[chadgqx]

[chadgqx]

not sure attachments are here?

[chadgqx]

k got it sorry!!!

Attached File(s)

•  DDS.txt (190.19K)
  Number of downloads: 1
•  Attach.txt (5.5K)
  Number of downloads: 1

[chadgqx]

root reapeal doesnt support 64 bit.... what else can i use?

[Fred Flintstone]

Hi chadgqx,..

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  
• On the Scanner tab:

• Make sure the "Perform Quick Acan" option is selected.
  
• Then click on the Scan button.

• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the contents of the logs into the next post, do not attach the file (makes it easier to read)..

[chadgqx]

here u go.... thanks!!!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5769

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2/15/2011 3:16:39 PM
mbam-log-2011-02-15 (15-16-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 325643
Time elapsed: 29 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Fred Flintstone]

Hi chadgqx,
Can you provide a little more info regarding the problem:

• Is it the drop down box of the address bar that is blinking?
  
• Does it happen regardless of which browser you use, or just in Firefox?
  
• Does it happen when you are doing something specific?.. ie. e-mail login or browsing particular sites??
  
• Have you made any hardware / software changes which coincide with the start of the problem?
  (ie. mouse / keyboard / wireless stuff etc?)

Thanks
Fred..

[chadgqx]

the whole bar blinks blue and white... when i started typing this response the "t" was typed then my addy bar starts blinking and i was automatically typing in the blinking addy bar... so i have to re click where the "t" is to continue my response..... Sometimes it gets so bad my whole desktop is blinking and i cant get my task bar to open and forced to restart.... or if i can get my super anti spyware to open and run it will kill the desktop from blinking..... Normally when I scan super will find some kind of adware all will be fine for a bit then back to the crap. ALL WEB BROWSERS are affected.

all sites seem to be affected

NO hardware added

[Fred Flintstone]

Hi chadgqx

ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Hold down Control then click on the following link to open a new window to ESET online scannner
  
• Then click on:
  

  Quote

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology


• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Thanks
Fred

[chadgqx]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=907dede62c8ffc45ad7e4f55d10811c6
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-02 10:21:07
# local_time=2011-06-02 04:21:07 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 21903131 21903131 0 0
# compatibility_mode=5893 16776573 100 94 0 58594686 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=72611
# found=6
# cleaned=6
# scan_time=2032
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chad\AppData\Local\Temp\is-LNB75.tmp\dealio.exe Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Chad\Downloads\Setup_FreeAVCHDConverter.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=907dede62c8ffc45ad7e4f55d10811c6
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-04 05:09:38
# local_time=2011-06-04 11:09:38 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 22056134 22056134 0 0
# compatibility_mode=5893 16776573 100 94 0 58744089 0 0
# compatibility_mode=8192 67108863 100 0 59579 59579 0 0
# scanned=528528
# found=1
# cleaned=0
# scan_time=6740
H:\Windows.old.000\Users\CHAD\AppData\Local\Temp\nps2886.tmp JS/Exploit.Pdfka.OCR.Gen trojan (unable to clean) 00000000000000000000000000000000 I

[Fred Flintstone]

Hi chadgqx,

You appear to have an outdated version of MBAM?

Quote

Malwarebytes' Anti-Malware 1.50.1.1100

Database version: 5769

Can you please download the current version which is 1.50.1.1200 with database version 6777.
Run a scan to include all drives, allow MBAM to fix anything it finds, and post the log.

ESET took out a few baddies, if MBAM still finds nothing we will give Combofix a try..
It's not actually designed for 64 bit machines, but does usually work and produce a log etc..

Please let me know if there is any change in the running of your machine..

Thanks
Fred

[chadgqx]

ok will do.... no change in machine.. I did notice it will stop right after a scan... only to come back 20 minutes later.

running scan now of all drives...



Thanks for all the help
Chad

[chadgqx]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5769

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2/15/2011 3:16:39 PM
mbam-log-2011-02-15 (15-16-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 325643
Time elapsed: 29 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Fred Flintstone]

Hi Chad,
Still got the old MBAM log there?

Quote

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5769

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2/15/2011 3:16:39 PM
mbam-log-2011-02-15 (15-16-39).txt

Either the program hasn't updated properly, or you have some old logs there and are posting the wrong one??
(Note the version numbers and the date stamp in the above log)

If neccesary, please uninstall MBAM completely before downloading and installing the new version.

Thanks
Fred

[chadgqx]

sorry posted an old log....


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6779

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/5/2011 6:59:36 PM
mbam-log-2011-06-05 (18-59-35).txt

Scan type: Full scan (C:\|D:\|F:\|H:\|I:\|J:\|)
Objects scanned: 703982
Time elapsed: 1 hour(s), 53 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Fred Flintstone]

Hi chad,

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
  
• If you need help to disable your protection programs see here.
  
• Right-click on ComboFix.exe and select Run as administrator then follow the prompts.
  
• When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

If you need help, please see this link:
http://www.bleepingc...to-use-combofix

Thanks
Fred

[chadgqx]

here u go i kept getting the error cant find Nircmd error and just kept hitting ok....



ComboFix 11-06-06.02 - Chad 06/06/2011 18:53:38.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.2720 [GMT -6:00]
Running from: c:\users\Chad\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\FF\chrome.manifest
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files (x86)\Dealio Toolbar\FF\install.rdf
c:\program files (x86)\Dealio Toolbar\IE\4.4\config.ini
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\program files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Recent\img-128130533-0001.pdf(536KB).url
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 01:01 . 2011-06-07 01:01 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2011-06-07 01:01 . 2011-06-07 01:01 -------- d-----w- c:\users\KIDS\AppData\Local\temp
2011-06-07 01:01 . 2011-06-07 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-06 13:34 . 2011-06-06 13:35 -------- d-----w- c:\users\Chad\AppData\Local\{9AB9D7FA-5995-4138-8E40-EA732CA90021}
2011-06-03 23:33 . 2011-06-03 23:33 -------- d-----w- c:\users\Chad\AppData\Local\Programs
2011-06-03 20:52 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5077C4AD-336B-4C32-AC1E-5561CB924AD5}\mpengine.dll
2011-06-03 01:31 . 2011-06-06 01:34 -------- d-----w- c:\users\Chad\AppData\Local\{20AE1532-DD8D-4203-B6E4-6200C14C6B07}
2011-06-02 21:44 . 2011-06-02 21:44 -------- d-----w- c:\program files (x86)\ESET
2011-06-02 01:30 . 2011-06-02 13:31 -------- d-----w- c:\users\Chad\AppData\Local\{515E85B3-0A82-4F0D-B49D-B07EED0A7162}
2011-06-01 13:29 . 2011-06-01 13:30 -------- d-----w- c:\users\Chad\AppData\Local\{AB274B13-4282-49E0-9BAE-53B9EA78ABAB}
2011-05-30 01:23 . 2011-06-01 01:25 -------- d-----w- c:\users\Chad\AppData\Local\{1FF0A56E-8C4B-4968-95F5-916633849D29}
2011-05-29 03:14 . 2011-06-02 21:48 -------- d-----w- c:\program files (x86)\Application Updater
2011-05-29 03:14 . 2011-05-29 03:14 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-05-28 16:10 . 2011-05-28 16:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-28 15:25 . 2011-05-28 15:25 -------- d-----w- c:\users\Chad\AppData\Local\{C66FE8E0-BB32-46F4-B55D-DFB518DC3ACE}
2011-05-25 02:34 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 14:50 . 2011-05-28 02:53 -------- d-----w- c:\users\Chad\AppData\Local\{29C62745-9D88-4F20-BA81-E29D37220822}
2011-05-23 03:02 . 2011-05-23 03:03 -------- d-----w- c:\program files (x86)\Free HD Converter
2011-05-23 03:02 . 2011-05-23 03:02 -------- d-----w- c:\users\Chad\AppData\Roaming\FreeHDConverter
2011-05-23 02:55 . 2011-05-23 02:55 -------- d-----w- c:\program files (x86)\Conduit
2011-05-23 02:55 . 2011-05-23 02:55 -------- d-----w- c:\program files (x86)\MyAshampoo
2011-05-22 22:48 . 2011-05-22 22:48 -------- d-----w- c:\users\Chad\AppData\Local\{3BF3ACD9-16EF-4BE2-9D36-E7ABB34C8CB6}
2011-05-22 19:14 . 2011-05-22 19:14 -------- d-----w- C:\!KillBox
2011-05-21 22:46 . 2011-05-22 10:47 -------- d-----w- c:\users\Chad\AppData\Local\{4E571947-B8B2-4CBB-AE94-7832F84DC4ED}
2011-05-21 17:32 . 2011-05-21 17:32 -------- d-----w- c:\program files (x86)\BHODemon 2
2011-05-20 10:45 . 2011-05-21 10:46 -------- d-----w- c:\users\Chad\AppData\Local\{4B9DC1D8-4394-4BBD-8A81-A35D9C7BB9E4}
2011-05-19 23:52 . 2011-05-29 15:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-19 23:52 . 2011-05-29 15:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 23:30 . 2011-05-19 23:30 -------- d-----w- c:\users\Chad\AppData\Roaming\SUPERAntiSpyware.com
2011-05-19 23:30 . 2011-05-19 23:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-19 23:30 . 2011-05-19 23:30 -------- d-----w- c:\programdata\!SASCORE
2011-05-19 23:30 . 2011-05-24 14:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-19 22:44 . 2011-05-19 22:45 -------- d-----w- c:\users\Chad\AppData\Local\{DB88C38D-5088-481B-81DC-AFE10B039395}
2011-05-19 04:29 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 04:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-18 05:51 . 2011-05-19 05:52 -------- d-----w- c:\users\Chad\AppData\Local\{A4735583-F454-4F81-9828-CAE2689D8E54}
2011-05-18 01:07 . 2011-05-18 01:07 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-18 01:07 . 2011-05-18 01:07 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-18 01:07 . 2011-05-18 01:07 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-18 01:07 . 2011-05-18 01:07 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-18 01:07 . 2011-05-18 01:07 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-18 01:07 . 2011-05-18 01:07 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-18 01:07 . 2011-05-18 01:07 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-18 01:07 . 2011-05-18 01:07 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-18 00:57 . 2011-05-18 00:57 2848484 ----a-w- c:\programdata\SPL924E.tmp
2011-05-15 17:48 . 2011-05-17 17:50 -------- d-----w- c:\users\Chad\AppData\Local\{50FF017C-2A68-4BB3-AC48-94A87145561D}
2011-05-15 01:38 . 2011-05-15 01:38 -------- d-----w- c:\users\Chad\AppData\Local\{8ED6B8E6-ACCA-4B76-A8CD-8C98C366FD2B}
2011-05-13 01:36 . 2011-05-14 13:38 -------- d-----w- c:\users\Chad\AppData\Local\{C6A02E75-8BE2-4995-BCDC-62C230354BCE}
2011-05-12 13:36 . 2011-05-12 13:36 -------- d-----w- c:\users\Chad\AppData\Local\{9026F2DE-8AEC-485B-84BF-9D75E7CDFBAA}
2011-05-11 19:44 . 2011-05-11 19:47 -------- d-----w- c:\users\Chad\AppData\Local\Flock
2011-05-11 18:28 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 18:28 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 18:28 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 18:28 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 18:28 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 18:28 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 18:28 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 18:28 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 18:28 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 18:28 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 01:34 . 2011-05-12 01:35 -------- d-----w- c:\users\Chad\AppData\Local\{47B837FD-2059-4A90-9A2F-67DFB5D96005}
2011-05-09 13:33 . 2011-05-10 13:34 -------- d-----w- c:\users\Chad\AppData\Local\{EE7A1E4A-58AB-4BB8-8017-CFD005368142}
2011-05-08 23:49 . 2009-08-06 18:34 791552 ----a-w- c:\windows\system32\lexlog.dll
2011-05-08 23:49 . 2011-05-08 23:49 -------- d-----w- c:\program files\Lexmark_iListener
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-09-11 16:35 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-09-11 16:35 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-10 12:10 . 2011-03-01 01:03 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:04 . 2011-03-01 01:03 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:04 . 2010-09-11 16:36 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-09-11 16:36 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-09-11 16:36 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-09-11 16:36 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-09-11 16:36 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-12 15:19 . 2011-04-12 15:19 29776 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-04-12 15:19 . 2011-04-12 15:19 46160 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-04-06 22:26 . 2011-04-06 22:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 22:26 . 2011-04-06 22:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 22:26 . 2011-04-06 22:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 22:26 . 2011-04-06 22:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 22:20 . 2011-04-06 22:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 22:20 . 2011-04-06 22:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 22:20 . 2011-04-06 22:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 22:20 . 2011-04-06 22:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-13 00:40 . 2011-03-13 00:40 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-12 12:03 . 2011-04-27 05:10 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-27 05:10 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-27 05:09 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-27 05:09 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-27 05:09 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-27 05:09 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-27 05:09 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-27 05:09 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-27 05:09 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-13 23:57 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 23:57 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-27 05:09 2566144 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-27 05:09 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-13 23:57 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 23:57 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-27 05:09 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-27 05:09 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-09 15:13 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-09 07:47 . 2011-03-13 00:40 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-09 07:47 . 2011-03-13 08:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 21:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 21:26 3908192 ----a-w- c:\program files (x86)\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-12 66040]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Starfield Updater"="c:\users\Chad\AppData\Local\Starfield\WorkspaceUpdate.exe" [2011-03-06 33984]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-24 2988928]
"MusicManager"="c:\users\Chad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-05-31 12816384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-09-11 202256]
"Lexmark Pro800-Pro900 Series"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" [2010-05-17 316072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-22 30192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-04-12 126976]
"Immunet Protect"="c:\program files\Immunet Protect\2.0.17\iptray.exe" [2011-04-12 3810632]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptbehaviorAdmin"= 5 (0x5)
"ConsentPromptbehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]
R2 LexPrintListener;LexPrint Listener;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-22 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Starfield\offSyncService.exe [2011-02-02 1215216]
S2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [2011-04-12 272080]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LexPrintListener REG_MULTI_SZ LexPrintListener
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-09 09:11]
.
2011-06-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-12 15:15]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 16:28]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 16:28]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4639771-795588040-3097123507-1001Core.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4639771-795588040-3097123507-1001UA.job
- c:\users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 16:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{12961C5D-345F-4F25-92AD-B831FC207D37}: DhcpNameServer = 24.116.2.50 24.116.2.34
FF - ProfilePath - c:\users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\u84cnhg4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-06 19:03:56
ComboFix-quarantined-files.txt 2011-06-07 01:03
.
Pre-Run: 309,322,838,016 bytes free
Post-Run: 311,346,257,920 bytes free
.
- - End Of File - - 9DC4E16A83A9BF444D4154031D368488

[Fred Flintstone]

Hi Chad,
Sorry for the delay. very busy at work past couple of days!
Will get on to this later this evening.

Any improvement after the combofix run??

Thanks
Fred

[chadgqx]

I think its getting worse!! May be time to reformat.... Any help is greatly appreciated and totally understand the busy schedule!!

Thanks again!

Chad

[Fred Flintstone]

Hi Chad,

Apart from the Dealio toolbar which Combofix removed, the scans haven't seemed to turn up much on the system so far.
I will go through all the drivers and exe's etc in the Combo log to see if anything insidious is there but at a glance I can't see anything jumping out which would cause this issue!

There's also the possibility it might be a hardware issue?

Quote

I think its getting worse!! May be time to reformat....

I must admit that personally, reinstalling is my method of choice if my pc is having problems, but that's just because I have nothing on this machine that I can't easily replace afterwards.
Anything remotely "important" is backed up on removable drives etc?

Should you decide on this option, please let me know.. but in the meantime, I will continue looking at the Combofix log and get back to you asap..

Again, sorry for the waiting and thanks for your understanding!..

regards
Fred