Google Redirect Virus And More Problems

Alright, this is the third time I've had to type this up because when I go to post it says internext explorer cannot display the webpage. Well anyways my main issue is a virus that redirects me whenever I click a link on google. It will redirect me to random weird search sites or sometimes innapropiate content. Also randomly when being on the internet another internet window will pop up and it will be some weird site. Also another problem I have is that a lot of times when I click on internet explorer to open up the internet it will not open up and when I check task manager it says its running in the process, but there is no window opened up. Then my last problem is that my task manger fills up with wuauctl.exe quite a few times over a period of like 24 hours.

I followed a little tutorial on another website to try and fix the google redirect virus but when I ran combofix and when I was at the end, at the deleting part, my computer got a blue screen and it said "Bad_Pool_Header" and I had to restart my computer. The virus removal was a failure.

AND then another thing is that when I tried posting my OTL and Extras log it said internet explorer could not display the webpage and I tried to do it in litterally tiny little sections but it still was saying that and I couldn't get past a certain line.

so I uploaded my otl.txt and extras.txt to uppit.com so you guys could view them. I'm sorry but I couldn't think of a better way.

Well anyways here are the links:

http://uppit.com/iu4m2g6h1lcv/OTL.Txt
http://uppit.com/p1qu9u8eed85/Extras.Txt

Please help :\
THANKS

Last edited by efee24 on 14th December 2010, 12:07 pm; edited 3 times in total

error

Last edited by efee24 on 14th December 2010, 11:51 am; edited 1 time in total

error

Last edited by efee24 on 14th December 2010, 11:51 am; edited 1 time in total

error

Last edited by efee24 on 14th December 2010, 11:50 am; edited 1 time in total

error

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I already had MBAM and I ran it a few days ago but I didn't even think about updating it and its from like 2009.. well I updated it to the current version and it found some stuff :o

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/14/2010 10:26:49 PM
mbam-log-2010-12-14 (22-26-49).txt

Scan type: Quick scan
Objects scanned: 172751
Time elapsed: 13 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\findbasic (Adware.FindBasic) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Findbasic Service (Adware.FindBasic) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Findbasic (Adware.FindBasic) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Charlie\Application Data\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\findbasic (Adware.FindBasic) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Findbasic (Adware.FindBasic) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Charlie\Application Data\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Charlie\Application Data\DealAssistant\fusion.cfg.32da6d91b3bd1d22e6d8b33bfe3daec8.bfbee3fd9f98f01522b3628ebcb66723 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\findbasic\uninstall.exe (Adware.FindBasic) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Desktop\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Alright so first I ran combofix logged into windows xp normally and I got the bad_pool_header blue screen again which I think might of had to do with the infection... so i went into safe mode with networking (because regular safe mode froze when loading the drivers) and then I ran combo fix and it successfuly went all the way through the scan..... Also another thing I noticed when I started my computer in safe mode I noticed at the very bottom for a few seconds say to press enter to run \drivers\sptd.sys

and another thing.... all my links in my favorites were deleted..

here is the log:


ComboFix 10-12-16.02 - Charlie 12/17/2010 1:02.5.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1728 [GMT -8:00]
Running from: c:\documents and settings\Charlie\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\My.ini

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-15 15:06 . 1995-12-15 10:10 346112 ----a-w- c:\windows\system\QTIM32.DLL
2010-12-15 14:07 . 2010-12-15 14:07 -------- d-----w- c:\program files\iPod
2010-12-15 14:07 . 2010-12-15 14:08 -------- d-----w- c:\program files\iTunes
2010-12-15 14:07 . 2010-12-15 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-15 13:42 . 2010-12-15 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-15 08:00 . 2010-12-15 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-12-15 07:59 . 2010-12-15 07:59 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-15 07:59 . 2010-12-15 07:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-15 07:59 . 2010-12-15 07:59 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-15 07:59 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-15 07:59 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-15 07:59 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-15 07:59 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-15 07:59 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-15 07:59 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-15 07:59 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-15 07:59 . 2010-12-15 08:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-15 07:56 . 2010-12-15 07:56 -------- d-----w- c:\program files\SystemRequirementsLab
2010-12-14 10:40 . 2010-12-14 10:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-14 10:39 . 2010-12-14 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-12-14 10:39 . 2010-12-14 10:39 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-26 01:46 . 2010-11-26 01:46 -------- d-----w- c:\documents and settings\Charlie\Application Data\AVG10
2010-11-25 22:19 . 2010-11-25 22:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-25 22:09 . 2010-11-25 22:09 -------- d-----w- C:\$AVG
2010-11-25 22:04 . 2010-11-25 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-19 10:16 . 2010-11-19 10:16 -------- d-----w- c:\documents and settings\Charlie\NearRealityCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 18:37 . 2010-10-23 10:37 697328 ----a-w- c:\windows\system32\drivers\sptd.svs
2010-10-23 18:37 . 2010-10-23 02:37 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-23 05:09 . 2010-10-23 05:09 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-10-23 05:09 . 2010-10-23 05:09 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-10-16 20:04 . 2010-10-16 20:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 23:44 . 2009-10-17 10:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 23:44 . 2009-10-17 10:39 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-10 16:44 . 2005-06-10 16:44 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2007-12-29 00:53 . 2005-06-10 02:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2007-10-24 22:00 . 2007-10-24 22:06 324 c:\program files\HP\hpcoretech\bak\data\EvntData-552693418.xml

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-03-06 98304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-19 2938552]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-04 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-22 53248]

c:\documents and settings\Charlie\Start Menu\Programs\Startup\
Javasched.jar [2009-8-8 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]
BitDefender for ICQ.lnk - c:\program files\Softwin\BitDefender for ICQ\aqmon.exe [2008-12-28 28672]
BitDefender_P2P_Startup.lnk - c:\windows\BitDefender_P2P_Startup.exe [2008-12-28 278528]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-17 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-4-13 315392]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-5-28 2797936]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2008-4-20 124400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bots\\bots.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"= 4:TCP:runescape server
"43594:TCP"= 43594:TCP:bmxscape
"43594:UDP"= 43594:UDP:bmxscape
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"56949:TCP"= 56949:TCP:Pando Media Booster
"56949:UDP"= 56949:UDP:Pando Media Booster
"57187:TCP"= 57187:TCP:Pando Media Booster
"57187:UDP"= 57187:UDP:Pando Media Booster
"56284:TCP"= 56284:TCP:Pando Media Booster
"56284:UDP"= 56284:UDP:Pando Media Booster

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [12/23/2009 8:26 PM 6097]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [4/18/2005 1:57 PM 20352]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/22/2010 6:37 PM 697328]
S2 Apache2.2;Apache2.2;"c:\xampplite\apache\bin\apache.exe" -k runservice --> c:\xampplite\apache\bin\apache.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"c:\program files\ProcessGuard\dcsuserprot.exe" --> c:\program files\ProcessGuard\dcsuserprot.exe [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/18/2009 5:19 AM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:05 PM 135664]
S2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [1/13/2007 11:51 PM 26688]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/17/2009 4:04 AM 1527900]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/18/2009 5:19 AM 36608]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [8/10/2008 12:29 AM 10752]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [8/10/2008 12:29 AM 6784]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ServoyService;Servoy Application Server;"c:\program files\Servoy\application_server\service\wrapper.exe" -s "c:\program files\Servoy\application_server\service\wrapper.conf" --> c:\program files\Servoy\application_server\service\wrapper.exe [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [12/23/2009 8:26 PM 299923]
S3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [6/10/2006 1:41 AM 8078]
S4 winser;winser;c:\windows\system32\winsersec.exe [4/13/2005 2:37 PM 53248]
.
Contents of the 'Scheduled Tasks' folder

2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-16 c:\windows\Tasks\autodelete.job
- c:\program files\Cyber-D's AutoDelete\autodelete.exe [2009-04-14 06:46]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 04:05]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 04:05]

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{E6B22C38-1050-4DB0-BFF4-EBAB4FC21B72}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

2009-07-05 c:\windows\Tasks\voule.job
- c:\documents and settings\Charlie\My Documents\Bmxscape F2P\Bmxscape F2p\voule.bat [2008-11-20 10:47]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYUS&fl=0&ptb=qLCLBz9NLveAG_iA79buww&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - hxxp://down.hangame.com/dist/activex/HanGamePlugin19.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1010.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{A82A10B0-AA13-4AA6-BCF6-0908064692C9} - c:\windows\system32\4478.dll
WebBrowser-{A82A10B0-AA13-4AA6-BCF6-0908064692C9} - c:\windows\system32\4478.dll
AddRemove-Adobe Acrobat Reader 3.0 - c:\acrobat3\Reader\DeIsL1.isu
AddRemove-Toyland - D:\setup.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-DealAssistant - c:\documents and settings\Charlie\Application Data\DealAssistant\DAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 01:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm

- - - - - - - > 'explorer.exe'(1912)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2010-12-17 01:34:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 09:34
ComboFix2.txt 2009-08-01 07:55

Pre-Run: 12,578,201,600 bytes free
Post-Run: 14,089,203,712 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E0EF876C16AF5C5D8ACDBAD3C8518C4B

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

FCopy::
c:\windows\ServicePackFiles\i386\sfcfiles.dll | C:\WINDOWS\system32\sfcfiles.dll

DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYUS&fl=0&ptb=qLCLBz9NLveAG_iA79buww&url=http://www.ask.com/web&q={searchTerms}&l=zj&o=sb

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-12-21.01 - Charlie 12/21/2010 10:40:15.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1687 [GMT -8:00]
Running from: c:\documents and settings\Charlie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Charlie\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Oeminfo.ini

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-17 11:06 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-12-17 11:06 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-12-17 11:06 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-17 11:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-12-17 11:05 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-12-17 11:05 . 2010-11-06 00:26 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-12-17 11:05 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 10:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-15 15:06 . 1995-12-15 10:10 346112 ----a-w- c:\windows\system\QTIM32.DLL
2010-12-15 14:07 . 2010-12-15 14:07 -------- d-----w- c:\program files\iPod
2010-12-15 14:07 . 2010-12-15 14:08 -------- d-----w- c:\program files\iTunes
2010-12-15 14:07 . 2010-12-15 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-15 13:42 . 2010-12-15 13:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-15 13:35 . 2010-12-15 13:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-12-15 08:00 . 2010-12-15 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-12-15 07:59 . 2010-12-15 07:59 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-12-15 07:59 . 2010-12-15 07:59 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-12-15 07:59 . 2010-12-15 07:59 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-12-15 07:59 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-12-15 07:59 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-12-15 07:59 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-12-15 07:59 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-12-15 07:59 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-12-15 07:59 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-12-15 07:59 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-12-15 07:59 . 2010-12-15 08:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-12-15 07:56 . 2010-12-15 07:56 -------- d-----w- c:\program files\SystemRequirementsLab
2010-12-14 10:40 . 2010-12-14 10:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-14 10:39 . 2010-12-14 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-12-14 10:39 . 2010-12-14 10:39 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-26 01:46 . 2010-11-26 01:46 -------- d-----w- c:\documents and settings\Charlie\Application Data\AVG10
2010-11-25 22:19 . 2010-11-25 22:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-25 22:09 . 2010-11-25 22:09 -------- d-----w- C:\$AVG
2010-11-25 22:04 . 2010-11-25 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2005-08-16 10:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 10:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2005-08-16 10:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2005-08-16 10:18 1853312 ------w- c:\windows\system32\win32k.sys
2010-10-23 18:37 . 2010-10-23 10:37 697328 ----a-w- c:\windows\system32\drivers\sptd.svs
2010-10-23 18:37 . 2010-10-23 02:37 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-23 05:09 . 2010-10-23 05:09 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-10-23 05:09 . 2010-10-23 05:09 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-10-16 20:04 . 2010-10-16 20:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 23:44 . 2009-10-17 10:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 23:44 . 2009-10-17 10:39 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 03:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [N/A]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [N/A]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-06-19 2938552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-04 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [N/A]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-06-22 53248]

c:\documents and settings\Charlie\Start Menu\Programs\Startup\
Javasched.jar [2009-8-8 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824]
BitDefender for ICQ.lnk - c:\program files\Softwin\BitDefender for ICQ\aqmon.exe [2008-12-28 28672]
BitDefender_P2P_Startup.lnk - c:\windows\BitDefender_P2P_Startup.exe [2008-12-28 278528]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-17 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-4-13 315392]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-5-28 2797936]
Google Updater.lnk - c:\program files\Google\Google Updater\GoogleUpdater.exe [2008-4-20 124400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Bots\\bots.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4:TCP"= 4:TCP:runescape server
"43594:TCP"= 43594:TCP:bmxscape
"43594:UDP"= 43594:UDP:bmxscape
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"56949:TCP"= 56949:TCP:Pando Media Booster
"56949:UDP"= 56949:UDP:Pando Media Booster
"57187:TCP"= 57187:TCP:Pando Media Booster
"57187:UDP"= 57187:UDP:Pando Media Booster
"56284:TCP"= 56284:TCP:Pando Media Booster
"56284:UDP"= 56284:UDP:Pando Media Booster

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [12/23/2009 8:26 PM 6097]
R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [4/18/2005 1:57 PM 20352]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/22/2010 6:37 PM 697328]
S2 Apache2.2;Apache2.2;"c:\xampplite\apache\bin\apache.exe" -k runservice --> c:\xampplite\apache\bin\apache.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"c:\program files\ProcessGuard\dcsuserprot.exe" --> c:\program files\ProcessGuard\dcsuserprot.exe [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/18/2009 5:19 AM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 8:05 PM 135664]
S2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [1/13/2007 11:51 PM 26688]
S3 EagleXNt;EagleXNt;\??\c:\documents and settings\Charlie\Local Settings\temp\EagleXNt.sys --> c:\documents and settings\Charlie\Local Settings\temp\EagleXNt.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/17/2009 4:04 AM 1527900]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/18/2009 5:19 AM 36608]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [8/10/2008 12:29 AM 10752]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [8/10/2008 12:29 AM 6784]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ServoyService;Servoy Application Server;"c:\program files\Servoy\application_server\service\wrapper.exe" -s "c:\program files\Servoy\application_server\service\wrapper.conf" --> c:\program files\Servoy\application_server\service\wrapper.exe [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [12/23/2009 8:26 PM 299923]
S3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [6/10/2006 1:41 AM 8078]
S4 winser;winser;c:\windows\system32\winsersec.exe [4/13/2005 2:37 PM 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7e2d5bc-02f2-11de-bcf2-00167696cf27}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-21 c:\windows\Tasks\autodelete.job
- c:\program files\Cyber-D's AutoDelete\autodelete.exe [2009-04-14 06:46]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 04:05]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 04:05]

2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{E6B22C38-1050-4DB0-BFF4-EBAB4FC21B72}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]

2009-07-05 c:\windows\Tasks\voule.job
- c:\documents and settings\Charlie\My Documents\Bmxscape F2P\Bmxscape F2p\voule.bat [2008-11-20 10:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: doginhispen.com
Trusted Zone: whataboutadog.com
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - hxxp://down.hangame.com/dist/activex/HanGamePlugin19.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1010.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-21 15:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
c:\windows\system32\IEFRAME.dll

- - - - - - - > 'explorer.exe'(408)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2010-12-21 15:22:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-21 23:22
ComboFix2.txt 2010-12-17 09:34
ComboFix3.txt 2009-08-01 07:55

Pre-Run: 11,764,813,824 bytes free
Post-Run: 12,062,380,032 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 76ADE6197178EED000B05D19C792F04E

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
File::
c:\windows\bk23567.dat

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.