toddinla

Google redirect that just won't die

24 posts in this topic

As the title says, I've got a Google redirect virus that just won't die. The ystem was infected with tons of viruses/trojans, seemingly all of which MalwareBytes, my Norton Recovery Tool CD and Spybot S&D removed, except for this redirect thing. Also tried Kaspersky Rescue Disc, but it found nothing (after the previous tools).

Logs from DDS is below.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by NICOLE at 3:17:47 on 2012-04-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2403 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Mikogo] "C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" -asp

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [CanonSolutionMenuEx] "REM C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon

mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\Users\NICOLE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-explorer: DisallowRun = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\43241354 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\C696E6B6379737 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{71481F14-188C-4518-A592-59D41A4B254D} : DhcpNameServer = 192.168.1.254

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

IFEO: image file execution options -

BHO-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File

BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [CanonSolutionMenuEx] "REM C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon

mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IFEO-X64: image file execution options -

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\NICOLE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120410.002\IDSviA64.sys [2012-4-10 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-4 92160]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-17 155648]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-2-27 60928]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-4-9 138232]

R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-4 206064]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-3 138360]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253600]

S3 B-Service;B-Service;C:\Users\NICOLE\Downloads\B-Service.exe --> C:\Users\NICOLE\Downloads\B-Service.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-3-30 151064]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-04-11 08:37:59 -------- d-----w- C:\Windows\Standalone System Sweeper

2012-04-11 08:34:21 -------- d-----w- C:\ProgramData\Sophos

2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-04-11 08:33:57 -------- d-----w- C:\Program Files (x86)\Sophos

2012-04-11 08:24:12 16200 ----a-w- C:\Windows\stinger.sys

2012-04-11 04:22:42 -------- d-----w- C:\Windows\rescache

2012-04-11 03:20:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-11 03:20:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-11 01:07:29 -------- d-----w- C:\Program Files\iPod

2012-04-11 01:07:28 -------- d-----w- C:\Program Files\iTunes

2012-04-11 01:07:28 -------- d-----w- C:\Program Files (x86)\iTunes

2012-04-11 00:26:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-11 00:26:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-10 23:37:55 -------- d-----w- C:\Windows\System32\SPReview

2012-04-10 23:36:57 -------- d-----w- C:\Windows\System32\EventProviders

2012-04-10 23:36:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-10 23:36:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-10 23:36:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-10 23:33:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-10 23:33:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-10 23:33:04 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-10 23:33:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-10 23:33:04 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-10 23:33:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-10 23:33:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-10 23:14:04 -------- d-----w- C:\Program Files (x86)\stinger

2012-04-10 21:46:58 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Malwarebytes

2012-04-10 21:46:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-10 21:46:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-10 21:46:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-10 21:12:19 -------- d-----w- C:\Program Files\CCleaner

2012-04-10 08:59:38 -------- d-----w- C:\NBRT

2012-04-10 05:04:22 -------- d-----w- C:\NPE

2012-04-10 02:01:05 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 01:45:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-09 10:17:46 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-09 09:50:12 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys

2012-04-09 09:50:12 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys

2012-04-09 09:50:11 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys

2012-04-09 09:50:11 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys

2012-04-09 09:50:10 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys

2012-04-09 09:50:10 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys

2012-04-09 09:50:10 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys

2012-04-09 09:49:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A

2012-04-07 20:46:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-04-03 05:38:31 -------- d-sh--w- C:\Users\NICOLE\AppData\Local\c98ae578

2012-04-03 05:37:35 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Directory

2012-03-29 16:59:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-03-29 16:58:42 -------- d-----we C:\Windows\system64

2012-03-29 01:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll

2012-03-17 23:58:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 23:58:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 12:43:53 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 12:43:49 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 12:43:49 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 12:43:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 12:43:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 12:43:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 12:43:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 12:43:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2012-04-11 00:00:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-04-11 00:00:20 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-04-10 02:01:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-09 09:50:32 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 18:36:25 704504 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP

.

============= FINISH: 3:22:33.72 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/9/2010 3:37:50 PM

System Uptime: 4/11/2012 3:14:02 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0R225F

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | U2E1 | 2267/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 59 GiB total, 22.981 GiB free.

D: is FIXED (NTFS) - 397 GiB total, 396.851 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}

Description: Intel® Active Management Technology - SOL

Device ID: PCI\VEN_8086&DEV_3B67&SUBSYS_04171028&REV_06\3&11583659&0&B3

Manufacturer: Intel

Name: Intel® Active Management Technology - SOL (COM3)

PNP Device ID: PCI\VEN_8086&DEV_3B67&SUBSYS_04171028&REV_06\3&11583659&0&B3

Service: Serial

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Accelerometer

Adobe Reader 9.5.0

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Banctec Service Agreement

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MG5200 series User Registration

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

Compatibility Pack for the 2007 Office system

Complete Care Business Service Agreement

Complete Care Consumer Service Agreement

Consumer In-Home Service Agreement

Cozi

Dell Communications (Support Software)

Dell DataSafe Online

Dell Driver Download Manager

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell Webcam Central

Driver Medic

Google Chrome

Google Update Helper

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Junk Mail filter update

Lexmark Printable Web

Lexmark Toolbar

Lexmark Tools for Office

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office 2003 Web Components

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Office XP Web Components

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 11.0 (x86 en-US)

MSN Toolbar

MSN Toolbar Platform

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Norton Internet Security

PDFCreator

QualXServ Service Agreement

QuickTime

Realtek High Definition Audio Driver

Roxio Burn

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Sophos Virus Removal Tool

Spybot - Search & Destroy

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 6:44:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/9/2012 2:48:54 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.

4/11/2012 3:19:22 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/11/2012 3:15:06 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

4/11/2012 3:15:01 AM, Error: Service Control Manager [7023] - The Drvnddm service terminated with the following error: The system cannot find the file specified.

4/11/2012 3:14:42 AM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.

4/11/2012 2:48:39 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

4/11/2012 1:24:25 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 7:44:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

4/10/2012 7:28:52 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

4/10/2012 6:05:21 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422).

4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656372).

4/10/2012 5:20:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

4/10/2012 5:18:06 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

4/10/2012 5:12:52 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Help/Operational.

4/10/2012 12:10:05 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The system cannot find the file specified.

4/10/2012 11:57:20 AM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259

4/10/2012 10:38:46 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

.

==== End Of File ===========================

Thanks in advance for your help!

Todd

Share this post


Link to post
Share on other sites

Hello Todd \ and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Hi, Maniac. Thanks for the quick reply and instructions. Unthinkingly, I ran Microsoft's System Sweeper x64 earlier today, which removed two items. I've included it's log at the end of this message, just in case.

Seeing as I've been trying to kill this bug for several days, yuu should know that RKILL, TDSSKiller, Spybot S&D, CCleaner, McAfee Stinger & Norton Power Eraser have all been used. With all their actions the system now is up and running, but the Google redirect is still there.

Also, I noticed today that when Windows is in Safe Mode w/ Networking the redirection doesn't seem to happen. Not sure if that helps your analysis or not.

A Zip of all log files is available at: http://dl.dropbox.com/u/22574394/maniac_logs.zip

----------------

17:32:44.0959 5048 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

17:32:45.0442 5048 ============================================================

17:32:45.0442 5048 Current date / time: 2012/04/11 17:32:45.0442

17:32:45.0442 5048 SystemInfo:

17:32:45.0442 5048

17:32:45.0458 5048 OS Version: 6.1.7601 ServicePack: 1.0

17:32:45.0458 5048 Product type: Workstation

17:32:45.0458 5048 ComputerName: NICOLE-PC

17:32:45.0458 5048 UserName: NICOLE

17:32:45.0458 5048 Windows directory: C:\Windows

17:32:45.0458 5048 System windows directory: C:\Windows

17:32:45.0458 5048 Running under WOW64

17:32:45.0458 5048 Processor architecture: Intel x64

17:32:45.0458 5048 Number of processors: 4

17:32:45.0458 5048 Page size: 0x1000

17:32:45.0458 5048 Boot type: Normal boot

17:32:45.0458 5048 ============================================================

17:32:46.0615 5048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:32:46.0631 5048 Drive \Device\Harddisk1\DR1 - Size: 0x3D500000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:32:46.0631 5048 \Device\Harddisk0\DR0:

17:32:46.0631 5048 MBR used

17:32:46.0631 5048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000

17:32:46.0631 5048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000

17:32:46.0662 5048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800

17:32:46.0662 5048 \Device\Harddisk1\DR1:

17:32:46.0662 5048 MBR used

17:32:46.0662 5048 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1EA7C1

17:32:46.0724 5048 Initialize success

17:32:46.0724 5048 ============================================================

17:32:52.0403 4504 ============================================================

17:32:52.0403 4504 Scan started

17:32:52.0403 4504 Mode: Manual; SigCheck; TDLFS;

17:32:52.0403 4504 ============================================================

17:32:53.0370 4504 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:32:53.0495 4504 1394ohci - ok

17:32:53.0557 4504 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys

17:32:53.0573 4504 Acceler - ok

17:32:53.0604 4504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:32:53.0635 4504 ACPI - ok

17:32:53.0666 4504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:32:53.0729 4504 AcpiPmi - ok

17:32:53.0807 4504 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:32:53.0838 4504 AdobeFlashPlayerUpdateSvc - ok

17:32:53.0885 4504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:32:53.0932 4504 adp94xx - ok

17:32:53.0947 4504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:32:53.0963 4504 adpahci - ok

17:32:54.0010 4504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:32:54.0025 4504 adpu320 - ok

17:32:54.0056 4504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

17:32:54.0212 4504 AeLookupSvc - ok

17:32:54.0259 4504 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

17:32:54.0353 4504 AERTFilters - ok

17:32:54.0400 4504 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:32:54.0446 4504 AFD - ok

17:32:54.0493 4504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:32:54.0509 4504 agp440 - ok

17:32:54.0540 4504 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

17:32:54.0587 4504 ALG - ok

17:32:54.0649 4504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:32:54.0680 4504 aliide - ok

17:32:54.0696 4504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:32:54.0712 4504 amdide - ok

17:32:54.0743 4504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:32:54.0774 4504 AmdK8 - ok

17:32:54.0790 4504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:32:54.0836 4504 AmdPPM - ok

17:32:54.0868 4504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:32:54.0899 4504 amdsata - ok

17:32:54.0930 4504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:32:54.0961 4504 amdsbs - ok

17:32:54.0977 4504 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:32:54.0977 4504 amdxata - ok

17:32:55.0039 4504 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:32:55.0102 4504 AppID - ok

17:32:55.0117 4504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

17:32:55.0164 4504 AppIDSvc - ok

17:32:55.0195 4504 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

17:32:55.0273 4504 Appinfo - ok

17:32:55.0351 4504 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:32:55.0367 4504 Apple Mobile Device - ok

17:32:55.0445 4504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:32:55.0460 4504 arc - ok

17:32:55.0476 4504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:32:55.0492 4504 arcsas - ok

17:32:55.0523 4504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:32:55.0616 4504 AsyncMac - ok

17:32:55.0632 4504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:32:55.0648 4504 atapi - ok

17:32:55.0694 4504 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:32:55.0788 4504 AudioEndpointBuilder - ok

17:32:55.0804 4504 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:32:55.0850 4504 AudioSrv - ok

17:32:55.0882 4504 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

17:32:55.0944 4504 AxInstSV - ok

17:32:56.0022 4504 B-Service - ok

17:32:56.0084 4504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:32:56.0147 4504 b06bdrv - ok

17:32:56.0162 4504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:32:56.0209 4504 b57nd60a - ok

17:32:56.0272 4504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

17:32:56.0303 4504 BDESVC - ok

17:32:56.0334 4504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:32:56.0381 4504 Beep - ok

17:32:56.0459 4504 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

17:32:56.0568 4504 BFE - ok

17:32:56.0693 4504 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys

17:32:56.0786 4504 BHDrvx64 - ok

17:32:56.0864 4504 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

17:32:56.0989 4504 BITS - ok

17:32:57.0036 4504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:32:57.0067 4504 blbdrive - ok

17:32:57.0130 4504 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

17:32:57.0176 4504 Bonjour Service - ok

17:32:57.0223 4504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:32:57.0254 4504 bowser - ok

17:32:57.0286 4504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:32:57.0348 4504 BrFiltLo - ok

17:32:57.0364 4504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:32:57.0379 4504 BrFiltUp - ok

17:32:57.0410 4504 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

17:32:57.0488 4504 Browser - ok

17:32:57.0520 4504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:32:57.0566 4504 Brserid - ok

17:32:57.0582 4504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:32:57.0613 4504 BrSerWdm - ok

17:32:57.0629 4504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:32:57.0676 4504 BrUsbMdm - ok

17:32:57.0691 4504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:32:57.0738 4504 BrUsbSer - ok

17:32:57.0785 4504 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

17:32:57.0832 4504 BthEnum - ok

17:32:57.0863 4504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:32:57.0894 4504 BTHMODEM - ok

17:32:57.0941 4504 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:32:57.0988 4504 BthPan - ok

17:32:58.0019 4504 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

17:32:58.0066 4504 BTHPORT - ok

17:32:58.0112 4504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

17:32:58.0190 4504 bthserv - ok

17:32:58.0206 4504 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

17:32:58.0237 4504 BTHUSB - ok

17:32:58.0268 4504 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

17:32:58.0300 4504 btwaudio - ok

17:32:58.0440 4504 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

17:32:58.0456 4504 btwavdt - ok

17:32:58.0518 4504 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

17:32:58.0596 4504 btwdins - ok

17:32:58.0612 4504 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

17:32:58.0627 4504 btwl2cap - ok

17:32:58.0643 4504 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

17:32:58.0658 4504 btwrchid - ok

17:32:58.0752 4504 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys

17:32:58.0783 4504 ccSet_NIS - ok

17:32:58.0814 4504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:32:58.0908 4504 cdfs - ok

17:32:58.0955 4504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

17:32:59.0002 4504 cdrom - ok

17:32:59.0064 4504 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:32:59.0142 4504 CertPropSvc - ok

17:32:59.0189 4504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:32:59.0236 4504 circlass - ok

17:32:59.0267 4504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:32:59.0298 4504 CLFS - ok

17:32:59.0345 4504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:32:59.0376 4504 clr_optimization_v2.0.50727_32 - ok

17:32:59.0423 4504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:32:59.0438 4504 clr_optimization_v2.0.50727_64 - ok

17:32:59.0501 4504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:32:59.0516 4504 clr_optimization_v4.0.30319_32 - ok

17:32:59.0548 4504 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:32:59.0563 4504 clr_optimization_v4.0.30319_64 - ok

17:32:59.0610 4504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:32:59.0657 4504 CmBatt - ok

17:32:59.0672 4504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:32:59.0688 4504 cmdide - ok

17:32:59.0735 4504 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:32:59.0813 4504 CNG - ok

17:32:59.0844 4504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:32:59.0860 4504 Compbatt - ok

17:32:59.0891 4504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:32:59.0938 4504 CompositeBus - ok

17:32:59.0953 4504 COMSysApp - ok

17:32:59.0984 4504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:33:00.0000 4504 crcdisk - ok

17:33:00.0047 4504 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

17:33:00.0125 4504 CryptSvc - ok

17:33:00.0172 4504 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

17:33:00.0203 4504 CtClsFlt - ok

17:33:00.0250 4504 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:33:00.0343 4504 DcomLaunch - ok

17:33:00.0374 4504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

17:33:00.0468 4504 defragsvc - ok

17:33:00.0515 4504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:33:00.0577 4504 DfsC - ok

17:33:00.0624 4504 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

17:33:00.0686 4504 Dhcp - ok

17:33:00.0718 4504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:33:00.0796 4504 discache - ok

17:33:00.0842 4504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:33:00.0858 4504 Disk - ok

17:33:00.0889 4504 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

17:33:00.0920 4504 Dnscache - ok

17:33:00.0998 4504 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

17:33:01.0030 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

17:33:01.0030 4504 DockLoginService - detected UnsignedFile.Multi.Generic (1)

17:33:01.0061 4504 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

17:33:01.0123 4504 dot3svc - ok

17:33:01.0154 4504 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

17:33:01.0217 4504 DPS - ok

17:33:01.0264 4504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:33:01.0310 4504 drmkaud - ok

17:33:01.0357 4504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:33:01.0420 4504 DXGKrnl - ok

17:33:01.0466 4504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

17:33:01.0529 4504 EapHost - ok

17:33:01.0622 4504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:33:01.0747 4504 ebdrv - ok

17:33:01.0810 4504 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

17:33:01.0856 4504 eeCtrl - ok

17:33:01.0888 4504 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

17:33:01.0919 4504 EFS - ok

17:33:01.0981 4504 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

17:33:02.0028 4504 ehRecvr - ok

17:33:02.0059 4504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

17:33:02.0090 4504 ehSched - ok

17:33:02.0168 4504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:33:02.0215 4504 elxstor - ok

17:33:02.0278 4504 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

17:33:02.0309 4504 EraserUtilRebootDrv - ok

17:33:02.0340 4504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:33:02.0371 4504 ErrDev - ok

17:33:02.0418 4504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

17:33:02.0496 4504 EventSystem - ok

17:33:02.0621 4504 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

17:33:02.0683 4504 EvtEng - ok

17:33:02.0746 4504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:33:02.0808 4504 exfat - ok

17:33:02.0839 4504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:33:02.0902 4504 fastfat - ok

17:33:02.0948 4504 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

17:33:03.0011 4504 Fax - ok

17:33:03.0026 4504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:33:03.0058 4504 fdc - ok

17:33:03.0104 4504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

17:33:03.0167 4504 fdPHost - ok

17:33:03.0182 4504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

17:33:03.0229 4504 FDResPub - ok

17:33:03.0260 4504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:33:03.0260 4504 FileInfo - ok

17:33:03.0292 4504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:33:03.0370 4504 Filetrace - ok

17:33:03.0385 4504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:33:03.0401 4504 flpydisk - ok

17:33:03.0479 4504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:33:03.0510 4504 FltMgr - ok

17:33:03.0682 4504 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

17:33:03.0744 4504 FontCache - ok

17:33:03.0806 4504 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:33:03.0822 4504 FontCache3.0.0.0 - ok

17:33:03.0838 4504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:33:03.0869 4504 FsDepends - ok

17:33:03.0900 4504 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

17:33:03.0931 4504 Fs_Rec - ok

17:33:03.0962 4504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:33:03.0994 4504 fvevol - ok

17:33:04.0025 4504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:33:04.0040 4504 gagp30kx - ok

17:33:04.0103 4504 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

17:33:04.0134 4504 GameConsoleService - ok

17:33:04.0165 4504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:33:04.0196 4504 GEARAspiWDM - ok

17:33:04.0243 4504 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

17:33:04.0337 4504 gpsvc - ok

17:33:04.0399 4504 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:33:04.0415 4504 gupdate - ok

17:33:04.0477 4504 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:33:04.0493 4504 gupdatem - ok

17:33:04.0540 4504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:33:04.0571 4504 hcw85cir - ok

17:33:04.0618 4504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:33:04.0649 4504 HDAudBus - ok

17:33:04.0696 4504 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:33:04.0711 4504 HECIx64 - ok

17:33:04.0727 4504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:33:04.0742 4504 HidBatt - ok

17:33:04.0774 4504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:33:04.0805 4504 HidBth - ok

17:33:04.0820 4504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:33:04.0867 4504 HidIr - ok

17:33:04.0898 4504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

17:33:04.0976 4504 hidserv - ok

17:33:05.0008 4504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

17:33:05.0039 4504 HidUsb - ok

17:33:05.0070 4504 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

17:33:05.0148 4504 hkmsvc - ok

17:33:05.0179 4504 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

17:33:05.0210 4504 HomeGroupListener - ok

17:33:05.0257 4504 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

17:33:05.0288 4504 HomeGroupProvider - ok

17:33:05.0335 4504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:33:05.0351 4504 HpSAMD - ok

17:33:05.0413 4504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:33:05.0507 4504 HTTP - ok

17:33:05.0522 4504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:33:05.0538 4504 hwpolicy - ok

17:33:05.0585 4504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:33:05.0600 4504 i8042prt - ok

17:33:05.0663 4504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:33:05.0710 4504 iaStorV - ok

17:33:05.0788 4504 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:33:05.0819 4504 idsvc - ok

17:33:05.0928 4504 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSvia64.sys

17:33:05.0975 4504 IDSVia64 - ok

17:33:06.0162 4504 igfx (0372c154226f7074cd150f475a4870a6) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:33:06.0412 4504 igfx - ok

17:33:06.0474 4504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:33:06.0505 4504 iirsp - ok

17:33:06.0552 4504 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

17:33:06.0630 4504 IKEEXT - ok

17:33:06.0661 4504 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys

17:33:06.0692 4504 Impcd - ok

17:33:06.0724 4504 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

17:33:06.0739 4504 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning

17:33:06.0739 4504 InstallFilterService - detected UnsignedFile.Multi.Generic (1)

17:33:06.0817 4504 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys

17:33:06.0895 4504 IntcAzAudAddService - ok

17:33:06.0942 4504 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:33:06.0973 4504 IntcDAud - ok

17:33:07.0004 4504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:33:07.0020 4504 intelide - ok

17:33:07.0051 4504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:33:07.0098 4504 intelppm - ok

17:33:07.0129 4504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

17:33:07.0192 4504 IPBusEnum - ok

17:33:07.0223 4504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:33:07.0301 4504 IpFilterDriver - ok

17:33:07.0332 4504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:33:07.0379 4504 IPMIDRV - ok

17:33:07.0410 4504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:33:07.0488 4504 IPNAT - ok

17:33:07.0582 4504 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

17:33:07.0628 4504 iPod Service - ok

17:33:07.0660 4504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:33:07.0691 4504 IRENUM - ok

17:33:07.0722 4504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:33:07.0738 4504 isapnp - ok

17:33:07.0769 4504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:33:07.0800 4504 iScsiPrt - ok

17:33:07.0831 4504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

17:33:07.0862 4504 kbdclass - ok

17:33:07.0878 4504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

17:33:07.0909 4504 kbdhid - ok

17:33:07.0940 4504 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:33:07.0972 4504 KeyIso - ok

17:33:07.0987 4504 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:33:08.0003 4504 KSecDD - ok

17:33:08.0034 4504 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:33:08.0050 4504 KSecPkg - ok

17:33:08.0081 4504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:33:08.0143 4504 ksthunk - ok

17:33:08.0190 4504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

17:33:08.0284 4504 KtmRm - ok

17:33:08.0330 4504 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

17:33:08.0393 4504 LanmanServer - ok

17:33:08.0424 4504 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

17:33:08.0486 4504 LanmanWorkstation - ok

17:33:08.0549 4504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:33:08.0642 4504 lltdio - ok

17:33:08.0720 4504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

17:33:08.0798 4504 lltdsvc - ok

17:33:08.0814 4504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

17:33:08.0861 4504 lmhosts - ok

17:33:08.0892 4504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:33:08.0923 4504 LSI_FC - ok

17:33:08.0939 4504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:33:08.0954 4504 LSI_SAS - ok

17:33:08.0970 4504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:33:08.0986 4504 LSI_SAS2 - ok

17:33:09.0017 4504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:33:09.0032 4504 LSI_SCSI - ok

17:33:09.0048 4504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:33:09.0110 4504 luafv - ok

17:33:09.0142 4504 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

17:33:09.0157 4504 Mcx2Svc - ok

17:33:09.0188 4504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:33:09.0188 4504 megasas - ok

17:33:09.0220 4504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:33:09.0235 4504 MegaSR - ok

17:33:09.0266 4504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:33:09.0329 4504 MMCSS - ok

17:33:09.0344 4504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:33:09.0407 4504 Modem - ok

17:33:09.0438 4504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:33:09.0469 4504 monitor - ok

17:33:09.0532 4504 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys

17:33:09.0563 4504 motmodem - ok

17:33:09.0578 4504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

17:33:09.0594 4504 mouclass - ok

17:33:09.0625 4504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:33:09.0656 4504 mouhid - ok

17:33:09.0688 4504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:33:09.0703 4504 mountmgr - ok

17:33:09.0734 4504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:33:09.0766 4504 mpio - ok

17:33:09.0797 4504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:33:09.0844 4504 mpsdrv - ok

17:33:09.0890 4504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:33:09.0922 4504 MRxDAV - ok

17:33:09.0953 4504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:33:10.0000 4504 mrxsmb - ok

17:33:10.0046 4504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:33:10.0078 4504 mrxsmb10 - ok

17:33:10.0109 4504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:33:10.0124 4504 mrxsmb20 - ok

17:33:10.0156 4504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:33:10.0187 4504 msahci - ok

17:33:10.0218 4504 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:33:10.0234 4504 msdsm - ok

17:33:10.0265 4504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

17:33:10.0312 4504 MSDTC - ok

17:33:10.0343 4504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:33:10.0421 4504 Msfs - ok

17:33:10.0452 4504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:33:10.0514 4504 mshidkmdf - ok

17:33:10.0546 4504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:33:10.0561 4504 msisadrv - ok

17:33:10.0592 4504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

17:33:10.0686 4504 MSiSCSI - ok

17:33:10.0686 4504 msiserver - ok

17:33:10.0717 4504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:33:10.0764 4504 MSKSSRV - ok

17:33:10.0795 4504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:33:10.0858 4504 MSPCLOCK - ok

17:33:10.0889 4504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:33:10.0967 4504 MSPQM - ok

17:33:10.0998 4504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:33:11.0014 4504 MsRPC - ok

17:33:11.0045 4504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:33:11.0060 4504 mssmbios - ok

17:33:11.0076 4504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:33:11.0138 4504 MSTEE - ok

17:33:11.0170 4504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:33:11.0201 4504 MTConfig - ok

17:33:11.0232 4504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:33:11.0263 4504 Mup - ok

17:33:11.0341 4504 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

17:33:11.0372 4504 MyWiFiDHCPDNS - ok

17:33:11.0404 4504 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

17:33:11.0497 4504 napagent - ok

17:33:11.0544 4504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:33:11.0591 4504 NativeWifiP - ok

17:33:11.0684 4504 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120411.019\ENG64.SYS

17:33:11.0700 4504 NAVENG - ok

17:33:11.0778 4504 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120411.019\EX64.SYS

17:33:11.0825 4504 NAVEX15 - ok

17:33:11.0918 4504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:33:11.0981 4504 NDIS - ok

17:33:12.0012 4504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:33:12.0074 4504 NdisCap - ok

17:33:12.0106 4504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:33:12.0152 4504 NdisTapi - ok

17:33:12.0199 4504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:33:12.0277 4504 Ndisuio - ok

17:33:12.0293 4504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:33:12.0355 4504 NdisWan - ok

17:33:12.0386 4504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:33:12.0449 4504 NDProxy - ok

17:33:12.0464 4504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:33:12.0542 4504 NetBIOS - ok

17:33:12.0574 4504 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:33:12.0652 4504 NetBT - ok

17:33:12.0683 4504 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:33:12.0698 4504 Netlogon - ok

17:33:12.0730 4504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

17:33:12.0808 4504 Netman - ok

17:33:12.0839 4504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

17:33:12.0917 4504 netprofm - ok

17:33:12.0979 4504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:33:12.0995 4504 NetTcpPortSharing - ok

17:33:13.0182 4504 NETw5s64 (981736527b6384bd594b45b2c852432f) C:\Windows\system32\DRIVERS\NETw5s64.sys

17:33:13.0369 4504 NETw5s64 - ok

17:33:13.0432 4504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:33:13.0447 4504 nfrd960 - ok

17:33:13.0510 4504 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

17:33:13.0541 4504 NIS - ok

17:33:13.0588 4504 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

17:33:13.0634 4504 NlaSvc - ok

17:33:13.0650 4504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:33:13.0697 4504 Npfs - ok

17:33:13.0790 4504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

17:33:13.0931 4504 nsi - ok

17:33:13.0962 4504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:33:14.0009 4504 nsiproxy - ok

17:33:14.0056 4504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:33:14.0134 4504 Ntfs - ok

17:33:14.0165 4504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:33:14.0212 4504 Null - ok

17:33:14.0258 4504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:33:14.0290 4504 nvraid - ok

17:33:14.0321 4504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:33:14.0352 4504 nvstor - ok

17:33:14.0383 4504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:33:14.0414 4504 nv_agp - ok

17:33:14.0446 4504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:33:14.0477 4504 ohci1394 - ok

17:33:14.0508 4504 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:33:14.0539 4504 ose - ok

17:33:14.0586 4504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:33:14.0617 4504 p2pimsvc - ok

17:33:14.0648 4504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

17:33:14.0664 4504 p2psvc - ok

17:33:14.0695 4504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:33:14.0726 4504 Parport - ok

17:33:14.0758 4504 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:33:14.0773 4504 partmgr - ok

17:33:14.0789 4504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

17:33:14.0836 4504 PcaSvc - ok

17:33:14.0867 4504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:33:14.0898 4504 pci - ok

17:33:14.0929 4504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:33:14.0945 4504 pciide - ok

17:33:14.0976 4504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:33:15.0007 4504 pcmcia - ok

17:33:15.0023 4504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:33:15.0054 4504 pcw - ok

17:33:15.0085 4504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:33:15.0148 4504 PEAUTH - ok

17:33:15.0194 4504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

17:33:15.0241 4504 PerfHost - ok

17:33:15.0304 4504 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

17:33:15.0397 4504 pla - ok

17:33:15.0444 4504 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

17:33:15.0491 4504 PlugPlay - ok

17:33:15.0522 4504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

17:33:15.0553 4504 PNRPAutoReg - ok

17:33:15.0569 4504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:33:15.0584 4504 PNRPsvc - ok

17:33:15.0631 4504 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

17:33:15.0725 4504 PolicyAgent - ok

17:33:15.0756 4504 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

17:33:15.0834 4504 Power - ok

17:33:15.0896 4504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:33:15.0959 4504 PptpMiniport - ok

17:33:16.0006 4504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:33:16.0037 4504 Processor - ok

17:33:16.0068 4504 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

17:33:16.0146 4504 ProfSvc - ok

17:33:16.0177 4504 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:33:16.0193 4504 ProtectedStorage - ok

17:33:16.0224 4504 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:33:16.0286 4504 Psched - ok

17:33:16.0318 4504 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:33:16.0333 4504 PxHlpa64 - ok

17:33:16.0380 4504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:33:16.0458 4504 ql2300 - ok

17:33:16.0474 4504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:33:16.0489 4504 ql40xx - ok

17:33:16.0520 4504 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

17:33:16.0552 4504 QWAVE - ok

17:33:16.0567 4504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:33:16.0614 4504 QWAVEdrv - ok

17:33:16.0645 4504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:33:16.0692 4504 RasAcd - ok

17:33:16.0723 4504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:33:16.0786 4504 RasAgileVpn - ok

17:33:16.0801 4504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

17:33:16.0895 4504 RasAuto - ok

17:33:16.0926 4504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:33:16.0973 4504 Rasl2tp - ok

17:33:17.0004 4504 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

17:33:17.0066 4504 RasMan - ok

17:33:17.0082 4504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:33:17.0129 4504 RasPppoe - ok

17:33:17.0160 4504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:33:17.0207 4504 RasSstp - ok

17:33:17.0238 4504 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:33:17.0300 4504 rdbss - ok

17:33:17.0316 4504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:33:17.0347 4504 rdpbus - ok

17:33:17.0363 4504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:33:17.0441 4504 RDPCDD - ok

17:33:17.0456 4504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:33:17.0534 4504 RDPENCDD - ok

17:33:17.0566 4504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:33:17.0628 4504 RDPREFMP - ok

17:33:17.0659 4504 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

17:33:17.0690 4504 RDPWD - ok

17:33:17.0737 4504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:33:17.0768 4504 rdyboost - ok

17:33:17.0846 4504 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

17:33:17.0893 4504 RegSrvc - ok

17:33:17.0940 4504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

17:33:18.0034 4504 RemoteAccess - ok

17:33:18.0080 4504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

17:33:18.0143 4504 RemoteRegistry - ok

17:33:18.0205 4504 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:33:18.0236 4504 RFCOMM - ok

17:33:18.0268 4504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

17:33:18.0346 4504 RpcEptMapper - ok

17:33:18.0361 4504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

17:33:18.0392 4504 RpcLocator - ok

17:33:18.0455 4504 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:33:18.0502 4504 RpcSs - ok

17:33:18.0533 4504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:33:18.0673 4504 rspndr - ok

17:33:18.0704 4504 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys

17:33:18.0751 4504 RSUSBSTOR - ok

17:33:18.0798 4504 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:33:18.0845 4504 RTL8167 - ok

17:33:18.0860 4504 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:33:18.0892 4504 SamSs - ok

17:33:18.0923 4504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:33:18.0970 4504 sbp2port - ok

17:33:18.0985 4504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

17:33:19.0063 4504 SCardSvr - ok

17:33:19.0094 4504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:33:19.0172 4504 scfilter - ok

17:33:19.0235 4504 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

17:33:19.0328 4504 Schedule - ok

17:33:19.0360 4504 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:33:19.0406 4504 SCPolicySvc - ok

17:33:19.0422 4504 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

17:33:19.0469 4504 SDRSVC - ok

17:33:19.0516 4504 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

17:33:19.0547 4504 SeaPort - ok

17:33:19.0594 4504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:33:19.0672 4504 secdrv - ok

17:33:19.0703 4504 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

17:33:19.0765 4504 seclogon - ok

17:33:19.0796 4504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

17:33:19.0874 4504 SENS - ok

17:33:19.0890 4504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

17:33:19.0906 4504 SensrSvc - ok

17:33:19.0937 4504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:33:19.0968 4504 Serenum - ok

17:33:19.0984 4504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:33:20.0030 4504 Serial - ok

17:33:20.0077 4504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:33:20.0108 4504 sermouse - ok

17:33:20.0155 4504 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

17:33:20.0233 4504 SessionEnv - ok

17:33:20.0264 4504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:33:20.0280 4504 sffdisk - ok

17:33:20.0311 4504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:33:20.0327 4504 sffp_mmc - ok

17:33:20.0358 4504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:33:20.0389 4504 sffp_sd - ok

17:33:20.0420 4504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:33:20.0452 4504 sfloppy - ok

17:33:20.0498 4504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

17:33:20.0576 4504 SharedAccess - ok

17:33:20.0623 4504 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

17:33:20.0701 4504 ShellHWDetection - ok

17:33:20.0732 4504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:33:20.0748 4504 SiSRaid2 - ok

17:33:20.0764 4504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:33:20.0779 4504 SiSRaid4 - ok

17:33:20.0810 4504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:33:20.0873 4504 Smb - ok

17:33:20.0904 4504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

17:33:20.0935 4504 SNMPTRAP - ok

17:33:21.0076 4504 SophosVirusRemovalTool (c2471399f95fef9941480f98ea7bc126) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe

17:33:21.0091 4504 SophosVirusRemovalTool - ok

17:33:21.0138 4504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:33:21.0154 4504 spldr - ok

17:33:21.0201 4504 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

17:33:21.0263 4504 Spooler - ok

17:33:21.0372 4504 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

17:33:21.0513 4504 sppsvc - ok

17:33:21.0544 4504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

17:33:21.0591 4504 sppuinotify - ok

17:33:21.0637 4504 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe

17:33:21.0669 4504 sprtsvc_DellComms - ok

17:33:21.0778 4504 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS

17:33:21.0809 4504 SRTSP - ok

17:33:21.0825 4504 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS

17:33:21.0840 4504 SRTSPX - ok

17:33:21.0887 4504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:33:21.0949 4504 srv - ok

17:33:21.0981 4504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:33:22.0012 4504 srv2 - ok

17:33:22.0043 4504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:33:22.0074 4504 srvnet - ok

17:33:22.0121 4504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

17:33:22.0199 4504 SSDPSRV - ok

17:33:22.0215 4504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

17:33:22.0277 4504 SstpSvc - ok

17:33:22.0324 4504 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys

17:33:22.0339 4504 stdflt - ok

17:33:22.0355 4504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:33:22.0371 4504 stexstor - ok

17:33:22.0417 4504 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

17:33:22.0495 4504 stisvc - ok

17:33:22.0527 4504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:33:22.0558 4504 swenum - ok

17:33:22.0589 4504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

17:33:22.0667 4504 swprv - ok

17:33:22.0761 4504 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS

17:33:22.0792 4504 SymDS - ok

17:33:22.0854 4504 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS

17:33:22.0917 4504 SymEFA - ok

17:33:22.0963 4504 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

17:33:22.0995 4504 SymEvent - ok

17:33:23.0026 4504 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS

17:33:23.0041 4504 SymIRON - ok

17:33:23.0073 4504 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS

17:33:23.0104 4504 SymNetS - ok

17:33:23.0151 4504 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys

17:33:23.0182 4504 SynTP - ok

17:33:23.0244 4504 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

17:33:23.0322 4504 SysMain - ok

17:33:23.0353 4504 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

17:33:23.0385 4504 TabletInputService - ok

17:33:23.0416 4504 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

17:33:23.0463 4504 TapiSrv - ok

17:33:23.0494 4504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

17:33:23.0556 4504 TBS - ok

17:33:23.0634 4504 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:33:23.0712 4504 Tcpip - ok

17:33:23.0790 4504 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:33:23.0837 4504 TCPIP6 - ok

17:33:23.0868 4504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:33:23.0946 4504 tcpipreg - ok

17:33:23.0977 4504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:33:24.0009 4504 TDPIPE - ok

17:33:24.0040 4504 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

17:33:24.0071 4504 TDTCP - ok

17:33:24.0102 4504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:33:24.0165 4504 tdx - ok

17:33:24.0196 4504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:33:24.0211 4504 TermDD - ok

17:33:24.0258 4504 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

17:33:24.0336 4504 TermService - ok

17:33:24.0367 4504 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

17:33:24.0414 4504 Themes - ok

17:33:24.0445 4504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:33:24.0492 4504 THREADORDER - ok

17:33:24.0508 4504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

17:33:24.0601 4504 TrkWks - ok

17:33:24.0633 4504 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

17:33:24.0711 4504 TrustedInstaller - ok

17:33:24.0742 4504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:33:24.0804 4504 tssecsrv - ok

17:33:24.0851 4504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:33:24.0882 4504 TsUsbFlt - ok

17:33:24.0913 4504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:33:24.0991 4504 tunnel - ok

17:33:25.0023 4504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:33:25.0038 4504 uagp35 - ok

17:33:25.0085 4504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:33:25.0163 4504 udfs - ok

17:33:25.0210 4504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

17:33:25.0225 4504 UI0Detect - ok

17:33:25.0257 4504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:33:25.0288 4504 uliagpkx - ok

17:33:25.0319 4504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

17:33:25.0350 4504 umbus - ok

17:33:25.0381 4504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:33:25.0413 4504 UmPass - ok

17:33:25.0444 4504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

17:33:25.0537 4504 upnphost - ok

17:33:25.0600 4504 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:33:25.0615 4504 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

17:33:25.0615 4504 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

17:33:25.0647 4504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

17:33:25.0662 4504 usbccgp - ok

17:33:25.0709 4504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:33:25.0740 4504 usbcir - ok

17:33:25.0756 4504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

17:33:25.0787 4504 usbehci - ok

17:33:25.0818 4504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:33:25.0849 4504 usbhub - ok

17:33:25.0881 4504 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:33:25.0912 4504 usbohci - ok

17:33:25.0959 4504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:33:25.0990 4504 usbprint - ok

17:33:26.0037 4504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:33:26.0083 4504 usbscan - ok

17:33:26.0099 4504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:33:26.0146 4504 USBSTOR - ok

17:33:26.0161 4504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:33:26.0208 4504 usbuhci - ok

17:33:26.0255 4504 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

17:33:26.0286 4504 usbvideo - ok

17:33:26.0317 4504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

17:33:26.0395 4504 UxSms - ok

17:33:26.0427 4504 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:33:26.0442 4504 VaultSvc - ok

17:33:26.0458 4504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:33:26.0489 4504 vdrvroot - ok

17:33:26.0520 4504 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

17:33:26.0598 4504 vds - ok

17:33:26.0629 4504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:33:26.0661 4504 vga - ok

17:33:26.0692 4504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:33:26.0770 4504 VgaSave - ok

17:33:26.0801 4504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:33:26.0832 4504 vhdmp - ok

17:33:26.0863 4504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:33:26.0879 4504 viaide - ok

17:33:26.0910 4504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:33:26.0926 4504 volmgr - ok

17:33:26.0957 4504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:33:27.0004 4504 volmgrx - ok

17:33:27.0019 4504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:33:27.0051 4504 volsnap - ok

17:33:27.0097 4504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:33:27.0113 4504 vsmraid - ok

17:33:27.0175 4504 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

17:33:27.0285 4504 VSS - ok

17:33:27.0316 4504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:33:27.0347 4504 vwifibus - ok

17:33:27.0378 4504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:33:27.0425 4504 vwififlt - ok

17:33:27.0472 4504 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:33:27.0503 4504 vwifimp - ok

17:33:27.0550 4504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

17:33:27.0628 4504 W32Time - ok

17:33:27.0643 4504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:33:27.0675 4504 WacomPen - ok

17:33:27.0706 4504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:33:27.0768 4504 WANARP - ok

17:33:27.0784 4504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:33:27.0815 4504 Wanarpv6 - ok

17:33:27.0877 4504 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

17:33:27.0940 4504 WatAdminSvc - ok

17:33:27.0987 4504 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

17:33:28.0065 4504 wbengine - ok

17:33:28.0096 4504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

17:33:28.0127 4504 WbioSrvc - ok

17:33:28.0174 4504 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

17:33:28.0221 4504 wcncsvc - ok

17:33:28.0252 4504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

17:33:28.0267 4504 WcsPlugInService - ok

17:33:28.0299 4504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:33:28.0314 4504 Wd - ok

17:33:28.0377 4504 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

17:33:28.0392 4504 WDC_SAM - ok

17:33:28.0423 4504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:33:28.0470 4504 Wdf01000 - ok

17:33:28.0486 4504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:33:28.0517 4504 WdiServiceHost - ok

17:33:28.0533 4504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:33:28.0548 4504 WdiSystemHost - ok

17:33:28.0595 4504 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\Windows\system32\DRIVERS\WDKMD.sys

17:33:28.0611 4504 wdkmd - ok

17:33:28.0673 4504 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

17:33:28.0720 4504 WebClient - ok

17:33:28.0735 4504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

17:33:28.0813 4504 Wecsvc - ok

17:33:28.0845 4504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

17:33:28.0907 4504 wercplsupport - ok

17:33:28.0938 4504 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

17:33:28.0985 4504 WerSvc - ok

17:33:29.0032 4504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:33:29.0079 4504 WfpLwf - ok

17:33:29.0094 4504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:33:29.0110 4504 WIMMount - ok

17:33:29.0125 4504 WinHttpAutoProxySvc - ok

17:33:29.0172 4504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

17:33:29.0235 4504 Winmgmt - ok

17:33:29.0297 4504 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

17:33:29.0406 4504 WinRM - ok

17:33:29.0469 4504 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:33:29.0515 4504 WinUsb - ok

17:33:29.0562 4504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

17:33:29.0671 4504 Wlansvc - ok

17:33:29.0765 4504 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:33:29.0859 4504 wlidsvc - ok

17:33:29.0905 4504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:33:29.0937 4504 WmiAcpi - ok

17:33:29.0983 4504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

17:33:30.0030 4504 wmiApSrv - ok

17:33:30.0046 4504 WMPNetworkSvc - ok

17:33:30.0061 4504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

17:33:30.0077 4504 WPCSvc - ok

17:33:30.0108 4504 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

17:33:30.0139 4504 WPDBusEnum - ok

17:33:30.0171 4504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:33:30.0202 4504 ws2ifsl - ok

17:33:30.0249 4504 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

17:33:30.0280 4504 WSDPrintDevice - ok

17:33:30.0327 4504 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

17:33:30.0358 4504 WSDScan - ok

17:33:30.0358 4504 WSearch - ok

17:33:30.0436 4504 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

17:33:30.0545 4504 wuauserv - ok

17:33:30.0623 4504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:33:30.0685 4504 WudfPf - ok

17:33:30.0701 4504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:33:30.0748 4504 WUDFRd - ok

17:33:30.0779 4504 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

17:33:30.0841 4504 wudfsvc - ok

17:33:30.0888 4504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

17:33:30.0919 4504 WwanSvc - ok

17:33:30.0966 4504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:33:31.0153 4504 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:33:31.0153 4504 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:33:31.0169 4504 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1

17:33:31.0294 4504 \Device\Harddisk1\DR1 - ok

17:33:31.0309 4504 Boot (0x1200) (83fcba3d1c8956b2d773b41909242ec1) \Device\Harddisk0\DR0\Partition0

17:33:31.0309 4504 \Device\Harddisk0\DR0\Partition0 - ok

17:33:31.0341 4504 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1

17:33:31.0341 4504 \Device\Harddisk0\DR0\Partition1 - ok

17:33:31.0356 4504 Boot (0x1200) (657164162664d93ccd3c7294cfd8f09a) \Device\Harddisk0\DR0\Partition2

17:33:31.0372 4504 \Device\Harddisk0\DR0\Partition2 - ok

17:33:31.0372 4504 Boot (0x1200) (bd930969848e9e7b36a0003cdbac1fc7) \Device\Harddisk1\DR1\Partition0

17:33:31.0372 4504 \Device\Harddisk1\DR1\Partition0 - ok

17:33:31.0372 4504 ============================================================

17:33:31.0372 4504 Scan finished

17:33:31.0372 4504 ============================================================

17:33:31.0387 4460 Detected object count: 4

17:33:31.0387 4460 Actual detected object count: 4

17:37:11.0566 4460 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

17:37:11.0566 4460 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:37:11.0566 4460 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user

17:37:11.0566 4460 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:37:11.0566 4460 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

17:37:11.0566 4460 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:37:11.0566 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:37:11.0566 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:37:28.0461 0368 Deinitialize success

-------------

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.11.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

NICOLE :: NICOLE-PC [administrator]

4/11/2012 5:41:06 PM

mbam-log-2012-04-11 (17-41-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 261026

Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-----------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by NICOLE at 18:26:01 on 2012-04-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1822 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Mikogo] "C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" -asp

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\Users\NICOLE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

uPolicies-explorer: DisallowRun = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\43241354 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\C696E6B6379737 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{71481F14-188C-4518-A592-59D41A4B254D} : DhcpNameServer = 192.168.1.254

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

IFEO: image file execution options -

BHO-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File

BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms

mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IFEO-X64: image file execution options -

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\NICOLE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSviA64.sys [2012-4-11 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-4 92160]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-17 155648]

R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-2-27 60928]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-4-9 138232]

R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-4 206064]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-3 138360]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253600]

S3 B-Service;B-Service;C:\Users\NICOLE\Downloads\B-Service.exe --> C:\Users\NICOLE\Downloads\B-Service.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-3-30 151064]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-04-11 08:37:59 -------- d-----w- C:\Windows\Standalone System Sweeper

2012-04-11 08:34:21 -------- d-----w- C:\ProgramData\Sophos

2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-04-11 08:33:57 -------- d-----w- C:\Program Files (x86)\Sophos

2012-04-11 08:24:12 16200 ----a-w- C:\Windows\stinger.sys

2012-04-11 04:22:42 -------- d-----w- C:\Windows\rescache

2012-04-11 03:20:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-11 03:20:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-11 01:07:29 -------- d-----w- C:\Program Files\iPod

2012-04-11 01:07:28 -------- d-----w- C:\Program Files\iTunes

2012-04-11 01:07:28 -------- d-----w- C:\Program Files (x86)\iTunes

2012-04-11 00:26:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-11 00:26:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-10 23:37:55 -------- d-----w- C:\Windows\System32\SPReview

2012-04-10 23:36:57 -------- d-----w- C:\Windows\System32\EventProviders

2012-04-10 23:36:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-10 23:36:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-10 23:36:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-10 23:33:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-10 23:33:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-10 23:33:04 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-10 23:33:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-10 23:33:04 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-10 23:33:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-10 23:33:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-10 23:14:04 -------- d-----w- C:\Program Files (x86)\stinger

2012-04-10 21:46:58 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Malwarebytes

2012-04-10 21:46:53 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-10 21:46:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-10 21:46:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-10 21:12:19 -------- d-----w- C:\Program Files\CCleaner

2012-04-10 08:59:38 -------- d-----w- C:\NBRT

2012-04-10 05:04:22 -------- d-----w- C:\NPE

2012-04-10 02:01:05 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 01:45:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-09 10:17:46 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-09 09:50:12 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys

2012-04-09 09:50:12 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys

2012-04-09 09:50:11 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys

2012-04-09 09:50:11 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys

2012-04-09 09:50:10 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys

2012-04-09 09:50:10 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys

2012-04-09 09:50:10 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys

2012-04-09 09:49:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A

2012-04-07 20:46:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-04-03 05:38:31 -------- d-sh--w- C:\Users\NICOLE\AppData\Local\c98ae578

2012-04-03 05:37:35 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Directory

2012-03-29 16:59:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd

2012-03-29 16:58:42 -------- d-----we C:\Windows\system64

2012-03-29 01:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll

2012-03-17 23:58:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 23:58:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 12:43:53 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 12:43:49 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 12:43:49 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 12:43:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 12:43:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 12:43:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 12:43:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 12:43:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

.

==================== Find3M ====================

.

2012-04-11 00:00:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-04-11 00:00:20 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-04-10 02:01:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-09 09:50:32 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-30 18:36:25 704504 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP

.

============= FINISH: 18:27:25.63 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/9/2010 3:37:50 PM

System Uptime: 4/11/2012 4:01:03 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0R225F

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | U2E1 | 1178/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 59 GiB total, 23.102 GiB free.

D: is FIXED (NTFS) - 397 GiB total, 396.851 GiB free.

E: is CDROM (UDF)

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Accelerometer

Adobe Reader 9.5.0

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Banctec Service Agreement

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MG5200 series User Registration

Canon MP Navigator EX 4.0

Canon My Printer

Compatibility Pack for the 2007 Office system

Complete Care Business Service Agreement

Complete Care Consumer Service Agreement

Consumer In-Home Service Agreement

Cozi

Dell Communications (Support Software)

Dell DataSafe Online

Dell Driver Download Manager

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell Webcam Central

Driver Medic

Google Chrome

Google Update Helper

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Junk Mail filter update

Lexmark Printable Web

Lexmark Toolbar

Lexmark Tools for Office

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office 2003 Web Components

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft Office XP Web Components

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 11.0 (x86 en-US)

MSN Toolbar

MSN Toolbar Platform

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Norton Internet Security

PDFCreator

QualXServ Service Agreement

QuickTime

Realtek High Definition Audio Driver

Roxio Burn

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Sophos Virus Removal Tool

Spybot - Search & Destroy

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 6:44:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/9/2012 2:48:54 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.

4/11/2012 9:58:58 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

4/11/2012 9:58:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/11/2012 9:58:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/11/2012 9:58:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/11/2012 9:58:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/11/2012 9:58:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

4/11/2012 9:58:38 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 9:46:15 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 9:46:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/11/2012 9:46:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/11/2012 9:45:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2012 6:15:44 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

4/11/2012 3:39:42 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

4/11/2012 3:35:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

4/11/2012 3:35:35 PM, Error: Service Control Manager [7023] - The Drvnddm service terminated with the following error: The system cannot find the file specified.

4/11/2012 3:14:42 AM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.

4/11/2012 2:48:39 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

4/11/2012 1:37:18 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

4/11/2012 1:36:36 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259

4/11/2012 1:24:25 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 7:44:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

4/10/2012 7:28:52 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

4/10/2012 6:05:21 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422).

4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656372).

4/10/2012 5:20:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

4/10/2012 5:12:52 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Help/Operational.

4/10/2012 12:10:05 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The system cannot find the file specified.

.

==== End Of File ===========================

--------------------------------------------------------------------------------

Standalone System Sweeper Log, © 2006

Started On Wed Apr 11 2012 00:38:50

************************************************************

Product Version: 2.0.213.0

Engine Version: 1.1.2803.0

AS Signature Version: 1.0.0.0

AV Signature Version: 1.0.0.0

************************************************************

Signature updated on Wed Apr 11 2012 00:39:05

Product Version: 2.0.213.0

Engine Version: 1.1.7801.0

AS Signature Version: 1.115.1207.0

AV Signature Version: 1.115.1207.0

************************************************************

Signature updated on Wed Apr 11 2012 00:40:00

Product Version: 2.0.213.0

Engine Version: 1.1.8202.0

AS Signature Version: 1.123.1500.0

AV Signature Version: 1.123.1500.0

************************************************************

Standalone System Sweeper Log, © 2006

Stopped On Wed Apr 11 2012 01:11:24 (Exit Code = 0x0)

************************************************************

--------------------------------------------------------------------------------

Standalone System Sweeper Log, © 2006

Started On Wed Apr 11 2012 11:45:12

************************************************************

Product Version: 2.0.213.0

Engine Version: 1.1.2803.0

AS Signature Version: 1.0.0.0

AV Signature Version: 1.0.0.0

************************************************************

Signature updated on Wed Apr 11 2012 11:45:20

Product Version: 2.0.213.0

Engine Version: 1.1.7801.0

AS Signature Version: 1.115.1207.0

AV Signature Version: 1.115.1207.0

************************************************************

Signature updated on Wed Apr 11 2012 11:46:44

Product Version: 2.0.213.0

Engine Version: 1.1.8202.0

AS Signature Version: 1.123.1537.0

AV Signature Version: 1.123.1537.0

************************************************************

Begin Full Scan

Scan ID:{90EDB7DF-D543-4B0F-A77C-3C338EC2BE5D}

Scan Source:1

Start Time:Wed Apr 11 2012 11:49:11

End Time:Wed Apr 11 2012 13:14:43

Result Count:2

Threat Name:Trojan:DOS/Alureon.I

ID:2147655494

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta

Extended Info:36576288090949

Resource Schema:file

Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta

Extended Info:36576288090949

Threat Name:Exploit:Java/CVE-2012-0507.D!ldr

ID:6442622705

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class

Extended Info:304287121147483

Resource Schema:containerfile

Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78

Extended Info:0

End Scan

************************************************************

Begin Resource Scan

Scan ID:{37F36575-3E30-4C2E-8385-B2E0FA55D3BA}

Scan Source:1

Start Time:Wed Apr 11 2012 13:30:03

End Time:Wed Apr 11 2012 13:30:10

Explicit resource to scan

Resource Schema:file

Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta

Explicit resource to scan

Resource Schema:file

Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta

Explicit resource to scan

Resource Schema:containerfile

Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78

Explicit resource to scan

Resource Schema:file

Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class

Result Count:2

Threat Name:Trojan:DOS/Alureon.I

ID:2147655494

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta

Extended Info:36576288090949

Resource Schema:file

Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta

Extended Info:36576288090949

Threat Name:Exploit:Java/CVE-2012-0507.D!ldr

ID:6442622705

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class

Extended Info:304287121147483

Resource Schema:containerfile

Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:Wed Apr 11 2012 13:30:11

Threat Name:Trojan:DOS/Alureon.I

Threat ID:2147655494

Action:remove

Threat Name:Exploit:Java/CVE-2012-0507.D!ldr

Threat ID:6442622705

Action:remove

File to act on SHA1:CD86F7522C990C2526E6E1D6E46BBACAC3AF7ED8

File cleaned/removed successfully

File Name:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class

Resource action complete:Removal

Schema:file

Path:\\?\E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class

Threat ID:6442622705

Resource refcount:1

Result:0

File to act on SHA1:053DE04868B1950D9F44DE9C5AA7D0DD0516D3FB

File cleaned/removed successfully

File Name:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta

Resource action complete:Removal

Schema:file

Path:\\?\E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta

Threat ID:2147655494

Resource refcount:1

Result:0

File to act on SHA1:1DC045873007885836AB8176ED51B2838A627326

File cleaned/removed successfully

File Name:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta

Resource action complete:Removal

Schema:file

Path:\\?\E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta

Threat ID:2147655494

Resource refcount:1

Result:0

Finished threat ID:6442622705

Threat result:0

Threat status flags:0

Finished threat ID:2147655494

Threat result:0

Threat status flags:4

Finished threat actions

End time:Wed Apr 11 2012 13:30:12

Result:0

Standalone System Sweeper Log, © 2006

Stopped On Wed Apr 11 2012 13:30:30 (Exit Code = 0x0)

************************************************************

Share this post


Link to post
Share on other sites

Please re-run TDSSKiller and use Delete option for this one:

17:37:11.0566 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Next:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Ran TDSSKiller and removed the TDSS file system. When TDSSKiller removed that, Norton AV then grabbed the malware from TDSS's quarantine. Such a great help Norton is.

ComboFix log is below.

Things I noticed during the ComboFix run:

- No prompt for recovery console install, though I don't recall ever having installed it.

- Clock format did not change, though CF doc says it will.

- Network connection never disabled (no messages saying it was, at least)

- CF restarted the computer, though this is not mentioned in the doc.

Since CF finished, Notepad, MS Paint and Explorer are having problems. The following error message displays if I try to use them: "Illegal operation attempted on a registery key that has been marked for deletion." Notepad is attempting to load from C:\Windows\SysWOW64\notepad.exe instead of C:\Windows\System32 (its location on my non-infected Win7 computer). Explorer opens if I click Windows Explorer icon on Taskbar (bottom of screen), but not when I right-click on same icon and choose "Windows Explorer" to open a second Explorer window. It also opens if I use Winkey+E. MS Paint seems to be loading from proper location (C:\Windows\System32\mspaint.exe) but still gives "Illegal operation" error.

Oh no! I set Norton to automatically re-activate after a restart. When ComboFix rebooted the computer Norton apparently prevented some portion of ComboFix (C:\combofix\pev.exe and pev.3xe) from running . Should I set Norton to "Permanently" disabled and then rerun ComboFix?

What a mess. I apologize for my mucking things up. :(

-------------

ComboFix 12-04-12.03 - NICOLE 04/12/2012 12:28:29.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2183 [GMT -7:00]

Running from: c:\users\NICOLE\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\NICOLE\AppData\Local\c98ae578\U

c:\users\NICOLE\AppData\Local\c98ae578\U\000000cb.@

c:\users\NICOLE\AppData\Roaming\Directory

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\eb.exe

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\eb.sys

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\energy.sys

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\exec.exe

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\sld.dll

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\std.dll

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

c:\users\NICOLE\Documents\~WRL1004.tmp

c:\users\NICOLE\Documents\~WRL1062.tmp

c:\users\NICOLE\Documents\~WRL1394.tmp

c:\users\NICOLE\Documents\~WRL1450.tmp

c:\users\NICOLE\Documents\~WRL1786.tmp

c:\users\NICOLE\Documents\~WRL1874.tmp

c:\users\NICOLE\Documents\~WRL2341.tmp

c:\users\NICOLE\Documents\~WRL2423.tmp

c:\users\NICOLE\Documents\~WRL2468.tmp

c:\users\NICOLE\Documents\~WRL2563.tmp

c:\users\NICOLE\Documents\~WRL2646.tmp

c:\users\NICOLE\Documents\~WRL3693.tmp

c:\users\NICOLE\Documents\~WRL3813.tmp

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\drivers\etc\host_new

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-12 19:36 . 2012-04-12 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-11 22:56 . 2012-04-11 22:56 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Canon

2012-04-11 08:37 . 2012-04-11 08:38 -------- d-----w- c:\windows\Standalone System Sweeper

2012-04-11 08:34 . 2012-04-11 08:34 -------- d-----w- c:\programdata\Sophos

2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-04-11 08:33 . 2012-04-11 08:33 -------- d-----w- c:\program files (x86)\Sophos

2012-04-11 08:24 . 2012-04-11 08:24 16200 ----a-w- c:\windows\stinger.sys

2012-04-11 04:22 . 2012-04-11 04:23 -------- d-----w- c:\windows\rescache

2012-04-11 03:20 . 2012-04-11 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-11 03:20 . 2012-04-11 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iPod

2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iTunes

2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files (x86)\iTunes

2012-04-11 00:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-11 00:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-10 23:37 . 2012-04-10 23:37 -------- d-----w- c:\windows\system32\SPReview

2012-04-10 23:36 . 2012-04-10 23:36 -------- d-----w- c:\windows\system32\EventProviders

2012-04-10 23:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-10 23:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-10 23:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-10 23:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-10 23:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-10 23:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-10 23:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-10 23:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-10 23:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-10 23:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 23:14 . 2012-04-11 08:32 -------- d-----w- c:\program files (x86)\stinger

2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Malwarebytes

2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\programdata\Malwarebytes

2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-10 21:46 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-10 21:12 . 2012-04-10 21:12 -------- d-----w- c:\program files\CCleaner

2012-04-10 08:59 . 2012-04-10 11:39 -------- d-----w- C:\NBRT

2012-04-10 05:04 . 2012-04-10 05:04 -------- d-----w- C:\NPE

2012-04-10 02:01 . 2012-04-10 02:01 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 01:45 . 2012-04-10 02:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-10 01:45 . 2012-04-10 01:45 -------- d-----w- c:\windows\system32\Macromed

2012-04-09 10:17 . 2012-04-12 18:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-09 09:49 . 2012-04-12 01:48 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A

2012-04-07 20:46 . 2012-04-09 02:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-04-03 05:38 . 2012-04-12 19:35 -------- d-sh--w- c:\users\NICOLE\AppData\Local\c98ae578

2012-03-30 04:00 . 2012-04-03 08:00 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing

2012-03-29 16:58 . 2012-03-29 16:58 -------- d-----we c:\windows\system64

2012-03-29 01:55 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll

2012-03-17 23:58 . 2012-03-17 23:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 23:58 . 2012-03-17 23:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 12:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:43 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:43 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:43 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-11 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-04-11 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-04-10 02:01 . 2012-01-18 01:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-09 09:50 . 2011-03-28 07:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-02-23 16:18 . 2011-01-09 03:32 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 18:36 . 2012-01-30 18:36 704504 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mikogo"="c:\users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2011-09-17 5420408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-04 206064]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

.

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]

R3 B-Service;B-Service;c:\users\NICOLE\Downloads\B-Service.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-03-31 151064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSvia64.sys [2012-04-03 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-05 92160]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]

S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-04 206064]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-04 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:01]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41]

.

2012-04-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]

.

2012-04-12 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-05 8123936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-03 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-03 390168]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-03 408600]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-30 3169872]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

rp_fws

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,

25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,

14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4

"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,

71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,

33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,

d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,

e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04

"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,

25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:98,59,9b,a8,1a,10,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ ”1*]

"DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"\04\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦$*]

"DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"F\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦5*]

@="c:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\System.ServiceModel.Discovery.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2012-04-12 12:51:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-12 19:51

.

Pre-Run: 24,203,726,848 bytes free

Post-Run: 24,129,953,792 bytes free

.

- - End Of File - - F603EAF34ACE626DEDAFCE72F859383F

Share this post


Link to post
Share on other sites
Things I noticed during the ComboFix run:

- No prompt for recovery console install, though I don't recall ever having installed it.

- Clock format did not change, though CF doc says it will.

- Network connection never disabled (no messages saying it was, at least)

- CF restarted the computer, though this is not mentioned in the doc.

Everything is fine, don't worry. :)

Since CF finished, Notepad, MS Paint and Explorer are having problems. The following error message displays if I try to use them: "Illegal operation attempted on a registery key that has been marked for deletion." Notepad is attempting to load from C:\Windows\SysWOW64\notepad.exe instead of C:\Windows\System32 (its location on my non-infected Win7 computer). Explorer opens if I click Windows Explorer icon on Taskbar (bottom of screen), but not when I right-click on same icon and choose "Windows Explorer" to open a second Explorer window. It also opens if I use Winkey+E. MS Paint seems to be loading from proper location (C:\Windows\System32\mspaint.exe) but still gives "Illegal operation" error.

Reboot your PC and everything will be back to normal.

Oh no! I set Norton to automatically re-activate after a restart. When ComboFix rebooted the computer Norton apparently prevented some portion of ComboFix (C:\combofix\pev.exe and pev.3xe) from running . Should I set Norton to "Permanently" disabled and then rerun ComboFix?

It is okay, it is not a big deal.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

NetSvc::
rp_fws

Folder::
c:\users\NICOLE\AppData\Local\c98ae578

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Restarting again fixed the error messages, but Notepad is still loading from C:\Windows\SysWOW64\notepad.exe.

Share this post


Link to post
Share on other sites

What is the problem? It is still working, right?

Share this post


Link to post
Share on other sites

Yes, notepad is still working. I just think it's strange that the 32-bit version of notepad.exe (C:\Windows\SysWOW64\) is being loaded, instead of the 64-bit version at C:\Windows\System32.

Running ComboFix with the script now.

Share this post


Link to post
Share on other sites

ComboFix 12-04-12.03 - NICOLE 04/12/2012 13:51:29.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2061 [GMT -7:00]

Running from: c:\users\NICOLE\Desktop\ComboFix.exe

Command switches used :: c:\users\NICOLE\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\NICOLE\AppData\Local\c98ae578

c:\users\NICOLE\AppData\Local\c98ae578\@

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-12 20:59 . 2012-04-12 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-12 20:56 . 2012-04-12 20:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\offreg.dll

2012-04-11 22:56 . 2012-04-11 22:56 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Canon

2012-04-11 08:37 . 2012-04-11 08:38 -------- d-----w- c:\windows\Standalone System Sweeper

2012-04-11 08:34 . 2012-04-11 08:34 -------- d-----w- c:\programdata\Sophos

2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-04-11 08:33 . 2012-04-11 08:33 -------- d-----w- c:\program files (x86)\Sophos

2012-04-11 08:24 . 2012-04-11 08:24 16200 ----a-w- c:\windows\stinger.sys

2012-04-11 04:22 . 2012-04-11 04:23 -------- d-----w- c:\windows\rescache

2012-04-11 03:20 . 2012-04-11 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-11 03:20 . 2012-04-11 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iPod

2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iTunes

2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files (x86)\iTunes

2012-04-11 00:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-11 00:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-10 23:37 . 2012-04-10 23:37 -------- d-----w- c:\windows\system32\SPReview

2012-04-10 23:36 . 2012-04-10 23:36 -------- d-----w- c:\windows\system32\EventProviders

2012-04-10 23:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-10 23:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-10 23:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-10 23:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-10 23:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-10 23:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-10 23:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-10 23:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-10 23:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-10 23:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 23:14 . 2012-04-11 08:32 -------- d-----w- c:\program files (x86)\stinger

2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Malwarebytes

2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\programdata\Malwarebytes

2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-10 21:46 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-10 21:12 . 2012-04-10 21:12 -------- d-----w- c:\program files\CCleaner

2012-04-10 08:59 . 2012-04-10 11:39 -------- d-----w- C:\NBRT

2012-04-10 05:04 . 2012-04-10 05:04 -------- d-----w- C:\NPE

2012-04-10 02:01 . 2012-04-10 02:01 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 01:45 . 2012-04-10 02:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-10 01:45 . 2012-04-10 01:45 -------- d-----w- c:\windows\system32\Macromed

2012-04-09 10:17 . 2012-04-12 18:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-09 09:49 . 2012-04-12 01:48 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A

2012-04-07 20:46 . 2012-04-09 02:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-03-30 04:00 . 2012-04-03 08:00 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing

2012-03-29 16:58 . 2012-03-29 16:58 -------- d-----we c:\windows\system64

2012-03-29 01:55 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll

2012-03-17 23:58 . 2012-03-17 23:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 23:58 . 2012-03-17 23:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 12:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:43 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:43 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:43 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-11 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-04-11 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-04-10 02:01 . 2012-01-18 01:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-09 09:50 . 2011-03-28 07:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-02-23 16:18 . 2011-01-09 03:32 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-30 18:36 . 2012-01-30 18:36 704504 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-12_19.39.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-28 06:31 . 2012-04-12 20:38 55594 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-12 20:38 35760 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-09 23:46 . 2012-04-12 20:38 18962 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3218077374-2183425147-417290081-1001_UserData.bin

- 2009-07-14 05:30 . 2012-04-12 19:40 86016 c:\windows\system64\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-04-12 20:37 86016 c:\windows\system64\DriverStore\infpub.dat

- 2010-02-28 07:03 . 2012-04-12 19:36 1882 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2010-02-28 07:03 . 2012-04-12 20:34 1882 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-04-12 20:35 . 2012-04-12 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-12 19:38 . 2012-04-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-12 20:35 . 2012-04-12 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-12 19:38 . 2012-04-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:30 . 2012-04-12 20:37 143360 c:\windows\system64\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-04-12 19:40 143360 c:\windows\system64\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-04-12 19:40 143360 c:\windows\system64\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2012-04-12 20:37 143360 c:\windows\system64\DriverStore\infstor.dat

+ 2009-07-14 05:01 . 2012-04-12 20:34 393648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-12 19:36 393648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mikogo"="c:\users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2011-09-17 5420408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-04 206064]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

.

c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]

R3 B-Service;B-Service;c:\users\NICOLE\Downloads\B-Service.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-03-31 151064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSvia64.sys [2012-04-03 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-05 92160]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]

S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-04 206064]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-04 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:01]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41]

.

2012-04-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]

.

2012-04-12 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-05 8123936]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-03 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-03 390168]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-03 408600]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

rp_fws

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,

25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,

14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4

"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,

71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,

33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,

d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,

e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04

"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,

25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:98,59,9b,a8,1a,10,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ ”1*]

"DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"\04\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦$*]

"DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"F\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦5*]

@="c:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\System.ServiceModel.Discovery.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-12 14:01:31

ComboFix-quarantined-files.txt 2012-04-12 21:01

ComboFix2.txt 2012-04-12 19:51

.

Pre-Run: 24,716,574,720 bytes free

Post-Run: 24,632,758,272 bytes free

.

- - End Of File - - 35A659BF57E9FA3B8C5FE1E9613729B7

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Running ESET scanner now.

When I typed "ESET" into Internet Explorer's address field a search list dropped down showing "eset online scanner". Clicked that and was redirected to findgala.com. :(

Share this post


Link to post
Share on other sites

It looks like ESET only found files that TDSSkiller had already quarantined. :(

FYI, the log file in the ESET folder doesn't include the results. I had to save a separate file via the ESET scanner's window.

-------- log.txt ---------- (C:\Program Files (x86)\EsetOnlineScanner\log.txt)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

-------- Results log.txt ---------- (saved by me, to Desktop)

C:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\12.04.2012_11.41.35\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined

Share this post


Link to post
Share on other sites

Should I just give up, reformat and reinstall? I wonder if the recovery partition has malware, too? Ugh..... :(

Share this post


Link to post
Share on other sites
C:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\12.04.2012_11.41.35\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined

Relax, let me explain you. There TDSSKiller stores everything deleted, but this time protected so that no risk of re-infecting your system in order if it is deleted by mistake, to be restored. There is nothing dangerous. How are things there (except findgala.com)?

Let's take a deeper look for findgala.com :

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/13/2012 11:25:55 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\NICOLE\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.55% Memory free

7.60 Gb Paging File | 5.56 Gb Available in Paging File | 73.21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 58.59 Gb Total Space | 22.87 Gb Free Space | 39.03% Space Free | Partition Type: NTFS

Drive D: | 397.30 Gb Total Space | 396.85 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Drive F: | 976.97 Mb Total Space | 294.85 Mb Free Space | 30.18% Space Free | Partition Type: FAT32

Computer Name: NICOLE-PC | User Name: NICOLE | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/13 11:24:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\NICOLE\Desktop\OTL.exe

PRC - [2012/01/16 22:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe

PRC - [2010/07/06 13:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

PRC - [2009/07/21 17:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

PRC - [2009/07/06 19:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/07/01 03:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009/05/04 14:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe

PRC - [2009/05/04 14:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe

PRC - [2008/12/17 23:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/10 18:18:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll

MOD - [2012/04/10 17:53:07 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll

MOD - [2012/04/10 17:52:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

MOD - [2012/04/10 17:52:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

MOD - [2012/04/10 17:52:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012/04/10 17:52:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012/04/10 17:52:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2012/04/10 17:51:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/07/21 17:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe

MOD - [2009/07/06 19:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/07/06 19:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/07/06 19:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/07/06 19:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/07/06 19:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/07/06 19:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/04 20:33:00 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/09/21 10:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2009/09/21 10:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2009/09/21 10:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (rp_fws)

SRV:64bit: - [2009/07/01 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2008/12/17 23:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2012/04/13 11:24:59 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/30 17:35:36 | 000,151,064 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)

SRV - [2012/01/16 22:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/23 01:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/04 14:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/09 02:50:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/22 11:41:12 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 15:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/01/17 15:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/01/17 15:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/01/17 15:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/01/17 15:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/11/29 15:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys -- (SymDS)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2009/12/17 04:09:20 | 000,036,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2009/10/29 20:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)

DRV:64bit: - [2009/10/25 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/10/18 17:37:24 | 006,956,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/09/25 15:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/08/23 20:20:00 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/23 08:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)

DRV:64bit: - [2009/07/22 21:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)

DRV:64bit: - [2009/07/16 20:14:12 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/08 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/02 07:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/07/02 07:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/07/02 07:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/07/02 07:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/06/14 22:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2012/04/12 16:37:48 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120412.018\ex64.sys -- (NAVEX15)

DRV - [2012/04/12 16:37:48 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120412.018\eng64.sys -- (NAVENG)

DRV - [2012/04/03 21:40:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/04/03 21:40:44 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/04/03 15:28:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120412.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/04/02 16:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9346663E-9F78-40AC-8D73-B65D79ADCD31}

IE:64bit: - HKLM\..\SearchScopes\{9346663E-9F78-40AC-8D73-B65D79ADCD31}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}

IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKLM\..\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes,DefaultScope = {DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{B61D2A43-CFBB-4296-8C7A-B07C353D8205}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg114

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}: "URL" = http://findgala.com/?&uid=328&q={searchTerms}

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "My Web Search"

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"

FF - prefs.js..searchreset.backup.keyword.URL: "https://www.google.com/"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\NICOLE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/10 13:55:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/09 02:28:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/04/12 13:35:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/22 04:05:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/10 18:03:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 18:03:09 | 000,000,000 | ---D | M]

[2010/12/11 02:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Extensions

[2012/04/10 20:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions

[2011/08/26 07:12:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2011/05/10 14:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\Access Privileges Test

[2011/03/28 01:10:27 | 000,002,470 | ---- | M] () -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\searchplugins\safesearch.xml

[2012/01/15 14:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/12 13:35:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN

[2012/04/09 02:28:56 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN

() (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4CSQAJ5M.DEFAULT\EXTENSIONS\FHXNMHFJLU@FHXNMHFJLU.ORG.XPI

[2012/03/17 16:58:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/12 22:48:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/12 22:48:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - Extension: Entanglement = C:\Users\NICOLE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\

CHR - Extension: Poppit = C:\Users\NICOLE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/04/12 13:59:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (no name) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No CLSID value found.

O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O3 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)

O4 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001..\Run: [Mikogo] C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe ()

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71481F14-188C-4518-A592-59D41A4B254D}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\gopher - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 11:24:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\NICOLE\Desktop\OTL.exe

[2012/04/12 15:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/12 15:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/04/12 12:51:13 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/12 12:26:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/12 12:26:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/12 12:26:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/12 12:26:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/12 12:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/12 12:22:35 | 004,460,173 | R--- | C] (Swearware) -- C:\Users\NICOLE\Desktop\ComboFix.exe

[2012/04/12 12:21:55 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\Desktop\Nicole's files

[2012/04/11 15:56:06 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Canon

[2012/04/11 01:37:59 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper

[2012/04/11 01:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2012/04/11 01:34:02 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

[2012/04/11 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2012/04/11 01:24:12 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012/04/10 21:22:42 | 000,000,000 | ---D | C] -- C:\Windows\rescache

[2012/04/10 20:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/04/10 18:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/04/10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/04/10 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/04/10 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/04/10 18:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/04/10 18:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012/04/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2012/04/10 16:36:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2012/04/10 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/04/10 14:46:58 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Malwarebytes

[2012/04/10 14:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/10 14:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/10 14:46:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/10 14:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/10 14:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/04/10 14:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/04/10 01:59:38 | 000,000,000 | ---D | C] -- C:\NBRT

[2012/04/09 22:04:22 | 000,000,000 | ---D | C] -- C:\NPE

[2012/04/09 18:52:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[2012/04/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/04/09 03:17:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/04/09 03:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2012/04/07 13:46:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012/04/03 17:34:08 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/03/29 09:58:42 | 000,000,000 | ---D | C] -- C:\Windows\system64

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/13 11:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/13 11:25:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/13 11:24:51 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/04/13 11:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/13 11:24:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\NICOLE\Desktop\OTL.exe

[2012/04/12 17:29:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/12 13:59:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/04/12 13:48:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/12 13:48:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/12 13:35:35 | 3061,215,232 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/12 12:12:28 | 004,460,173 | R--- | M] (Swearware) -- C:\Users\NICOLE\Desktop\ComboFix.exe

[2012/04/11 18:48:08 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\VT20120410.034

[2012/04/11 03:14:33 | 002,098,208 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB

[2012/04/11 01:24:12 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2012/04/10 18:08:01 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/04/10 18:02:57 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/04/10 17:47:18 | 000,425,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/04/10 11:49:14 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/09 22:20:51 | 000,000,882 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak

[2012/04/09 22:20:51 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120410-202649.backup

[2012/04/09 19:30:20 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/04/09 18:37:55 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/04/09 03:03:35 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/09 02:50:32 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/04/09 02:50:32 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/04/09 02:50:32 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/03/22 18:14:54 | 000,191,272 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/03/19 21:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/12 12:26:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/12 12:26:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/12 12:26:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/12 12:26:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/12 12:26:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/10 18:08:01 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/04/10 18:02:56 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/04/09 18:52:51 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/04/09 18:52:42 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/04/09 18:45:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/09 03:03:35 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/09 03:03:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/03/22 18:14:54 | 000,191,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/12/20 21:29:28 | 000,000,080 | ---- | C] () -- C:\Users\NICOLE\AppData\Roaming\wklnhst.dat

[2011/05/10 12:59:32 | 000,007,598 | ---- | C] () -- C:\Users\NICOLE\AppData\Local\Resmon.ResmonCfg

[2011/05/09 17:52:02 | 000,000,000 | ---- | C] () -- C:\Users\NICOLE\AppData\Local\{02C26254-005D-472F-9241-70F49F3A60C0}

[2011/03/28 16:44:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/12/11 15:48:15 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll

[2010/12/11 15:48:14 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll

[2010/12/11 03:09:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2012/04/11 15:56:06 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Canon

[2011/03/04 14:55:10 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\GARMIN

[2011/09/16 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Mikogo

[2011/07/29 06:36:38 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\PCDr

[2010/12/12 09:36:16 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Pro700 Series

[2011/12/20 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Template

[2011/10/31 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Tific

[2011/11/26 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Unity

[2012/04/10 11:49:14 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012/03/07 09:27:55 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/04/13 11:24:51 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9346663E-9F78-40AC-8D73-B65D79ADCD31}
    IE - HKLM\..\SearchScopes,DefaultScope = {DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes,DefaultScope = {DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}
    IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
    IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}: "URL" = http://findgala.com/?&uid=328&q={searchTerms}
    FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "My Web Search"

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

HKEY_USERS\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.

Registry key HKEY_USERS\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}\ not found.

Prefs.js: "My Web Search" removed from searchreset.backup.browser.search.defaultenginename

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NICOLE

->Temp folder emptied: 2441 bytes

->Temporary Internet Files folder emptied: 31018358 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49139941 bytes

->Google Chrome cache emptied: 12191516 bytes

->Flash cache emptied: 648 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 704504 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4468 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes

RecycleBin emptied: 186 bytes

Total Files Cleaned = 89.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04132012_142420

Files\Folders moved on Reboot...

C:\Users\NICOLE\AppData\Local\Temp\RDR4A92.tmp\results_876.hlk moved successfully.

C:\Users\NICOLE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Haven't tried using it until I heard from you. I'll check it now.

Share this post


Link to post
Share on other sites

Wow, I think you got it! I've tried numerous searches for virus/malware related terms and all come back w/ legit pages/links.

Do you have any suggestions for addional protection?

Много благодаря! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.