Thanks SuperDave: OKAY here goes. I think it's all on there this time..
ComboFix 12-01-30.02 - JIM 01/30/2012 12:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\JIM\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DictionaryBoss\bar
c:\program files (x86)\DictionaryBoss\bar\Settings\s_pid.dat
c:\program files (x86)\DictionaryBossEI
c:\windows\security\Database\tmp.edb
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:44 . 2012-01-30 19:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT7292.tmp
2012-01-30 19:16 . 2012-01-30 19:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16 . 2012-01-27 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-01-25 19:56 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35 . 2012-01-17 16:35 -------- d-----w- c:\users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48 . 2012-01-27 17:51 -------- d-----w- c:\program files (x86)\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 19:50 . 2012-01-30 19:50 0 ---ha-w- c:\users\JIM\AppData\Local\BITA6AD.tmp
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-10-20 20:33 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp00318.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp24018.FOT
2011-11-05 05:41 . 2011-12-14 21:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 ))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2012-01-10 361984]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2012-01-10 18:49 1612800 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-10-18 19:26 3908192 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2010-10-18 3908192]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2012-01-10 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure"="c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 45056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-2-18 1101824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6D4.tmp
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - Avgrkx64
*Deregistered* - Avgtdia
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/MAIL
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{B9B97401-98E1-4942-930D-C36652DAB7F2} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6D4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-01-30 12:59:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 19:59
ComboFix2.txt 2011-07-05 17:05
.
Pre-Run: 209,405,624,320 bytes free
Post-Run: 209,444,007,936 bytes free
.
- - End Of File - - 9A372D23AE8E57D88EF51D64F0FC4557
ComboFix 12-01-30.02 - JIM 01/30/2012 12:01:31.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2690 [GMT -7:00]
Running from: c:\users\JIM\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DictionaryBoss\bar
c:\program files (x86)\DictionaryBoss\bar\Settings\s_pid.dat
c:\program files (x86)\DictionaryBossEI
c:\windows\security\Database\tmp.edb
F:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 19:44 . 2012-01-30 19:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT7292.tmp
2012-01-30 19:16 . 2012-01-30 19:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\offreg.dll
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Terri\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-30 19:12 . 2012-01-30 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\users\JIM\AppData\Roaming\SUPERAntiSpyware.com
2012-01-27 17:16 . 2012-01-27 17:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 19:56 . 2012-01-25 19:58 -------- d-----w- c:\users\JIM\AppData\Roaming\DriverCure
2012-01-25 19:55 . 2012-01-25 19:56 -------- d-----w- c:\programdata\DriverCure
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\programdata\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-01-25 19:55 . 2012-01-25 19:55 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-01-25 19:19 . 2004-10-22 20:42 577536 ----a-w- c:\windows\SysWow64\ANIWZCS2.dll
2012-01-25 19:19 . 2004-10-22 20:42 131072 ----a-w- c:\windows\SysWow64\WlanApp.dll
2012-01-25 19:19 . 2004-10-22 20:42 1163337 ----a-w- c:\windows\SysWow64\odSupp_M.dll
2012-01-25 19:19 . 2004-10-22 20:42 57407 ----a-w- c:\windows\SysWow64\ANICtl.dll
2012-01-25 19:19 . 2004-10-22 20:42 49152 ----a-w- c:\windows\SysWow64\AQCKGen.dll
2012-01-25 19:19 . 2004-10-22 20:42 192512 ----a-w- c:\windows\SysWow64\aIPH.dll
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\ANI
2012-01-25 19:19 . 2004-07-27 18:20 36864 ----a-w- c:\windows\SysWow64\ANIOApi.dll
2012-01-25 19:19 . 2004-07-27 18:20 28205 ----a-w- c:\windows\SysWow64\ANIO.sys
2012-01-25 19:19 . 2004-07-27 18:20 16997 ----a-w- c:\windows\SysWow64\ANIO.VXD
2012-01-25 19:19 . 2004-07-27 18:20 11904 ----a-w- c:\windows\SysWow64\anio4.sys
2012-01-25 19:19 . 2012-01-25 19:19 -------- d-----w- c:\program files (x86)\D-Link
2012-01-24 23:44 . 2012-01-24 23:44 0 ---ha-w- c:\users\JIM\AppData\Local\BIT1ECD.tmp
2012-01-24 23:42 . 2012-01-24 23:42 0 ---ha-w- c:\users\JIM\AppData\Local\BIT606D.tmp
2012-01-24 23:26 . 2012-01-24 23:26 0 ---ha-w- c:\users\JIM\AppData\Local\BITCBF.tmp
2012-01-24 23:24 . 2012-01-24 23:24 0 ---ha-w- c:\users\JIM\AppData\Local\BIT474E.tmp
2012-01-24 22:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C8B97EF-6072-4622-8018-0A71D348CBCA}\mpengine.dll
2012-01-23 23:32 . 2012-01-24 23:37 -------- d-----w- c:\windows\system32\SPReview
2012-01-23 23:32 . 2012-01-23 23:32 -------- d-----w- c:\windows\system32\EventProviders
2012-01-23 23:30 . 2012-01-23 23:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-23 23:30 . 2012-01-23 23:30 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-23 23:30 . 2012-01-23 23:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-23 23:30 . 2012-01-23 23:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-17 16:35 . 2012-01-17 16:35 -------- d-----w- c:\users\JIM\AppData\Roaming\FCTB000060231
2012-01-11 15:09 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 15:09 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 15:09 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 15:09 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 15:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 15:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 15:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 15:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\program files (x86)\Dogpile Bundle Toolbar
2012-01-10 18:49 . 2012-01-10 18:49 -------- d-----w- c:\users\JIM\AppData\Local\The Weather Channel
2012-01-10 18:48 . 2012-01-27 17:51 -------- d-----w- c:\program files (x86)\EpicPlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 19:50 . 2012-01-30 19:50 0 ---ha-w- c:\users\JIM\AppData\Local\BITA6AD.tmp
2012-01-25 18:37 . 2011-02-18 23:38 639 ----a-w- c:\windows\uninstallstickies.bat
2012-01-23 23:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-23 23:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-03 20:16 . 2011-07-09 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2011-03-22 21:03 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-22 21:03 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-22 21:03 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-22 21:03 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-22 21:03 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-22 21:03 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-22 21:03 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-22 21:03 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-22 21:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-24 04:52 . 2011-12-14 21:27 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-10-20 20:33 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp3A218.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp00318.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpE6E08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpCCE08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmpA1F08.FOT
2011-11-05 17:45 . 2011-11-05 17:45 1409 ----a-w- c:\windows\SysWow64\tmp24018.FOT
2011-11-05 05:41 . 2011-12-14 21:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 21:27 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 21:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 21:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 21:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-05_17.01.08 ))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Helper.dll" [2012-01-10 361984]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2012-01-10 18:49 1612800 ----a-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
2010-10-18 19:26 3908192 ----a-w- c:\program files (x86)\NCH\tbNCH.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2db4fe6-8409-45ce-8010-189a7b5cce86}"= "c:\program files (x86)\NCH\tbNCH.dll" [2010-10-18 3908192]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2012-01-10 1612800]
.
[HKEY_CLASSES_ROOT\clsid\{c2db4fe6-8409-45ce-8010-189a7b5cce86}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverCure"="c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe" [2009-08-07 3993368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Share-to-Web Namespace Daemon"="c:\program files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-10-22 45056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2011-2-18 1101824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6D4.tmp
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AVGIDSDriver
*Deregistered* - AVGIDSEH
*Deregistered* - AVGIDSFilter
*Deregistered* - Avgrkx64
*Deregistered* - Avgtdia
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\DriverCure.job
- c:\program files (x86)\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:33]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-21 16:45]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000Core.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909975552-3371312792-2741729148-1000UA.job
- c:\users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-08 15:07]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-01-30 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/MAIL
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{B9B97401-98E1-4942-930D-C36652DAB7F2} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
AddRemove-EpicPlay - c:\program files (x86)\EpicPlay\epicRemoval.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6D4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PC Tools Firewall Plus\FWService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-01-30 12:59:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 19:59
ComboFix2.txt 2011-07-05 17:05
.
Pre-Run: 209,405,624,320 bytes free
Post-Run: 209,444,007,936 bytes free
.
- - End Of File - - 9A372D23AE8E57D88EF51D64F0FC4557
