Jump to content

mareimbri02

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral

About mareimbri02

  • Birthday 07/02/1976

Profile Information

  • Location
    Philadelphia Pa
  • Interests
    Reading, Computers and documentaries.
  1. mareimbri02
    Hey Kenny, sorry for the freak out. I ran the scans again and the online Genuine advantage thing and here are the logs. If the evilness that has pulled my computer down has corrupted my validation, then I'm screwed right? Here's hoping... Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9 Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw= Windows Product ID: 00359-OEM-8992687-00010 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.003 ID: {43826155-10D9-4D04-8DB1-D38637091301}(3) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Premium Architecture: 0x00000009 Build lab: 7601.win7sp1_rtm.101119-1850 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{43826155-10D9-4D04-8DB1-D38637091301}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3604800606-611926856-1989045834</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="6"/><Date>20101111000000.000000+000</Date></BIOS><HWID>ADAD3707018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Name: Windows® 7, HomePremium edition Description: Windows Operating System - Windows® 7, OEM_SLP channel Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64 Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 00359-00178-926-800010-02-1033-7600.0000-1822010 Installation ID: 008220305760819716744902876204378384223600654262610290 Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338 Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339 Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341 Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340 Partial Product Key: 3Q6C9 License Status: Licensed Remaining Windows rearm count: 2 Trusted time: 3/30/2011 12:09:14 AM Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 1:6:2011 07:28 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: LgAAAAEAAgABAAEAAAACAAAAAQABAAEA6GHgUeAhVPlcOwxLcGbqRQz2Uoiesw== OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC HP 1442 FACP HP 1442 HPET HP 1442 BOOT HP 1442 MCFG HP 1442 SLIC HPQOEM SLIC-MPC SSDT AMD POWERNOW CKScanner - Additional Security Risks - These are not necessarily bad c:\program files (x86)\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg c:\program files (x86)\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml c:\program files (x86)\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg c:\program files (x86)\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg c:\users\maryann\desktop\stuff from desktop\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ beyond the sword.iso c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ warlords.iso c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ.iso c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4beyondsword.exe c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4warlords.exe c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civilization4.exe c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\readme.txt c:\users\maryann\downloads\sid meiers civilization v-skidrow\civilization v crack skydrow.rar c:\users\maryann\dropbox\ebooks fictional\romance novels k - l\kate hill\kate hill - blood and soul 05 - nutcracker.pdf c:\users\maryann\music\01 - the eye of the world\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg scanner sequence 3.FI.11 ----- EOF -----
  2. mareimbri02
    Whoa! Weird! How did my Windows become un-validated? This is a semi-new, pre loaded, HP machine with Windows 7 64 bit. What the deuce happened? I went to the link and it said "Passed". How to I post the page displaying that?
  3. mareimbri02
    Okay, here we go. Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: 0x0 Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9 Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw= Windows Product ID: 00359-OEM-8992687-00010 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010300.1.0.003 ID: {43826155-10D9-4D04-8DB1-D38637091301}(1) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Home Premium Architecture: 0x00000009 Build lab: 7601.win7sp1_rtm.101119-1850 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{43826155-10D9-4D04-8DB1-D38637091301}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3604800606-611926856-1989045834</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="6"/><Date>20101111000000.000000+000</Date></BIOS><HWID>ADAD3707018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Name: Windows® 7, HomePremium edition Description: Windows Operating System - Windows® 7, OEM_SLP channel Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64 Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 00359-00178-926-800010-02-1033-7600.0000-1822010 Installation ID: 008220305760819716744902876204378384223600654262610290 Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338 Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339 Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341 Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340 Partial Product Key: 3Q6C9 License Status: Licensed Remaining Windows rearm count: 2 Trusted time: 3/29/2011 4:54:58 PM Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 1:6:2011 07:28 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: LgAAAAEAAgABAAEAAAACAAAAAQABAAEA6GHgUeAhVPlcOwxLcGbqRQz2Uoiesw== OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC HP 1442 FACP HP 1442 HPET HP 1442 BOOT HP 1442 MCFG HP 1442 SLIC HPQOEM SLIC-MPC SSDT AMD POWERNOW CKScanner - Additional Security Risks - These are not necessarily bad c:\program files (x86)\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg c:\program files (x86)\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml c:\program files (x86)\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg c:\program files (x86)\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg c:\users\maryann\desktop\stuff from desktop\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ beyond the sword.iso c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ warlords.iso c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ.iso c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4beyondsword.exe c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4warlords.exe c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civilization4.exe c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\readme.txt c:\users\maryann\downloads\sid meiers civilization v-skidrow\civilization v crack skydrow.rar c:\users\maryann\dropbox\ebooks fictional\romance novels k - l\kate hill\kate hill - blood and soul 05 - nutcracker.pdf c:\users\maryann\music\01 - the eye of the world\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg scanner sequence 3.FI.11 ----- EOF -----
  4. mareimbri02
    Okay, I've tried to run it through a few times. Here's the problem. It froze after two and half hours and shut down my computer and then I ran it again just now and it repeated. So, I'm guessing I'm still infected right :-) Now though, new development, my Norton won't re engage and it pops up with a message saying I need to reinstall some GEAR drivers. I don't think I have any.
  5. mareimbri02
    Thanks for getting back to me again. I noticed the file looked off too, so I re-ran Combofix at two and it got to fifty and apparently locked, providing no log or anything. I just at eleven gave it up and manually turned it back off and when I did, the only report generated looks like this again: ComboFix 11-03-28.03 - MaryAnn 03/29/2011 1:38:54.7.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1787 [GMT -4:00] Running from: C:\Users\MaryAnn\Downloads\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))) 2011-03-29 05:53:20 . 2011-03-29 05:53:20 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-03-29 03:48:03 . 2010-12-20 22:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-29 03:47:57 . 2011-03-29 03:48:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-03-28 00:35:20 . 2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com 2011-03-28 00:35:14 . 2011-03-28 00:35:14 -------- d-----w- C:\ProgramData\!SASCORE 2011-03-28 00:35:11 . 2011-03-29 03:27:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-03-11 17:50:37 . 2011-03-11 17:50:38 -------- d-----w- C:\Windows\system32\SPReview 2011-03-11 17:50:08 . 2011-03-11 17:50:09 -------- d-----w- C:\Windows\system32\EventProviders 2011-03-11 17:47:05 . 2010-11-05 01:57:12 48976 ----a-w- C:\Windows\system32\netfxperf.dll 2011-03-11 17:47:05 . 2010-11-05 01:57:10 1942856 ----a-w- C:\Windows\system32\dfshim.dll 2011-03-11 17:45:59 . 2010-11-20 13:25:48 1975296 ----a-w- C:\Windows\system32\CertEnroll.dll 2011-03-11 17:44:59 . 2010-11-20 13:27:23 183808 ----a-w- C:\Windows\system32\prncache.dll 2011-03-11 17:43:59 . 2010-11-20 13:27:24 65536 ----a-w- C:\Windows\system32\RpcRtRemote.dll 2011-03-11 17:42:59 . 2010-11-20 13:27:24 337920 ----a-w- C:\Windows\system32\raschap.dll 2011-03-11 17:41:46 . 2010-11-20 12:18:34 323072 ------w- C:\Windows\SysWow64\drvstore.dll 2011-03-11 17:41:46 . 2010-11-20 12:18:34 257024 ------w- C:\Windows\SysWow64\dpx.dll 2011-03-11 17:41:34 . 2010-11-20 12:21:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-11 17:41:34 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-11 17:36:28 . 2010-11-20 13:27:28 524288 ----a-w- C:\Windows\system32\wmicmiplugin.dll 2011-03-11 17:36:28 . 2010-11-20 13:27:27 529408 ----a-w- C:\Windows\system32\wbemcomn.dll 2011-03-11 17:36:28 . 2010-11-20 13:27:27 1225216 ----a-w- C:\Windows\system32\wbem\wbemcore.dll 2011-03-11 17:36:04 . 2010-11-20 13:27:25 933376 ----a-w- C:\Windows\system32\SmiEngine.dll 2011-03-11 17:35:51 . 2010-11-20 13:25:02 199168 ----a-w- C:\Windows\system32\PkgMgr.exe 2011-03-11 17:34:28 . 2010-11-20 13:26:07 422912 ----a-w- C:\Windows\system32\drvstore.dll 2011-03-11 17:34:27 . 2010-11-20 13:26:07 399872 ----a-w- C:\Windows\system32\dpx.dll 2011-03-11 17:11:52 . 2011-01-17 11:09:14 197120 ----a-w- C:\Windows\system32\d3d10_1.dll 2011-03-11 17:11:52 . 2011-01-17 05:47:13 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-11 16:50:28 . 2011-03-16 05:52:29 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Media Player Classic 2011-03-11 13:09:05 . 2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations 2011-03-11 07:46:28 . 2011-03-11 07:46:30 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil 2011-03-11 07:44:44 . 2011-03-11 07:44:44 -------- d-----w- C:\ProgramData\Returnil 2011-03-11 07:34:10 . 2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie 2011-03-11 07:23:50 . 2011-03-28 08:00:13 -------- d-----w- C:\!KillBox 2011-03-11 07:23:24 . 2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes 2011-03-11 07:23:12 . 2011-03-11 07:23:12 -------- d-----w- C:\ProgramData\Malwarebytes 2011-03-11 07:23:09 . 2010-12-20 22:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-03-11 07:18:09 . 2011-03-11 07:18:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-03-10 18:29:20 . 2011-03-29 03:26:33 -------- d-----w- C:\Program Files (x86)\Panda Security 2011-03-10 17:00:48 . 2011-03-10 17:00:48 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-03-09 20:42:09 . 2011-03-09 20:42:09 4277016 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-03-09 20:39:38 . 2011-03-09 20:39:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-03-09 20:39:35 . 2011-03-09 20:39:35 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-08 21:57:49 . 2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity 2011-03-06 19:41:58 . 2011-03-06 19:41:59 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio 2011-03-06 19:04:30 . 2011-03-28 04:12:21 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12 2011-03-06 18:59:18 . 2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-03-11 17:59:44 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll 2011-03-10 17:01:05 . 2010-06-24 16:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-14 00:17:48 . 2011-02-14 00:18:13 515584 ----a-w- C:\Windows\system32\drivers\stwrt64.sys 2011-02-14 00:17:48 . 2011-02-14 00:18:13 431616 ----a-w- C:\Windows\system32\stcplx64.dll 2011-02-14 00:17:48 . 2011-02-14 00:18:13 1466880 ----a-w- C:\Windows\system32\stapo64.dll 2011-02-14 00:17:48 . 2010-07-02 02:52:26 487424 ----a-w- C:\Windows\sttray64.exe 2011-02-14 00:17:48 . 2010-07-02 02:52:26 1952256 ----a-w- C:\Windows\system32\stlang64.dll 2011-02-14 00:17:47 . 2011-02-14 00:18:13 646656 ------w- C:\Windows\system32\stapi64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 68608 ----a-w- C:\Windows\system32\AESTAR64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 442368 ----a-w- C:\Windows\system32\AESTEC64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 220672 ----a-w- C:\Windows\system32\HPToneCtrls64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 162304 ----a-w- C:\Windows\system32\AESTAC64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:26 90624 ----a-w- C:\Windows\system32\AESTCo64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:26 12829184 ----a-w- C:\Windows\system32\idtcpl64.cpl 2011-02-14 00:17:47 . 2010-07-02 02:51:58 209920 ----a-w- C:\Windows\system32\staco64.dll 2011-02-07 06:34:01 . 2011-02-07 06:34:09 173104 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS 2011-01-26 22:59:10 . 2011-01-26 22:59:10 708608 ----a-w- C:\Windows\system32\aticfx64.dll 2011-01-26 22:32:46 . 2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\system32\atiumd6v.dll 2011-01-24 02:30:35 . 2011-01-24 02:30:35 834544 ----a-w- C:\Windows\system32\drivers\sptd.sys 2011-01-07 12:17:52 . 2011-02-22 23:22:04 475648 ----a-w- C:\Windows\system32\XpsGdiConverter.dll 2011-01-07 12:17:52 . 2011-02-22 23:22:04 1465344 ----a-w- C:\Windows\system32\XpsPrint.dll 2011-01-07 12:14:11 . 2011-02-11 18:57:00 46080 ----a-w- C:\Windows\system32\atmlib.dll 2011-01-07 09:51:01 . 2011-02-11 18:57:15 1638912 ----a-w- C:\Windows\system32\mshtml.tlb 2011-01-07 09:20:44 . 2011-02-11 18:57:00 366592 ----a-w- C:\Windows\system32\atmfd.dll 2011-01-07 07:46:34 . 2011-02-22 23:22:04 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll 2011-01-07 07:46:34 . 2011-02-22 23:22:04 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-01-07 07:45:57 . 2011-02-11 18:57:00 34304 ------w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 . 2011-02-11 18:57:15 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 . 2011-02-11 18:57:00 294400 ------w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 . 2011-02-11 18:56:43 612864 ----a-w- C:\Windows\system32\vbscript.dll 2011-01-05 06:56:24 . 2011-02-11 18:57:11 3129344 ----a-w- C:\Windows\system32\win32k.sys 2011-01-05 05:55:55 . 2011-02-11 18:56:43 428032 ------w- C:\Windows\SysWow64\vbscript.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 07:15:04 1004088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 23:13:58 51445112] R3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 19:52:48 63304] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 01:20:56 174440] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x] R4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 23:27:16 127984] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 08:18:54 360224] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184] S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 21:59:11 1124472] S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys [x] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 01:12:56 476792] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 18:23:05 14920] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 18:23:05 12360] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 17:49:27 128752] I'm no expert, but it looks like the same as last nights. Thanks for looking at this for me!
  6. mareimbri02

    Hey Kenny, thanks a whole lot! It's starting to come together for me over here. Hope to hear from you soon!

  7. mareimbri02
    Okay, I'm not sure if you're even still up, but it finally completed. So here's the log. Thanks again. You are turning out to be my very best friend. :-) ComboFix 11-03-28.03 - MaryAnn 03/29/2011 1:38:54.7.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1787 [GMT -4:00] Running from: C:\Users\MaryAnn\Downloads\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))) 2011-03-29 05:53:20 . 2011-03-29 05:53:20 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-03-29 03:48:03 . 2010-12-20 22:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-29 03:47:57 . 2011-03-29 03:48:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-03-28 00:35:20 . 2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com 2011-03-28 00:35:14 . 2011-03-28 00:35:14 -------- d-----w- C:\ProgramData\!SASCORE 2011-03-28 00:35:11 . 2011-03-29 03:27:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-03-11 17:50:37 . 2011-03-11 17:50:38 -------- d-----w- C:\Windows\system32\SPReview 2011-03-11 17:50:08 . 2011-03-11 17:50:09 -------- d-----w- C:\Windows\system32\EventProviders 2011-03-11 17:47:05 . 2010-11-05 01:57:12 48976 ----a-w- C:\Windows\system32\netfxperf.dll 2011-03-11 17:47:05 . 2010-11-05 01:57:10 1942856 ----a-w- C:\Windows\system32\dfshim.dll 2011-03-11 17:45:59 . 2010-11-20 13:25:48 1975296 ----a-w- C:\Windows\system32\CertEnroll.dll 2011-03-11 17:44:59 . 2010-11-20 13:27:23 183808 ----a-w- C:\Windows\system32\prncache.dll 2011-03-11 17:43:59 . 2010-11-20 13:27:24 65536 ----a-w- C:\Windows\system32\RpcRtRemote.dll 2011-03-11 17:42:59 . 2010-11-20 13:27:24 337920 ----a-w- C:\Windows\system32\raschap.dll 2011-03-11 17:41:46 . 2010-11-20 12:18:34 323072 ------w- C:\Windows\SysWow64\drvstore.dll 2011-03-11 17:41:46 . 2010-11-20 12:18:34 257024 ------w- C:\Windows\SysWow64\dpx.dll 2011-03-11 17:41:34 . 2010-11-20 12:21:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-11 17:41:34 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-11 17:36:28 . 2010-11-20 13:27:28 524288 ----a-w- C:\Windows\system32\wmicmiplugin.dll 2011-03-11 17:36:28 . 2010-11-20 13:27:27 529408 ----a-w- C:\Windows\system32\wbemcomn.dll 2011-03-11 17:36:28 . 2010-11-20 13:27:27 1225216 ----a-w- C:\Windows\system32\wbem\wbemcore.dll 2011-03-11 17:36:04 . 2010-11-20 13:27:25 933376 ----a-w- C:\Windows\system32\SmiEngine.dll 2011-03-11 17:35:51 . 2010-11-20 13:25:02 199168 ----a-w- C:\Windows\system32\PkgMgr.exe 2011-03-11 17:34:28 . 2010-11-20 13:26:07 422912 ----a-w- C:\Windows\system32\drvstore.dll 2011-03-11 17:34:27 . 2010-11-20 13:26:07 399872 ----a-w- C:\Windows\system32\dpx.dll 2011-03-11 17:11:52 . 2011-01-17 11:09:14 197120 ----a-w- C:\Windows\system32\d3d10_1.dll 2011-03-11 17:11:52 . 2011-01-17 05:47:13 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-11 16:50:28 . 2011-03-16 05:52:29 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Media Player Classic 2011-03-11 13:09:05 . 2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations 2011-03-11 07:46:28 . 2011-03-11 07:46:30 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil 2011-03-11 07:44:44 . 2011-03-11 07:44:44 -------- d-----w- C:\ProgramData\Returnil 2011-03-11 07:34:10 . 2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie 2011-03-11 07:23:50 . 2011-03-28 08:00:13 -------- d-----w- C:\!KillBox 2011-03-11 07:23:24 . 2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes 2011-03-11 07:23:12 . 2011-03-11 07:23:12 -------- d-----w- C:\ProgramData\Malwarebytes 2011-03-11 07:23:09 . 2010-12-20 22:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-03-11 07:18:09 . 2011-03-11 07:18:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-03-10 18:29:20 . 2011-03-29 03:26:33 -------- d-----w- C:\Program Files (x86)\Panda Security 2011-03-10 17:00:48 . 2011-03-10 17:00:48 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-03-09 20:42:09 . 2011-03-09 20:42:09 4277016 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-03-09 20:39:38 . 2011-03-09 20:39:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-03-09 20:39:35 . 2011-03-09 20:39:35 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-08 21:57:49 . 2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity 2011-03-06 19:41:58 . 2011-03-06 19:41:59 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio 2011-03-06 19:04:30 . 2011-03-28 04:12:21 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12 2011-03-06 18:59:18 . 2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-03-11 17:59:44 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll 2011-03-10 17:01:05 . 2010-06-24 16:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-14 00:17:48 . 2011-02-14 00:18:13 515584 ----a-w- C:\Windows\system32\drivers\stwrt64.sys 2011-02-14 00:17:48 . 2011-02-14 00:18:13 431616 ----a-w- C:\Windows\system32\stcplx64.dll 2011-02-14 00:17:48 . 2011-02-14 00:18:13 1466880 ----a-w- C:\Windows\system32\stapo64.dll 2011-02-14 00:17:48 . 2010-07-02 02:52:26 487424 ----a-w- C:\Windows\sttray64.exe 2011-02-14 00:17:48 . 2010-07-02 02:52:26 1952256 ----a-w- C:\Windows\system32\stlang64.dll 2011-02-14 00:17:47 . 2011-02-14 00:18:13 646656 ------w- C:\Windows\system32\stapi64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 68608 ----a-w- C:\Windows\system32\AESTAR64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 442368 ----a-w- C:\Windows\system32\AESTEC64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 220672 ----a-w- C:\Windows\system32\HPToneCtrls64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:27 162304 ----a-w- C:\Windows\system32\AESTAC64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:26 90624 ----a-w- C:\Windows\system32\AESTCo64.dll 2011-02-14 00:17:47 . 2010-07-02 02:52:26 12829184 ----a-w- C:\Windows\system32\idtcpl64.cpl 2011-02-14 00:17:47 . 2010-07-02 02:51:58 209920 ----a-w- C:\Windows\system32\staco64.dll 2011-02-07 06:34:01 . 2011-02-07 06:34:09 173104 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS 2011-01-26 22:59:10 . 2011-01-26 22:59:10 708608 ----a-w- C:\Windows\system32\aticfx64.dll 2011-01-26 22:32:46 . 2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\system32\atiumd6v.dll 2011-01-24 02:30:35 . 2011-01-24 02:30:35 834544 ----a-w- C:\Windows\system32\drivers\sptd.sys 2011-01-07 12:17:52 . 2011-02-22 23:22:04 475648 ----a-w- C:\Windows\system32\XpsGdiConverter.dll 2011-01-07 12:17:52 . 2011-02-22 23:22:04 1465344 ----a-w- C:\Windows\system32\XpsPrint.dll 2011-01-07 12:14:11 . 2011-02-11 18:57:00 46080 ----a-w- C:\Windows\system32\atmlib.dll 2011-01-07 09:51:01 . 2011-02-11 18:57:15 1638912 ----a-w- C:\Windows\system32\mshtml.tlb 2011-01-07 09:20:44 . 2011-02-11 18:57:00 366592 ----a-w- C:\Windows\system32\atmfd.dll 2011-01-07 07:46:34 . 2011-02-22 23:22:04 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll 2011-01-07 07:46:34 . 2011-02-22 23:22:04 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-01-07 07:45:57 . 2011-02-11 18:57:00 34304 ------w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 . 2011-02-11 18:57:15 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 . 2011-02-11 18:57:00 294400 ------w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 . 2011-02-11 18:56:43 612864 ----a-w- C:\Windows\system32\vbscript.dll 2011-01-05 06:56:24 . 2011-02-11 18:57:11 3129344 ----a-w- C:\Windows\system32\win32k.sys 2011-01-05 05:55:55 . 2011-02-11 18:56:43 428032 ------w- C:\Windows\SysWow64\vbscript.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 07:15:04 1004088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 23:13:58 51445112] R3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 19:52:48 63304] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 01:20:56 174440] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x] R4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 23:27:16 127984] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 08:18:54 360224] R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184] S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 21:59:11 1124472] S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys [x] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 01:12:56 476792] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 18:23:05 14920] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 18:23:05 12360] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 17:49:27 128752]
  8. mareimbri02
    Sorry, forgot to attach the files.... ark.zip
  9. mareimbri02
    Hey Kenny, thanks for your help. I tried to answer your question, but I was unable to add to the posting. I was running everything in safe mode because I was totally unable to log into normal mode. Now, thanks to your help, I am now able to log into normal mode and get at my Norton. I'm still having problems though. For one thing, my screen saver has reverted to one that I'd used up until two weeks ago, my external mouse refuses to be recognized. My wireless internet waits six minutes to be able to go online, when I tether it to my phone, it recognizes everything very nicely...and still won't log online. Finally, I am able to go back online, reinstalled malware bytes and did everything else. I also ran my Norton Antivirus and it's found five issues. Here are the log files. I can't find anything with malware bytes. I hope we can fix this, I'd hate to put all this work on everyone and still end up having to lose everything I've saved. Thanks once again, I am eternally in your debt. . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by MaryAnn at 23:58:09.62 on Mon 03/28/2011 Internet Explorer: 8.0.7601.17514 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1749 [GMT -4:00] . AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\vcsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Users\MaryAnn\Downloads\dds (2).scr C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP mStart Page = hxxp://www.yahoo.com BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {395610AE-C624-4f58-B89E-23733EA00F9A} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C: \PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C: \PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run] "C:\Users\MaryAnn\AppData \Local\Google\Chrome\Application\chrome.exe" --type=service mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C: \Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C: \Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C: \Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24- windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24- windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24- windows-i586.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files \microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C: \PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files \LightScribe\LSRunOnce.exe" BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C: \Program Files\DigitalPersona\Bin\dpotspluginie8.dll BHO-X64: HP SimplePass Identity Protection Extension - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files \Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \PROGRA~1\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C: \PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\ FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll FF - plugin: C:\Users\MaryAnn\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Users\MaryAnn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-2 -9 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers \N360x64\0403000.005\symefa64.sys [2011-2-9 221232] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2- 85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-10 1124472] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-2 -9 615040] R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2- 85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSviA64.sys [2011-3-21 476792] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011- 2-9 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers \N360x64\0403000.005\symtdiv.sys [2011-2-9 451120] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58:56];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-7-1 146928] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-13 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203264] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE \Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config \DVMExportService.exe [2010-3-6 338168] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared \HPDrvMntSvc.exe [2010-10-14 92216] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2011-2-9 126392] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin \sprtsvc.exe [2010-9-29 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin \tgsrvc.exe [2010-9-29 185640] R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 2184496] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-19 46136] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 7767552] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 279040] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared \EENGINE\EraserUtilRebootDrv.sys [2011-3-10 132656] R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-2-26 17920] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-1 38456] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows \Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows \Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-26 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows \System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared \OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7 -1 239136] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-1 295424] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers \yk62x64.sys [2009-6-10 389120] S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager \CinemaNowSvc.exe [2010-2-26 127984] S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB \PMBDeviceInfoProvider.exe [2009-10-24 360224] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh \wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-03-29 03:48:03 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-29 03:47:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-03-28 23:39:16 -------- d-----w- C:\$RECYCLE.BIN 2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming \SUPERAntiSpyware.com 2011-03-28 00:35:14 -------- d-----w- C:\PROGRA~3\!SASCORE 2011-03-28 00:35:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-03-11 17:50:37 -------- d-----w- C:\Windows\System32\SPReview 2011-03-11 17:50:08 -------- d-----w- C:\Windows\System32\EventProviders 2011-03-11 17:47:05 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-03-11 17:47:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-03-11 17:45:59 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll 2011-03-11 17:44:59 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-03-11 17:43:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll 2011-03-11 17:42:59 71168 ----a-w- C:\Windows\bfsvc.exe 2011-03-11 17:41:46 323072 ------w- C:\Windows\SysWow64\drvstore.dll 2011-03-11 17:41:46 257024 ------w- C:\Windows\SysWow64\dpx.dll 2011-03-11 17:41:34 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-11 17:41:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-11 17:36:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-03-11 17:36:28 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-03-11 17:36:28 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-03-11 17:36:04 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-03-11 17:35:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-03-11 17:34:28 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-03-11 17:34:27 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-03-11 17:11:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-03-11 17:11:52 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations 2011-03-11 07:46:28 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil 2011-03-11 07:44:44 -------- d-----w- C:\PROGRA~3\Returnil 2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie 2011-03-11 07:23:50 -------- d-----w- C:\!KillBox 2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes 2011-03-11 07:23:12 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-03-11 07:23:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-03-11 07:18:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-03-10 18:29:20 -------- d-----w- C:\Program Files (x86)\Panda Security 2011-03-10 17:00:48 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages \SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-03-09 20:42:09 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX \UpdateableMarkup\markup.dll 2011-03-09 20:39:38 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX \dSM\StartResources.dll 2011-03-09 20:39:35 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight \MCESpotlight\SpotlightResources.dll 2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity 2011-03-06 19:41:58 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio 2011-03-06 19:04:30 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12 2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla . ==================== Find3M ==================== . 2011-03-11 17:59:44 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:30:51 1076736 ------w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ------w- C:\Windows\SysWow64\d2d1.dll 2011-02-07 06:34:01 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll 2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-01-24 02:30:35 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys 2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 07:46:34 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll 2011-01-07 07:46:34 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-01-07 07:45:57 34304 ------w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 294400 ------w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys 2011-01-05 05:55:55 428032 ------w- C:\Windows\SysWow64\vbscript.dll . ============= FINISH: 0:00:13.55 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6200 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 3/29/2011 12:01:40 AM mbam-log-2011-03-29 (00-01-40).txt Scan type: Quick scan Objects scanned: 166393 Time elapsed: 12 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. mareimbri02
    Okay and here's the log file. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6199 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 8.0.7601.17514 3/28/2011 10:57:18 PM mbam-log-2011-03-28 (22-57-18).txt Scan type: Quick scan Objects scanned: 165783 Time elapsed: 2 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\MaryAnn\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  11. mareimbri02
    Okay, was able to do it, then it rebooted in normal mode while I was getting a coffee and I was afraid to restart in Safe Mode until it produced the log and well...here we are. I'm still not able to access the Norton to turn it off... Thanks for baring with me through this and here is the new log... ComboFix 11-03-28.01 - MaryAnn 03/28/2011 19:32:29.6.3 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2650 [GMT -4:00] Running from: c:\users\MaryAnn\Desktop\ComboFix.exe Command switches used :: c:\users\MaryAnn\Desktop\CFScript.txt AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 ))))))))))))))))))))))))))))))) . . 2011-03-28 23:36 . 2011-03-28 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-28 20:26 . 2011-03-28 20:26 -------- d-----w- c:\program files (x86)\ESET 2011-03-28 18:50 . 2011-03-28 18:50 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll 2011-03-28 07:50 . 2011-03-28 07:52 -------- d-----w- c:\program files (x86)\RegistryFix8 2011-03-28 07:30 . 2011-03-28 07:30 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys 2011-03-28 07:30 . 2011-03-28 07:30 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys 2011-03-28 07:30 . 2011-03-28 07:32 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys 2011-03-28 07:30 . 2011-03-28 07:30 -------- d-----w- c:\program files\Prevx 2011-03-28 07:29 . 2011-03-28 07:32 -------- d-----w- c:\programdata\PrevxCSI 2011-03-28 00:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-28 00:36 . 2011-03-28 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com 2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\programdata\!SASCORE 2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-03-28 00:26 . 2009-06-30 14:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys 2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\SPReview 2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\EventProviders 2011-03-11 17:47 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-03-11 17:47 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-03-11 17:45 . 2010-11-20 13:25 1975296 ----a-w- c:\windows\system32\CertEnroll.dll 2011-03-11 17:44 . 2010-11-20 13:27 183808 ----a-w- c:\windows\system32\prncache.dll 2011-03-11 17:43 . 2010-11-20 13:27 65536 ----a-w- c:\windows\system32\RpcRtRemote.dll 2011-03-11 17:42 . 2010-11-20 13:27 337920 ----a-w- c:\windows\system32\raschap.dll 2011-03-11 17:41 . 2010-11-20 12:18 323072 ------w- c:\windows\SysWow64\drvstore.dll 2011-03-11 17:41 . 2010-11-20 12:18 257024 ------w- c:\windows\SysWow64\dpx.dll 2011-03-11 17:41 . 2010-11-20 12:21 363008 ------w- c:\windows\SysWow64\wbemcomn.dll 2011-03-11 17:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-03-11 17:36 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-03-11 17:36 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-03-11 17:36 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-03-11 17:36 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-03-11 17:35 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-03-11 17:34 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-03-11 17:34 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-03-11 17:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-03-11 17:11 . 2011-01-17 05:47 161792 ------w- c:\windows\SysWow64\d3d10_1.dll 2011-03-11 16:50 . 2011-03-16 05:52 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Media Player Classic 2011-03-11 13:09 . 2011-03-11 13:09 -------- d-----w- c:\users\MaryAnn\AppData\Local\Downloaded Installations 2011-03-11 07:46 . 2011-03-11 07:46 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Returnil 2011-03-11 07:44 . 2011-03-11 07:44 -------- d-----w- c:\programdata\Returnil 2011-03-11 07:34 . 2011-03-11 07:34 -------- d-----w- c:\program files\Sandboxie 2011-03-11 07:23 . 2011-03-28 08:00 -------- d-----w- C:\!KillBox 2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Malwarebytes 2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\programdata\Malwarebytes 2011-03-11 07:23 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-11 07:18 . 2011-03-11 07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-03-10 18:29 . 2011-03-28 00:26 -------- d-----w- c:\program files (x86)\Panda Security 2011-03-10 17:00 . 2011-03-10 17:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-03-09 20:42 . 2011-03-09 20:42 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-03-09 20:39 . 2011-03-09 20:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-03-09 20:39 . 2011-03-09 20:39 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-08 21:57 . 2011-03-08 21:57 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Unity 2011-03-06 19:41 . 2011-03-06 19:41 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Rovio 2011-03-06 19:04 . 2011-03-28 04:12 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12 2011-03-06 18:59 . 2011-03-06 18:59 -------- d-----w- c:\users\MaryAnn\AppData\Local\Mozilla . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-11 17:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-03-10 17:01 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-14 00:17 . 2011-02-14 00:18 515584 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2011-02-14 00:17 . 2011-02-14 00:18 431616 ----a-w- c:\windows\system32\stcplx64.dll 2011-02-14 00:17 . 2011-02-14 00:18 1466880 ----a-w- c:\windows\system32\stapo64.dll 2011-02-14 00:17 . 2010-07-02 02:52 487424 ----a-w- c:\windows\sttray64.exe 2011-02-14 00:17 . 2010-07-02 02:52 1952256 ----a-w- c:\windows\system32\stlang64.dll 2011-02-14 00:17 . 2011-02-14 00:18 646656 ------w- c:\windows\system32\stapi64.dll 2011-02-14 00:17 . 2010-07-02 02:52 68608 ----a-w- c:\windows\system32\AESTAR64.dll 2011-02-14 00:17 . 2010-07-02 02:52 442368 ----a-w- c:\windows\system32\AESTEC64.dll 2011-02-14 00:17 . 2010-07-02 02:52 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2011-02-14 00:17 . 2010-07-02 02:52 162304 ----a-w- c:\windows\system32\AESTAC64.dll 2011-02-14 00:17 . 2010-07-02 02:52 90624 ----a-w- c:\windows\system32\AESTCo64.dll 2011-02-14 00:17 . 2010-07-02 02:52 12829184 ----a-w- c:\windows\system32\idtcpl64.cpl 2011-02-14 00:17 . 2010-07-02 02:51 209920 ----a-w- c:\windows\system32\staco64.dll 2011-02-07 06:34 . 2011-02-07 06:34 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll 2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll 2011-01-24 02:30 . 2011-01-24 02:30 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-01-07 12:17 . 2011-02-22 23:22 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-07 12:17 . 2011-02-22 23:22 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-07 12:14 . 2011-02-11 18:57 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 09:51 . 2011-02-11 18:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-01-07 09:20 . 2011-02-11 18:57 366592 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 07:46 . 2011-02-22 23:22 870912 ------w- c:\windows\SysWow64\XpsPrint.dll 2011-01-07 07:46 . 2011-02-22 23:22 288256 ------w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-01-07 07:45 . 2011-02-11 18:57 34304 ------w- c:\windows\SysWow64\atmlib.dll 2011-01-07 06:01 . 2011-02-11 18:57 1638912 ------w- c:\windows\SysWow64\mshtml.tlb 2011-01-07 05:43 . 2011-02-11 18:57 294400 ------w- c:\windows\SysWow64\atmfd.dll 2011-01-05 10:34 . 2011-02-11 18:56 612864 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 06:56 . 2011-02-11 18:57 3129344 ----a-w- c:\windows\system32\win32k.sys 2011-01-05 05:55 . 2011-02-11 18:56 428032 ------w- c:\windows\SysWow64\vbscript.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-03-28_15.40.09 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-03-28 08:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-03-28 23:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-03-28 08:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-03-28 23:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-03-28 23:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-03-28 08:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-05 14:57 . 2011-03-25 09:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-01-05 14:57 . 2011-03-28 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-05 14:57 . 2011-03-25 09:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-01-05 14:57 . 2011-03-28 19:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-03-25 09:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-03-28 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-05 16:03 . 2011-03-28 18:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-05 16:03 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2011-03-28 19:00 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-01-05 16:03 . 2011-03-28 18:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-01-05 16:03 . 2011-03-28 08:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-01-05 16:03 . 2011-03-28 18:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-05 16:03 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-05 22:07 . 2011-03-28 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-01-05 22:07 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-02 23:20 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-07-02 23:20 . 2011-03-28 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-28 15:11 . 2011-03-28 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-03-28 23:38 . 2011-03-28 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-03-28 15:11 . 2011-03-28 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-28 23:38 . 2011-03-28 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2011-03-28 19:42 655932 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-03-28 15:17 655932 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-28 19:42 118846 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-03-28 15:17 118846 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-03-28 08:27 415888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-03-28 19:36 415888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2011-03-28 19:34 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2011-03-12 01:29 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-03-23 3528504] "C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 1004088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 476792] S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-02-23 00:23 146928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-14 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-03-28 6746280] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-11 132656] S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x] S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000Core.job - c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36] . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000UA.job - c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36] . 2011-03-16 c:\windows\Tasks\HPCeeScheduleForEVANGELEON$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . 2011-03-23 c:\windows\Tasks\HPCeeScheduleForMaryAnn.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\ . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" -- . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe . ************************************************************************** . Completion time: 2011-03-28 19:44:10 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-28 23:44 ComboFix2.txt 2011-03-28 19:54 ComboFix3.txt 2011-03-28 18:34 ComboFix4.txt 2011-03-28 15:42 ComboFix5.txt 2011-03-28 23:30 . Pre-Run: 279,664,832,512 bytes free Post-Run: 279,592,091,648 bytes free . - - End Of File - - CD7BCC50A355DC7946D9870B61F89252
  12. mareimbri02
    Thanks once again for your prompt reply. I was once again unable to so much as open my Norton file in either normal or safe modes. But I ran the scanner anyway and this is the log file. C:\Program Files (x86)\RegistryFix8\RegFix8.exe Win32/Adware.ErrorClean application C:\Program Files (x86)\RegistryFix8\UninstlDll.dll Win32/Adware.ErrorClean application
  13. mareimbri02
    Hello and thank you for getting to me so soon! I did as you said, but now I've lost my external mouse and my internet is mostly down. As for Combo fix, I was unable to do anything with my Norton. I do believe it's a casualty of this wretched virus. But here are the log files. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 03/28/2011 at 14:53:13. Operating System: Windows 7 Home Premium Processes terminated by Rkill or while it was running: C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe Rkill completed on 03/28/2011 at 14:53:26. ComboFix 11-03-28.01 - MaryAnn 03/28/2011 14:29:04.3.3 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2765 [GMT -4:00] Running from: c:\users\MaryAnn\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Security Suite *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 ))))))))))))))))))))))))))))))) . . 2011-03-28 18:32 . 2011-03-28 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-28 07:50 . 2011-03-28 07:52 -------- d-----w- c:\program files (x86)\RegistryFix8 2011-03-28 07:30 . 2011-03-28 07:30 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys 2011-03-28 07:30 . 2011-03-28 07:30 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys 2011-03-28 07:30 . 2011-03-28 07:32 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys 2011-03-28 07:30 . 2011-03-28 07:30 -------- d-----w- c:\program files\Prevx 2011-03-28 07:29 . 2011-03-28 07:32 -------- d-----w- c:\programdata\PrevxCSI 2011-03-28 00:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-28 00:36 . 2011-03-28 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com 2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\programdata\!SASCORE 2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-03-28 00:26 . 2009-06-30 14:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys 2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\SPReview 2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\EventProviders 2011-03-11 17:47 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2011-03-11 17:47 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-03-11 17:45 . 2010-11-20 13:25 1975296 ----a-w- c:\windows\system32\CertEnroll.dll 2011-03-11 17:44 . 2010-11-20 13:27 183808 ----a-w- c:\windows\system32\prncache.dll 2011-03-11 17:43 . 2010-11-20 13:27 65536 ----a-w- c:\windows\system32\RpcRtRemote.dll 2011-03-11 17:42 . 2010-11-20 13:27 337920 ----a-w- c:\windows\system32\raschap.dll 2011-03-11 17:41 . 2010-11-20 12:18 323072 ------w- c:\windows\SysWow64\drvstore.dll 2011-03-11 17:41 . 2010-11-20 12:18 257024 ------w- c:\windows\SysWow64\dpx.dll 2011-03-11 17:41 . 2010-11-20 12:21 363008 ------w- c:\windows\SysWow64\wbemcomn.dll 2011-03-11 17:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2011-03-11 17:36 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-03-11 17:36 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2011-03-11 17:36 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2011-03-11 17:36 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll 2011-03-11 17:35 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe 2011-03-11 17:34 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll 2011-03-11 17:34 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2011-03-11 17:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-03-11 17:11 . 2011-01-17 05:47 161792 ------w- c:\windows\SysWow64\d3d10_1.dll 2011-03-11 16:50 . 2011-03-16 05:52 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Media Player Classic 2011-03-11 13:09 . 2011-03-11 13:09 -------- d-----w- c:\users\MaryAnn\AppData\Local\Downloaded Installations 2011-03-11 07:46 . 2011-03-11 07:46 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Returnil 2011-03-11 07:44 . 2011-03-11 07:44 -------- d-----w- c:\programdata\Returnil 2011-03-11 07:34 . 2011-03-11 07:34 -------- d-----w- c:\program files\Sandboxie 2011-03-11 07:23 . 2011-03-28 08:00 -------- d-----w- C:\!KillBox 2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Malwarebytes 2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\programdata\Malwarebytes 2011-03-11 07:23 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-11 07:18 . 2011-03-11 07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-03-10 18:29 . 2011-03-28 00:26 -------- d-----w- c:\program files (x86)\Panda Security 2011-03-10 17:00 . 2011-03-10 17:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-03-09 20:42 . 2011-03-09 20:42 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-03-09 20:39 . 2011-03-09 20:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-03-09 20:39 . 2011-03-09 20:39 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-08 21:57 . 2011-03-08 21:57 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Unity 2011-03-06 19:41 . 2011-03-06 19:41 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Rovio 2011-03-06 19:04 . 2011-03-28 04:12 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12 2011-03-06 18:59 . 2011-03-06 18:59 -------- d-----w- c:\users\MaryAnn\AppData\Local\Mozilla . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-11 17:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-03-10 17:01 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-02-14 00:17 . 2011-02-14 00:18 515584 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2011-02-14 00:17 . 2011-02-14 00:18 431616 ----a-w- c:\windows\system32\stcplx64.dll 2011-02-14 00:17 . 2011-02-14 00:18 1466880 ----a-w- c:\windows\system32\stapo64.dll 2011-02-14 00:17 . 2010-07-02 02:52 487424 ----a-w- c:\windows\sttray64.exe 2011-02-14 00:17 . 2010-07-02 02:52 1952256 ----a-w- c:\windows\system32\stlang64.dll 2011-02-14 00:17 . 2011-02-14 00:18 646656 ------w- c:\windows\system32\stapi64.dll 2011-02-14 00:17 . 2010-07-02 02:52 68608 ----a-w- c:\windows\system32\AESTAR64.dll 2011-02-14 00:17 . 2010-07-02 02:52 442368 ----a-w- c:\windows\system32\AESTEC64.dll 2011-02-14 00:17 . 2010-07-02 02:52 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll 2011-02-14 00:17 . 2010-07-02 02:52 162304 ----a-w- c:\windows\system32\AESTAC64.dll 2011-02-14 00:17 . 2010-07-02 02:52 90624 ----a-w- c:\windows\system32\AESTCo64.dll 2011-02-14 00:17 . 2010-07-02 02:52 12829184 ----a-w- c:\windows\system32\idtcpl64.cpl 2011-02-14 00:17 . 2010-07-02 02:51 209920 ----a-w- c:\windows\system32\staco64.dll 2011-02-07 06:34 . 2011-02-07 06:34 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll 2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll 2011-01-24 02:30 . 2011-01-24 02:30 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-01-07 12:17 . 2011-02-22 23:22 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-07 12:17 . 2011-02-22 23:22 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-07 12:14 . 2011-02-11 18:57 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 09:51 . 2011-02-11 18:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-01-07 09:20 . 2011-02-11 18:57 366592 ----a-w- c:\windows\system32\atmfd.dll 2011-01-07 07:46 . 2011-02-22 23:22 870912 ------w- c:\windows\SysWow64\XpsPrint.dll 2011-01-07 07:46 . 2011-02-22 23:22 288256 ------w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-01-07 07:45 . 2011-02-11 18:57 34304 ------w- c:\windows\SysWow64\atmlib.dll 2011-01-07 06:01 . 2011-02-11 18:57 1638912 ------w- c:\windows\SysWow64\mshtml.tlb 2011-01-07 05:43 . 2011-02-11 18:57 294400 ------w- c:\windows\SysWow64\atmfd.dll 2011-01-05 10:34 . 2011-02-11 18:56 612864 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 06:56 . 2011-02-11 18:57 3129344 ----a-w- c:\windows\system32\win32k.sys 2011-01-05 05:55 . 2011-02-11 18:56 428032 ------w- c:\windows\SysWow64\vbscript.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-03-28_15.40.09 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 02:36 . 2011-03-28 15:17 655932 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-28 18:07 655932 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-03-28 18:07 118846 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-03-28 15:17 118846 c:\windows\system32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-03-23 3528504] "C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 1004088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] R1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 476792] R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-02-23 00:23 146928] R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-14 89600] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304] R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-03-28 6746280] R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480] R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640] R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-11 132656] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000Core.job - c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36] . 2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000UA.job - c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36] . 2011-03-16 c:\windows\Tasks\HPCeeScheduleForEVANGELEON$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . 2011-03-23 c:\windows\Tasks\HPCeeScheduleForMaryAnn.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.yahoo.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\MsDepSvc] "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc" -- . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-03-28 14:34:11 ComboFix-quarantined-files.txt 2011-03-28 18:34 ComboFix2.txt 2011-03-28 15:42 ComboFix3.txt 2011-03-11 13:26 . Pre-Run: 280,758,288,384 bytes free Post-Run: 280,460,681,216 bytes free . - - End Of File - - 5A65994F3145335F97382238856F43D8 Thanks again! I'll be looking for your response!
  14. mareimbri02
    . DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK Run by MaryAnn at 4:46:24.20 on Mon 03/28/2011 Internet Explorer: 8.0.7601.17514 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2826 [GMT -4:00] . AV: Norton Security Suite *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MaryAnn\Downloads\dds (1).scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP mStart Page = hxxp://www.yahoo.com BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {395610AE-C624-4f58-B89E-23733EA00F9A} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO uRun: [C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run] "C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll BHO-X64: HP SimplePass Identity Protection Extension - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\ FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll FF - plugin: C:\Users\MaryAnn\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Users\MaryAnn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2011-3-28 36384] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-2-9 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-2-9 221232] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-19 46136] R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2011-3-28 24024] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-1 38456] S0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-3-27 33800] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-10 1124472] S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-2-9 615040] S1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSviA64.sys [2011-3-21 476792] S1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2011-3-28 65736] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-2-9 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-2-9 451120] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58:56];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-7-1 146928] S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-13 89600] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203264] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304] S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-3-28 6746280] S2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-6 338168] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520] S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480] S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2011-2-9 126392] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-9-29 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-9-29 185640] S2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 2184496] S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 7767552] S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 279040] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-3-10 132656] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-26 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-2-26 17920] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-1 239136] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-1 295424] S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984] S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-03-28 07:50:50 -------- d-----w- C:\Program Files (x86)\RegistryFix8 2011-03-28 07:30:10 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys 2011-03-28 07:30:10 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys 2011-03-28 07:30:09 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys 2011-03-28 07:30:09 -------- d-----w- C:\Program Files\Prevx 2011-03-28 07:29:49 -------- d-----w- C:\PROGRA~3\PrevxCSI 2011-03-28 00:36:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-28 00:36:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com 2011-03-28 00:35:14 -------- d-----w- C:\PROGRA~3\!SASCORE 2011-03-28 00:35:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-03-28 00:26:38 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys 2011-03-11 17:50:37 -------- d-----w- C:\Windows\System32\SPReview 2011-03-11 17:50:08 -------- d-----w- C:\Windows\System32\EventProviders 2011-03-11 17:47:05 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2011-03-11 17:47:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2011-03-11 17:45:59 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll 2011-03-11 17:44:59 288256 ----a-w- C:\Windows\System32\MSNP.ax 2011-03-11 17:43:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll 2011-03-11 17:42:59 71168 ----a-w- C:\Windows\bfsvc.exe 2011-03-11 17:41:46 323072 ------w- C:\Windows\SysWow64\drvstore.dll 2011-03-11 17:41:46 257024 ------w- C:\Windows\SysWow64\dpx.dll 2011-03-11 17:41:34 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2011-03-11 17:41:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll 2011-03-11 17:36:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2011-03-11 17:36:28 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2011-03-11 17:36:28 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll 2011-03-11 17:36:04 933376 ----a-w- C:\Windows\System32\SmiEngine.dll 2011-03-11 17:35:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe 2011-03-11 17:34:28 422912 ----a-w- C:\Windows\System32\drvstore.dll 2011-03-11 17:34:27 399872 ----a-w- C:\Windows\System32\dpx.dll 2011-03-11 17:11:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2011-03-11 17:11:52 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll 2011-03-11 13:23:53 -------- d-----w- C:\$RECYCLE.BIN 2011-03-11 13:15:18 89088 ----a-w- C:\Windows\MBR.exe 2011-03-11 13:15:18 256512 ----a-w- C:\Windows\PEV.exe 2011-03-11 13:15:18 161792 ----a-w- C:\Windows\SWREG.exe 2011-03-11 13:15:17 98816 ----a-w- C:\Windows\sed.exe 2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations 2011-03-11 07:46:28 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil 2011-03-11 07:44:44 -------- d-----w- C:\PROGRA~3\Returnil 2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie 2011-03-11 07:23:50 -------- d-----w- C:\!KillBox 2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes 2011-03-11 07:23:12 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-03-11 07:23:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-03-11 07:18:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-03-10 18:29:20 -------- d-----w- C:\Program Files (x86)\Panda Security 2011-03-10 17:00:48 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2011-03-09 20:42:09 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-03-09 20:39:38 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-03-09 20:39:35 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity 2011-03-06 19:41:58 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio 2011-03-06 19:04:30 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12 2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla . ==================== Find3M ==================== . 2011-03-11 17:59:44 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 06:30:51 1076736 ------w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ------w- C:\Windows\SysWow64\d2d1.dll 2011-02-07 06:34:01 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll 2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-01-24 02:30:35 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys 2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll 2011-01-07 07:46:34 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll 2011-01-07 07:46:34 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-01-07 07:45:57 34304 ------w- C:\Windows\SysWow64\atmlib.dll 2011-01-07 06:01:22 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb 2011-01-07 05:43:36 294400 ------w- C:\Windows\SysWow64\atmfd.dll 2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll 2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys 2011-01-05 05:55:55 428032 ------w- C:\Windows\SysWow64\vbscript.dll . ============= FINISH: 4:47:28.51 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6190 Windows 6.1.7601 Service Pack 1 (Safe Mode) Internet Explorer 8.0.7601.17514 3/28/2011 11:09:28 AM mbam-log-2011-03-28 (11-09-28).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 434880 Time elapsed: 51 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\MaryAnn\downloads\setup (1).exe (Rogue.Installer) -> Quarantined and deleted successfully. c:\Users\MaryAnn\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. attach.zip.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.