zombi2

Not sure if I got the Alactro toolbar as I was locked out of that laptop shortly after (unrelated issues), but it seems like a repainted Chrome. Had some good features I thought but I'm not so sure about security.

I hadn't seen your post when I was making mine. The gaps are just one large space in the log to the text cursor so when you copy and paste it shows up a single space, not the multiple needed for it look the same. So I took a screenshot (or picture, I fail to see the difference), and uploaded it. Then it dawned on me why I couldn't find any logs on this forum that looked that way: nobody posts their logs using photobucket!

Nevermind, I just realized why I never see them like that!

I guess it won't post that way either so here's a pic

I ran DDS to show my brother what it does and all the info under "Last 30 Days" and "Find 3M" are oddly uniform and full of gaps. Ex: 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:43:1216384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe I had to re-create this since the gaps only constitute one space regardless of size, but is this indicative of a problem? I haven't had any issues lately but I've never seen dds logs that look like this.

I was unaware of this before today but I am a little intrigued by a few of it's features. Though of course like a lot of new software brands there are claims about malicious intent, I'm guessing these WOT ratings probably say all I need to know about that: But I'm still wondering if it's worth getting since the only reviews I've seen are from sites I'm not familiar with and and searching "torch browser" on a few tech forums resulted in no hits. :? Has anyone tried this?

All done, and I bookmarked the links. Thanks so much for all your help! Cheers

ComboFix 13-02-03.03 - z 02/05/2013 15:38:15.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6049.4565 [GMT -8:00] Running from: c:\users\z\.swt\Downloads\Contacts\Desktop\ComboFix.exe Command switches used :: c:\users\z\.swt\Downloads\Contacts\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\z\.swt\Downloads\10_8.exe" "c:\users\z\.swt\Downloads\Downloads\10_8.exe" "c:\users\z\.swt\Downloads\jak.htm" "c:\users\z\.swt\Downloads\jak_001.htm" "c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251" "c:\users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\z\.swt\Downloads\10_8.exe c:\users\z\.swt\Downloads\Downloads\10_8.exe c:\users\z\.swt\Downloads\jak.htm c:\users\z\.swt\Downloads\jak_001.htm . . ((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 ))))))))))))))))))))))))))))))) . . 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Guest.z-PC.000\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\dwayne\AppData\Local\temp 2013-02-05 23:47 . 2013-02-05 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-05 22:35 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52066E1F-8327-4433-94FE-0B349F9BCA29}\mpengine.dll 2013-02-05 08:51 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-03 21:11 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F541064-4E5A-46CF-A492-081BFAFD043F}\gapaengine.dll 2013-02-01 08:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9695A6C0-4CEA-456D-AEF7-67197F4C9227}\mpengine.dll 2013-02-01 07:01 . 2013-02-01 07:02 -------- d-----w- C:\Downloads 2013-01-30 06:02 . 2013-01-30 06:02 -------- d-----w- c:\users\dwayne\AppData\Local\Oberon Media 2013-01-20 01:35 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Free Download Manager 2013-01-19 07:36 . 2013-01-19 07:36 -------- d-----w- c:\users\dwayne\AppData\Roaming\Shockwave 2013-01-18 00:51 . 2013-01-28 18:26 -------- d-----w- c:\program files\Old Movie Maker 2013-01-10 17:58 . 2013-01-28 18:22 -------- d-----w- c:\program files (x86)\ESET 2013-01-10 15:45 . 2013-01-28 18:26 -------- d-----w- c:\windows\ERUNT 2013-01-10 15:44 . 2013-02-03 21:29 -------- d-----w- C:\JRT 2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-01-10 15:26 . 2013-01-28 18:26 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-09 10:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 10:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 10:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 10:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 10:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 10:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 10:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 10:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 10:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 10:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 08:41 . 2013-01-09 08:41 -------- d-----w- c:\users\z\AppData\Roaming\Malwarebytes 2013-01-09 08:40 . 2013-01-28 18:22 -------- d-----w- c:\programdata\Malwarebytes 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-09 08:40 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 08:40 . 2013-01-09 08:40 -------- d-----w- c:\users\z\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-01 16:41 . 2011-09-02 04:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-01-30 10:53 . 2012-01-29 17:45 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 11:03 . 2012-09-13 10:00 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-01 20:53 . 2012-02-12 09:43 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2013-01-01 20:53 . 2012-02-12 09:43 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-01-01 20:53 . 2012-02-12 09:43 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2013-01-01 20:53 . 2012-02-12 09:43 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-12-16 17:11 . 2012-12-22 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 08:18 . 2012-03-30 16:30 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-07 08:18 . 2011-12-10 05:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-05 17:38 . 2012-02-27 01:10 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-12-05 17:37 . 2012-02-25 20:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-12-05 17:37 . 2012-02-25 20:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-11-30 04:45 . 2013-01-09 10:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 18:52 . 2012-11-29 18:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-11-29 18:52 . 2012-11-29 18:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-11-29 12:40 . 2012-02-25 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-11-29 12:40 . 2012-02-27 01:09 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-11-29 12:39 . 2012-02-27 01:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-11-29 12:39 . 2012-02-27 01:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-23 10:29 . 2012-11-23 10:29 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-23 10:29 . 2011-12-09 03:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-15 20:46 . 2012-02-25 20:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-14 07:06 . 2012-12-13 11:00 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 11:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 11:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 11:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 11:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 11:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 11:00 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 11:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 11:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 11:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 11:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 11:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 11:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 11:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 11:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 11:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 11:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 11:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 11:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 11:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 11:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-13 01:35 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-13 01:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}] 2011-04-20 23:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-11-29 296096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-7-17 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-10 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 assd;assd; [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688] S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504] S2 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-02-26 16768] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000Core.job - c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689237700-1048555172-985343890-1000UA.job - c:\users\z\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 21:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab FF - ProfilePath - c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-01-06 13:39; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi . - - - - ORPHANS REMOVED - - - - . BHO-{68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - (no file) Toolbar-Locked - (no file) AddRemove-113270367 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe AddRemove-11551673 - c:\programdata\Oberon Media\Channels\110341560\\Uninstaller.exe AddRemove-UNO® - Undercover™ - c:\progra~2\SHOCKW~1.COM\UNOUND~1\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\05\0d\09-\0c?" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-05 15:51:09 ComboFix-quarantined-files.txt 2013-02-05 23:51 ComboFix2.txt 2013-02-03 21:01 ComboFix3.txt 2013-01-10 14:53 . Pre-Run: 393,055,653,888 bytes free Post-Run: 393,963,016,192 bytes free . - - End Of File - - 2AD3F31DA49B40373EDE97B6C2025D04 Everything seems to be running fine and CPU usage is much lower than it was before

127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++ --- User --- [MBR] c109e6cbb74cc7ed16fc4a15ef895d59 [bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02052013_02d0004.txt >> RKreport[1]_S_02052013_02d0004.txt RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : z [Admin rights] Mode : Remove -- Date : 02/05/2013 00:06:01 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [sTARTUP][sUSP PATH] Best Buy pc app.lnk @Guest.z-PC.000 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED [HJPOL] HKCU\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++ --- User --- [MBR] c109e6cbb74cc7ed16fc4a15ef895d59 [bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 584878 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02052013_02d0006.txt >> RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt RogueKiller V8.4.4 _x64_ [Feb 4 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : z [Admin rights] Mode : Shortcuts HJfix -- Date : 02/05/2013 00:11:08 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 1 / Fail 0 Quick launch: Success 1 / Fail 0 Programs: Success 96 / Fail 0 Start menu: Success 1 / Fail 0 User folder: Success 272 / Fail 0 My documents: Success 4 / Fail 4 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 596 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 283 / Fail 0 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped Finished : << RKreport[3]_SC_02052013_02d0011.txt >> RKreport[1]_S_02052013_02d0004.txt ; RKreport[2]_D_02052013_02d0006.txt ; RKreport[3]_SC_02052013_02d0011.txt

ESET scan: C:\Qoobox\Quarantine\C\ProgramData\Bcool\background.html.vir Win32/Adware.MultiPlug.H application C:\Qoobox\Quarantine\C\ProgramData\Bcool\eekifemnhghopphmadcfepmcbnnphcnj.crx.vir Win32/Adware.MultiPlug.H application C:\Users\z\.swt\Downloads\Downloads\10_8.exe multiple threats C:\Users\z\.swt\Downloads\10_8.exe multiple threats C:\Users\z\.swt\Downloads\jak.htm HTML/Iframe.B.Gen virus C:\Users\z\.swt\Downloads\jak_001.htm HTML/Iframe.B.Gen virus C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\97fea4d-279e1251 multiple threats C:\Users\z\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\41b43445-5e88d7bc multiple threats

Thanks for keeping it open. I've had several problems while offline and have had to restore (and undo restores) multiple times, including dates prior to any of the steps above so I'm sure some old issues crept up again, along with new ones. I now have random shut-offs (even while plugged in and fully charged) and my screen brightness changes out of nowhere while simply browsing and the cooling fans go nuts. Plus MSE is turned off and can't be started (Error 0x8007002). I'll redo all the above tonight or in the morning and get back when I'm at the ESET scan.

Sorry, my internet was shut off during the scan. Since I'm moving this month anyway I won't have any service til next month. Just to be safe I'll do the last steps when I get connected but I can already tell things are much better. Thanks a lot for all your help. I'm gonna go over these logs while I'm offline and see if I can't learn something.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.10.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 z :: Z-PC [administrator] Protection: Enabled 1/10/2013 9:49:37 AM mbam-log-2013-01-10 (09-49-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 298595 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I thought the site looked a little "cheap" but checking it's rep I guess it's beyond safe. # AdwCleaner v2.105 - Logfile created 01/10/2013 at 09:34:50 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : z - Z-PC # Boot Mode : Normal # Running from : C:\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Conduit Folder Deleted : C:\Users\dwayne\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\dwayne\AppData\LocalLow\Vuze_Remote Folder Deleted : C:\Users\z\AppData\Local\APN Folder Deleted : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Folder Deleted : C:\Users\z\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com ***** [Registry] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\Software\GamesBarSetup Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\z\AppData\Roaming\Mozilla\Firefox\Profiles\hgeawx3j.default\prefs.js Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\z\\AppData\\Roaming\\Mozilla\\Firef[...] Deleted : user_pref("extensions.gencrawler@some.com.install-event-fired", true); -\\ Google Chrome v23.0.1271.97 File : C:\Users\z\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.12] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr", Deleted [l.2125] : homepage = "hxxp://www.ask.com/?l=dis&o=15486cr", ************************* AdwCleaner[R1].txt - [4282 octets] - [10/01/2013 09:34:06] AdwCleaner[s1].txt - [4295 octets] - [10/01/2013 09:34:50] ########## EOF - C:\AdwCleaner[s1].txt - [4355 octets] ##########

It's taken me through a couple pages to a download from bleepingcomputer. Is this what I need or did I click on the wrong things? The pages on the previous site were mostly in French and switching between English and French doesn't change it.