dwt

not getting the popups saying malware detected and quaratined trojan.small etc. however on full scan there are items in a quarantine folder, should 'remove selected' be done on these? Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.20.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PBSLLaptop8 :: DWTLAPTOP [administrator] Protection: Enabled 20/06/2012 8:24:10 PM mbam-log-2012-06-20 (21-00-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 335961 Time elapsed: 30 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Qoobox\Quarantine\C\Users\PBSLLaptop8\AppData\Local\uztigowwm.exe.vir (Trojan.Agent.P3Xgen) -> No action taken. C:\Qoobox\Quarantine\C\Users\PBSLLaptop8\AppData\Local\{4b7be691-b268-e7b2-db99-7940a39a8df9}\n.vir (Trojan.Dropper.PE4) -> No action taken. C:\Qoobox\Quarantine\C\Windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\00000001.@.vir (Trojan.Small) -> No action taken. C:\Qoobox\Quarantine\C\Windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\80000000.@.vir (Trojan.Sirefef) -> No action taken. C:\Qoobox\Quarantine\C\Windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\800000cb.@.vir (Rootkit.0Access) -> No action taken. C:\Users\PBSLLaptop8\Desktop\RK_Quarantine\uztigowwm.exe.vir (Trojan.Agent.P3Xgen) -> No action taken. (end)

showing clean. log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.20.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PBSLLaptop8 :: DWTLAPTOP [administrator] Protection: Enabled 20/06/2012 7:06:54 PM mbam-log-2012-06-20 (19-06-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227348 Time elapsed: 2 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

ok, thanks for you prompt and helpful replies on this. It's appreciated. log below from combofix: ComboFix 12-06-19.03 - PBSLLaptop8 20/06/2012 7:35.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3241.2174 [GMT -4:00] Running from: c:\users\PBSLLaptop8\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\PBSLLA~1\AppData\Local\Temp\{FBAFD646-00BF-44C6-A92F-70E6C4B4DD2F}\fpb.tmp c:\users\PBSLLaptop8\AppData\Local\{4b7be691-b268-e7b2-db99-7940a39a8df9}\@ c:\users\PBSLLaptop8\AppData\Local\{4b7be691-b268-e7b2-db99-7940a39a8df9}\n c:\users\PBSLLaptop8\AppData\Local\Temp\{FBAFD646-00BF-44C6-A92F-70E6C4B4DD2F}\fpb.tmp c:\users\PBSLLaptop8\AppData\Local\uztigowwm.exe c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\@ c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\00000001.@ c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\80000000.@ c:\windows\Installer\{4b7be691-b268-e7b2-db99-7940a39a8df9}\U\800000cb.@ c:\windows\system32\drivers\npf.sys c:\windows\system32\instsrv.exe . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 ))))))))))))))))))))))))))))))) . . 2012-06-20 11:40 . 2012-06-20 11:41 -------- d-----w- c:\users\PBSLLaptop8\AppData\Local\temp 2012-06-20 11:40 . 2012-06-20 11:40 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-06-20 11:40 . 2012-06-20 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-18 17:36 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-18 17:36 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-18 17:36 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-18 17:36 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-18 17:36 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-18 17:36 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-18 17:36 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-18 17:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-18 17:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-18 17:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-18 17:34 . 2012-06-18 17:34 -------- d-----w- c:\users\PBSLLaptop8\AppData\Roaming\Malwarebytes 2012-06-18 17:34 . 2012-06-18 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-18 17:34 . 2012-06-18 17:34 -------- d-----w- c:\programdata\Malwarebytes 2012-06-18 17:34 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-17 22:32 . 2012-06-18 21:30 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-06-17 21:22 . 2012-06-18 21:30 -------- d-----w- c:\users\PBSLLaptop8\AppData\Local\{07FD7DE2-21C0-74E1-29D4-B26E08B4A542} 2012-06-17 12:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BFC5903-4B89-4D1C-80EA-4378CFDDE435}\mpengine.dll 2012-06-16 10:43 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-12 22:41 . 2012-02-11 10:44 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6209A929-BB0E-4E0E-9447-EDB82AC1FE58}\gapaengine.dll 2012-06-03 15:28 . 2012-06-03 16:01 -------- d-----w- c:\users\PBSLLaptop8\AppData\Roaming\SmartDraw 2012-06-03 15:27 . 2012-06-03 15:28 -------- d-----w- c:\program files\SmartDraw 2012 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-17 22:30 . 2012-03-28 23:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-17 22:30 . 2011-11-17 02:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-31 04:39 . 2012-05-09 22:29 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-09 22:29 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-09 22:29 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay] @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}] 2011-05-27 23:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay] @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}] 2011-05-27 23:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 5955072] "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704] "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 6306712] "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 214384] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . c:\users\PBSLLaptop8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-11-16 50688] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba] 2010-09-15 17:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . 2;2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480] R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 21504] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584] S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488] S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 1568664] S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2003-04-19 8192] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192] S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 44144] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [2011-01-04 62440] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34789903-4041923258-2902432038-1000Core.job - c:\users\PBSLLaptop8\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 16:48] . 2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-34789903-4041923258-2902432038-1000UA.job - c:\users\PBSLLaptop8\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 16:48] . 2012-06-20 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-06-03 18:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = *.local Trusted Zone: patene.com\vpn TCP: DhcpNameServer = 192.168.0.1 DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.patene.com/CACHE/stc/1/binaries/vpnweb.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe SafeBoot-MsMpSvc . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(568) c:\windows\system32\wvauth.DLL . - - - - - - - > 'Explorer.exe'(5048) c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\program files\Common Files\SPBA\upeksvr.exe c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Dell\DW WLAN Card\bcmwltry.exe c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\DRIVERS\o2flash.exe c:\windows\system32\SDIOAssist.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\DllHost.exe c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Java\Java Update\jusched.exe . ************************************************************************** . Completion time: 2012-06-20 07:43:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-20 11:43 . Pre-Run: 214,120,140,800 bytes free Post-Run: 214,746,390,528 bytes free . - - End Of File - - 3D1CDF4853FEFFC201E688F9FED21A30

ran steps, thanks. logs attached. RKreport4.txt tdss.txt

Thanks. ran program, log attached. RKreport1.txt

posted new in correct forum. will follow in there. thanks

new here so forgive me if incorrect. recently had some virus issues, I run MSE, but it had been disabled, once i got it back up, system started shutting down every minute. after light research restored to a previous date and was able to get malwarebytes on, ran it found some threats, cleaned them with mb but they still re-gen. logs attached Attach.txt DDS.txt mbam-log-2012-06-18 (13-36-16).txt mbam-log-2012-06-18 (16-23-15).txt

new here so forgive me if incorrect. recently had some virus issues, run MSE, but it had been disabled. after light research restored to a previous date and was able to get malwarebytes on, ran it found some threats, cleaned them but they still re-gen. logs attached DDS.txt Attach.txt mbam-log-2012-06-18 (13-36-16).txt mbam-log-2012-06-18 (16-23-15).txt