MickKnipfler

Can someebody please tell me what this entry actually means: O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h The reason I ask is that I don't have Comodo installed. I'm now using windows firewall

That HJT log was an old one. Here is the new one: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:27:54, on 07/01/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Napster\napster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Users\Chell\AppData\Roaming\Spotify\spotify.exe C:\Users\Chell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing) O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_SD0E6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1744626200-2204961953-3964631415-1003\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Chell') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10653 bytes

OK thanks...all done. You're a star

OK thanks. I have domething called MBR.dat on my desktop. Do you know what that is? I think it was something to do with virus removal

OK, do I use control panel for that?

OK, done that. I still have other stuff on my desktop that I don't need, mainly from previous fixes. e.g TDS Killer. Should I remove these?

Java update was fine. Adobe Reader said that no updates were available. I use Foxsit reader anyway

Hi, I'm not aware of any P2P or bit torrent software being used. I don't know how to start using it or what to do with it. However, I doo have a teenage son that may have done it. What do I need to do to clean up?

Here you go: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 37 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Symantec Norton Online Backup NOBuAgent.exe Symantec Norton Online Backup NOBuClient.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Here you go: esets_scanner_update returned -1 esets_gle=53251 I don't know what that tells you but the scanner said that it found 1 threat called FlashPlayerSDM.exe Should I delete this file? The machine seems to be running OK.....

This laptop seems to be running pretty slow these days and after going into hibernation, won't connect to the internet again until after a reboot. The MBAM log looks clean but I'm sure something isn't right. Can anybody help please Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.30.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Chell :: HPPAVILION [limited] 02/01/2013 20:23:25 mbam-log-2013-01-02 (20-23-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 162540 Time elapsed: 8 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:55, on 16/02/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Napster\napster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Windows\System32\rundll32.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\msfeedssync.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll (file missing) O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_SD0E6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A885A05-466C-4DF5-8D6A-65A0D90601F4}: NameServer = 217.171.135.1 217.171.132.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll, avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11400 bytes

After I had run combofix, I couldn't open MSE or IE so I rebooted and it seems OK now. Here are the logs (I only did a quick MBAM scan): ComboFix 13-01-01.02 - Steve 02/01/2013 0:21.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1783.650 [GMT 0:00] Running from: c:\users\Steve\Desktop\ComboFix.exe Command switches used :: c:\users\Steve\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-02 to 2013-01-02 ))))))))))))))))))))))))))))))) . . 2013-01-02 00:27 . 2013-01-02 00:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-02 00:27 . 2013-01-02 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 16:04 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6E663BB-9B5E-4DA1-84E6-FAB7F2361DE8}\mpengine.dll 2013-01-01 11:52 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-30 09:26 . 2012-12-30 09:26 -------- d-----w- c:\users\Steve\AppData\Local\Programs 2012-12-22 08:55 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 08:55 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 08:55 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 08:54 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 09:57 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 09:57 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 09:55 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 09:55 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 16:49 . 2011-02-14 11:06 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 08:46 . 2011-03-11 21:45 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 11:15 . 2012-09-02 18:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 11:15 . 2012-09-02 18:06 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-29 00:41 . 2012-11-29 00:41 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D4F7D7B-771A-4281-8239-8699CB1352DA}\gapaengine.dll 2012-10-16 08:38 . 2012-11-28 12:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 12:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 12:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 12:26 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 18:17 . 2012-11-15 12:26 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 12:26 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 12:26 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 09:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1255736] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 11:15] . 2013-01-01 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43] . 2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 21:58] . 2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 21:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 413208] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504] "Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://emachines.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\241636F6E6: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\244524573796E6563737845726D2433373: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\24F696E676F60284F6473707F647: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\2656C6B696E6E2731346: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\3597E6368627F6E6F6373702942756C616E646: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\94E666F637973713: NameServer = 8.26.56.26,156.154.70.22 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - ORPHANS REMOVED - - - - . AddRemove-Go your own way - c:\windows\system32\Go your own way.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-01-02 00:36:17 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-02 00:36 ComboFix2.txt 2013-01-01 11:34 ComboFix3.txt 2012-03-06 19:56 . Pre-Run: 154,324,029,440 bytes free Post-Run: 154,248,892,416 bytes free . - - End Of File - - 101C09E2FF93864908FE61B8461143B8 Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steve :: ACERLAPTOP [administrator] 02/01/2013 00:44:32 mbam-log-2013-01-02 (00-44-32).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 350733 Time elapsed: 1 hour(s), 8 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

OK thanks. Are you still seeing problems? ComboFix 13-01-01.02 - Steve 01/01/2013 11:23:25.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1783.883 [GMT 0:00] Running from: c:\users\Steve\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 ))))))))))))))))))))))))))))))) . . 2013-01-01 11:31 . 2013-01-01 11:31 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-01 11:31 . 2013-01-01 11:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 08:59 . 2013-01-01 08:59 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABBF68A9-B4D4-49EF-AAC9-61AB585D7E53}\offreg.dll 2013-01-01 08:53 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABBF68A9-B4D4-49EF-AAC9-61AB585D7E53}\mpengine.dll 2012-12-31 04:07 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-30 09:26 . 2012-12-30 09:26 -------- d-----w- c:\users\Steve\AppData\Local\Programs 2012-12-22 08:55 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 08:55 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 08:55 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 08:54 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 09:57 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 09:57 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 09:55 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 09:55 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 16:49 . 2011-02-14 11:06 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 08:46 . 2011-03-11 21:45 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 11:15 . 2012-09-02 18:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 11:15 . 2012-09-02 18:06 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-29 00:41 . 2012-11-29 00:41 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D4F7D7B-771A-4281-8239-8699CB1352DA}\gapaengine.dll 2012-10-16 08:38 . 2012-11-28 12:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 12:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 12:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 12:26 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 18:17 . 2012-11-15 12:26 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 12:26 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 12:26 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 09:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 12:25 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 12:25 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 12:25 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 12:25 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 12:25 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 12:25 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 12:25 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 12:25 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 12:25 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 12:25 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 12:25 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dpclat_driver;dpclat_driver;c:\windows\system32\drivers\dpclat_driver.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1255736] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 11:15] . 2012-12-31 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 21:58] . 2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 21:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 413208] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-13 11046504] "Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 861216] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://emachines.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\241636F6E6: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\244524573796E6563737845726D2433373: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\24F696E676F60284F6473707F647: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\2656C6B696E6E2731346: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\3597E6368627F6E6F6373702942756C616E646: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6}\94E666F637973713: NameServer = 8.26.56.26,156.154.70.22 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Go your own way - c:\windows\system32\Go your own way.scr . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-01 11:34:57 ComboFix-quarantined-files.txt 2013-01-01 11:34 ComboFix2.txt 2012-03-06 19:56 . Pre-Run: 154,094,518,272 bytes free Post-Run: 154,386,014,208 bytes free . - - End Of File - - 68BC7AACB166B445C1101C8DD2C715DF

Here you are. I'm not aware of any other issues but I think my desktop needs cleaning up Happy new year to you too... RogueKiller V8.4.1 [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Steve [Admin rights] Mode : Remove -- Date : 12/31/2012 22:34:08 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][sUSP PATH] CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job : C:\Users\Steve\AppData\Local\Temp\cis2D66.exe --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} -> DELETED [TASK][sUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job : C:\Users\Steve\AppData\Local\Temp\cis2D66.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} -> DELETED [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++ --- User --- [MBR] 601f2eb2568f60b8a1e2a763443c83da [bSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: USB Disk +++++ --- User --- [MBR] fc036ed560e3d071ce4f1ad136260551 [bSP] 2fbc46007df745ebafaf97c14e684ad8 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xe0) [VISIBLE] Offset (sectors): 33667297 | Size: 1680522 Mo 1 - [XXXXXX] UNKNOWN (0xe4) [VISIBLE] Offset (sectors): 59304794 | Size: 61025 Mo 2 - [XXXXXX] UNKNOWN (0x10) [VISIBLE] Offset (sectors): 29393754 | Size: 647194 Mo 3 - [XXXXXX] LINUX-SWP (0xc3) [HIDDEN!] Offset (sectors): 541869390 | Size: 682794 Mo Error reading LL1 MBR! Error reading LL2 MBR! Finished : << RKreport[5]_D_12312012_02d2234.txt >> RKreport[2].txt ; RKreport[3]_S_12312012_02d0524.txt ; RKreport[4]_S_12312012_02d2232.txt ; RKreport[5]_D_12312012_02d2234.txt

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Steve [Admin rights] Mode : Scan -- Date : 12/31/2012 05:24:57 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [TASK][sUSP PATH] CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job : C:\Users\Steve\AppData\Local\Temp\cis2D66.exe --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} -> FOUND [TASK][sUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job : C:\Users\Steve\AppData\Local\Temp\cis2D66.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++ --- User --- [MBR] 601f2eb2568f60b8a1e2a763443c83da [bSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: USB Disk +++++ --- User --- [MBR] fc036ed560e3d071ce4f1ad136260551 [bSP] 2fbc46007df745ebafaf97c14e684ad8 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0xe0) [VISIBLE] Offset (sectors): 33667297 | Size: 1680522 Mo 1 - [XXXXXX] UNKNOWN (0xe4) [VISIBLE] Offset (sectors): 59304794 | Size: 61025 Mo 2 - [XXXXXX] UNKNOWN (0x10) [VISIBLE] Offset (sectors): 29393754 | Size: 647194 Mo 3 - [XXXXXX] LINUX-SWP (0xc3) [HIDDEN!] Offset (sectors): 541869390 | Size: 682794 Mo Error reading LL1 MBR! Error reading LL2 MBR! Finished : << RKreport[3]_S_12312012_02d0524.txt >> RKreport[2].txt ; RKreport[3]_S_12312012_02d0524.txt