The proxy server set to localhost:808 is from me to stop IE from going to sites.
The machine has a Kofax card and Canon scanner. Combofix has been run, most of the time, it's clean looking, sometimes, seems like after I run MBAM and get a clean report, ComboFix says it has detected the presence of rootkit activity, with a list of names, ntos.exe, oembios.exe, twext.exe, twex.exe (12 total) stored in the User's applicationData (no space) folder.
Thanks for the assistance! Dan
DDS.txt 7.64KB 3 downloads attached
I just wanted to add, the reason the machine quit responding was it threw a Stop 0x0000007A. I also ran a OTL scan on it, results attached. When it was fully infected the machine has a process 74GqP0H3.exe throwing error events. At address 0x0000985e. Both yesterdays DDS and todays OTL scans were done on fairly clean independent boots.
Merged posts. ~ OB
Edited by Orange Blossom, 04 March 2011 - 12:18 PM.