses.
2011-08-10 20:16:29 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 20:16:29 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 20:16:28 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 20:16:28 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 20:16:27 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-10 20:16:26 163840 ----a-w- c:\windows\system32\odbctrac.dll
If you know what this is and you need to use it, expect some busy usage.

5. On 8/11/2011, you added more activity:
2011-08-11 21:38:53 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-08-11 21:38:30 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-08-11 21:37:23 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-08-11 21:37:02 -------- d-----w- c:\program files\Application Verifier
2011-08-11 21:34:31 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
andonandonandonandon, etc.> And you wonder why the internet is being used! You have a reminder program, 024h Lucky Reminder v1.83 that's going to have to check the interenet 90 times a days to see what it needs to remind you of!
============================================
Bottom line: It you want the internet usage to stop being used continually, I will need to do major surgery to remove the unsuitable processes. We may even find some malware! It's going to take a while and a fair amount of my time. So I want to know that you're going to stick with me and see this through.

Here is my plan:
1. Run Combo fix
2. Run Eset Online Virus Scan
3. Handle logs entries as appropriate for each: For Combofix, set up script to remove bad entries. For Eset, remove malware entries found with appropriate program.
If you want to start-and finish with this, start with the following 2 scans. If you don't tell me now!
4. Run any other programs as needed.
================Starting Line============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
========================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
Recommend you uninstall the AML Free Registry Cleaner 4.21 We do not recommend anyone use a registry cleaner.
 
Internet Useage

I'm still with you and once again thank you.

I ran Combofix and at stage 5 the computer froze. This has been happening quite a lot recently.

I ran it again and this time it got to the stage of preparing a report then nothing happened. I left it for 15 mins. but it just sat there although it hadn't frozen.

I disabled Avast before running Combofix but I'm not sure if it was completely disabled. I tried to unistall Avast but can't find it in the Uninstall Programmes window.

Can you advise me please. In the meantime I'll try Combofix again.
 
Internet Useage

Here is the Combofix log. The previous problem was due to operator error. I hadn't disabled Avast properly.


ComboFix 11-08-18.02 - John 18/08/2011 19:59:54.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2814.1687 [GMT 1:00]
Running from: c:\users\John\Downloads\Malware Removal\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 19:09 . 2011-08-18 19:09 -------- d-----w- c:\users\JohnP\AppData\Local\temp
2011-08-18 19:09 . 2011-08-18 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 18:30 . 2011-08-17 18:30 -------- d-----w- C:\Freemake_do_not_remove_this_folder634492062415583692
2011-08-16 07:38 . 2011-08-16 07:38 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2011-08-16 07:38 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 07:38 . 2011-08-16 07:38 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 07:38 . 2011-08-16 07:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 07:38 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 20:45 . 2011-08-15 21:37 -------- d-----w- C:\Tools
2011-08-15 14:26 . 2011-08-15 14:26 -------- d-----w- c:\program files\Trend Micro
2011-08-12 07:22 . 2011-08-12 07:22 -------- d-----w- C:\77399587e00fa6e89a1ce9edd1ab8824
2011-08-11 21:38 . 2011-08-11 21:38 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-08-11 21:38 . 2011-08-11 21:38 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-08-11 21:37 . 2011-08-11 21:37 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2011-08-11 21:37 . 2011-08-11 21:37 -------- d-----w- c:\program files\Application Verifier
2011-08-11 21:34 . 2011-08-11 21:34 -------- d-----w- c:\windows\symbols
2011-08-11 21:34 . 2011-08-11 21:34 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-08-10 20:25 . 2011-08-10 20:25 -------- d-----w- C:\461f73c93dbeb6b28611c2389cec38
2011-08-10 20:16 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 20:16 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 20:16 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 20:16 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 20:16 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-10 20:16 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-06 09:03 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB61A8CC-B6F5-4751-A0E2-226B46839D69}\mpengine.dll
2011-08-05 05:51 . 2011-08-05 05:51 -------- d-----w- c:\program files\DIY Kyoto
2011-08-04 21:53 . 2011-07-21 13:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-04 21:53 . 2011-08-04 21:53 -------- d-----w- c:\program files\Lavasoft
2011-08-03 17:33 . 2011-08-03 17:33 -------- d-----w- c:\program files\Lightworks
2011-08-01 19:31 . 2011-08-01 19:31 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-01 19:25 . 2011-08-01 19:25 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c43a08b31cc508003\MeshBetaRemover.exe
2011-07-28 18:02 . 2011-07-28 18:02 -------- d-----w- c:\windows\MSAgent
2011-07-28 03:22 . 2011-07-28 03:22 -------- d-----w- c:\program files\Ask.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 21:58 . 2010-12-16 23:37 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-12 22:25 . 2011-06-01 08:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-04 11:43 . 2010-12-20 17:31 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-20 17:31 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-07-05 11:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-20 17:32 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-20 17:32 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-12-20 17:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-20 17:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-12-20 17:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-11 02:37 . 2011-07-13 19:08 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 18:14 . 2010-02-16 10:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35 . 2011-07-11 20:31 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-23 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-23 18:55 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-11-23 18:55 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-23 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-11-23 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-23 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"024h Lucky Reminder"="c:\program files\024h Lucky Reminder\LuckyReminder.exe" [2006-12-16 1567232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-12 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 675840]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2011-05-17 2794496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ventura Updater.lnk]
backup=c:\windows\pss\Ventura Updater.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
2005-08-05 22:15 61440 ----a-w- c:\windows\VM305_STI.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 14:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2010-12-07 17:30 913412 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-20 12:15 817112 ----a-w- c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-06 15:58 8555040 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-08-07 11:38 675840 ----a-w- c:\windows\vsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tonido]
2011-01-05 09:04 100864 ----a-w- c:\users\John\AppData\Roaming\Tonido\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2009-03-10 18:28 258048 ----a-w- c:\windows\tsnp2std.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CPTMobileCS;CPTMobileCS; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 136176]
R2 tbbLoaderService;tbbLoaderService; [x]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-09-27 17984]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 136176]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-07-21 15232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-03-14 38976]
R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2011-03-14 53312]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
R3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-03-28 39472]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-04-15 51640]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-09-07 4096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [2010-12-07 52824]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 30392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 13:59]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:37]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device...
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\2dtlkfwg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=15414&locale=en_UK&apn_uid=f92c8427-bcb5-4ff8-88f1-6b4f6b3ecd05&apn_ptnrs=N8&apn_sauid=1E96CCB9-3E4C-4FE0-9CC3-01AEE49B0935&apn_dtid=YYYYYYYYGB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: FreeOnlineRadioPlayerRecorder Community Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - %profile%\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: FreemakeConverter: fmconverter@gmail.com - c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-BsScanner
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{DDFE692D-1C85-42C7-9642-EBE284AA4906} - c:\progra~2\TARMAI~1\{DDFE6~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,46,04,66,4a,35,a6,47,af,2c,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,46,04,66,4a,35,a6,47,af,2c,7c,\
.
[HKEY_USERS\S-1-5-21-53921376-1388295128-1849786234-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-53921376-1388295128-1849786234-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-18 20:12:27
ComboFix-quarantined-files.txt 2011-08-18 19:12
.
Pre-Run: 733,728,276,480 bytes free
Post-Run: 733,646,069,760 bytes free
.
- - End Of File - - C60DF9A5CD23D76A352C039BEAD37A86
 
ESET Online Scanner

I tried to run the online scanner twice. Each time the scan starts but doesn't go beyond scanning 155 files. What am I doing wrong?
 
You did not address any of the specifics I left.

Nor can I pass directories like these:
2011-08-17 18:30 -------- d-----w- C:\Freemake_do_not_remove_this_folder634492062415583692
2011-08-12 07:22 -------- d-----w- C:\77399587e00fa6e89a1ce9edd1ab8824
2011-08-10 20:25 -------- d-----w- C:\461f73c93dbeb6b28611c2389cec38

You have picked up the Askbar entries from every download screen that had it rechecked. Additionally, you even have it as a scheduled task to update. Stop this:

I repeat: how can you be surprised that the internet is continually being used?!
=================================
Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
KillAll::
File::
Folder::
c:\program files\Ask.com
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Removing ASK entries
1. Close all open Web browsers
2. From the "Start" menu in Windows, select "Control Panel"
3. Under the "Programs" icon, select "Uninstall a program"
4. Select the program with the Ask logo and the text "Ask Toolbar" or any ASK related entries
5. Do the same for Vuze and Vuze Remove Toolbar
6. Do the same for the Conduit Engine
7 Click "Uninstall" and then "Continue" to remove the Toolbar

Use Windows Explorer to remove the program folder found here: C:\Program Files\AskPBar. If these is any other folder with ASK name, use the right click> delete to remove all.

Use Windows Explorer and right click> delete on Conduit Engine folder as above.
Use Windows Explorer to right click> delete on Vuze/Vuze remote Toolbar folder also.
=======================
Do not reboot the computer unless you are forced to after running the script. Go on to the next fix.
 
Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
Kill All::
File::
DDS::
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Reboot the system and Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
======================
Run TFC (Temp File Cleaner)
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
======================
Empty the Recycle Bin.
=======================
Try the Eset scan again.
 
Internet Useage

Hi Bobbye,

I don't understand wht you mean when you say "You did not address any of the specifics I left.".

I've uninstalled the Ask tooolbar, Vuze, the Vuze remote toolbar and Conduit Engine.

I ran Combofix with the CF script as you instructed and it got to the "Producing Report" screen then just sat there. I tried twice and the same thing happened on both occasions.

I ran Hijack This and the log file is below.

I also ran the Eset scan again and the same thing happened as before, it scanned 135 files then stopped.

I ran TFC and emptied the recycle bin.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:54, on 22/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\vsnp2std.exe
C:\Windows\VM305_STI.EXE
C:\Program Files\NetWorx\networx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\024h Lucky Reminder\LuckyReminder.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\taskhost.exe
C:\Users\John\Downloads\Malware Removal\Hijack This\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [024h Lucky Reminder] "C:\Program Files\024h Lucky Reminder\LuckyReminder.exe" /m
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E415C49-D8A2-4A3D-8A2D-EA2C16107B01}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10210 bytes
 
Bottom line: It you want the internet usage to stop being used continually, I will need to do major surgery to remove the unsuitable processes. We may even find some malware! It's going to take a while and a fair amount of my time. So I want to know that you're going to stick with me and see this through.
Here is my plan:
1. Run Combo fix
2. Run Eset Online Virus Scan
3. Handle logs entries as appropriate for each: For Combofix, set up script to remove bad entries. For Eset, remove malware entries found with appropriate program.
If you want to start-and finish with this, start with the following 2 scans. If you don't tell me now! ??????
4. Run any other programs as needed.
============================================
I ran Combofix with the CF script as you instructed and it got to the "Producing Report" screen then just sat there. I tried twice and the same thing happened on both occasions.
Please try running the script again. There is no point in attempting to go further if these entries can't be removed.

It's possible that trying to remove so many entries won't work- in that case, you will need to reformat and reinstall.
 
Internet being continually used

Hi Bobbye,

I tried running the script again several times with the same result, After this, when trying to start the computer it froze. This happened several times although it would start in safe mode.

Bearing in mind your last comments I decided to go for a re-install and all is well now.

Many thanks for your help, I really appreciate it.
 
Thank you for the update. I'm leaving some tips to help keep the system clean:

Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] Temporary File Cleaner
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
 
Status
Not open for further replies.
Back