Nebraskarain

Can't remove Trojan.Agent svchost.exe

57 posts in this topic

I cannot get Trojan.Agent svchost.exe out of my laptop. I have Norton Anti-Virus 360 and have used the free Avast Anti- Virus and Malwarebytes to try and remove it. The best I can do is quarrentine it. Our PC had the same virus and I took it back to factory settings to get rid of it and it worked, but did nothing when I did the same in my laptop. It's still infected. Help! I am starting a new semester soon and need my laptop :(

attach.txt

dds.txt

Share this post


Link to post
Share on other sites

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Having said that....Let's get going!!

----------

Share this post


Link to post
Share on other sites

Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Share this post


Link to post
Share on other sites

Just as I had suspected...

  • Run TDSSKiller again
  • \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) << When you see that, select Cure
  • Post the new log created.

Share this post


Link to post
Share on other sites

I rebooted and everything looked like it was loading up fine so I ran to the next room quick and when I cam back i had a black screen with a security warning asking me if I wanted something form Kanisky lab (or a name similar) to make changes to my hard drive. Because i didnt recognize it I just hit the x to close it and Windows finished loading to my desktop.

Share this post


Link to post
Share on other sites

Hmmmmm...that is different. How is your system behaving?

Share this post


Link to post
Share on other sites

It has actually got a little faster but I still can not turn on my anti virus program (Norton 360) or run a scan with it

Share this post


Link to post
Share on other sites

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Share this post


Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
    File::
    c:\windows\SysWow64\shoBCFA.tmp
    c:\windows\SysWow64\shoBFD6.tmp
    c:\windows\SysWow64\sho62BD.tmp
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Post the new ComboFix log and let me know how your system is running. :)

Share this post


Link to post
Share on other sites

ComboFix 12-12-17.02 - nebraskarain 12/18/2012 10:51:30.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2273 [GMT -6:00]

Running from: c:\users\nebraskarain\Downloads\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))

.

.

2012-12-18 16:58 . 2012-12-18 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-18 04:21 . 2012-12-18 04:21 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-16 16:16 . 2012-12-16 17:23 -------- d-----w- c:\program files (x86)\Google

2012-12-16 16:16 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-16 16:13 . 2012-12-17 19:00 -------- d-----w- c:\programdata\AVAST Software

2012-12-16 16:13 . 2012-12-16 16:13 -------- d-----w- c:\program files\AVAST Software

2012-12-16 05:07 . 2012-12-16 05:07 0 ----a-w- c:\windows\SysWow64\shoBCFA.tmp

2012-12-15 15:05 . 2012-12-15 15:05 -------- d-----w- c:\windows\Sun

2012-12-12 11:33 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 11:33 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 11:33 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-12-09 16:36 . 2012-12-09 16:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-12-09 15:37 . 2012-12-09 15:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-12-09 15:36 . 2012-12-12 14:52 -------- d-----w- c:\programdata\Microsoft Help

2012-12-09 15:36 . 2012-12-09 15:36 -------- d-----r- C:\MSOCache

2012-12-02 19:05 . 2012-12-02 19:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-02 19:04 . 2012-12-02 19:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-02 19:04 . 2012-12-02 19:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-02 19:04 . 2012-12-02 19:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-02 19:04 . 2012-12-02 19:04 -------- d-----w- c:\program files (x86)\Java

2012-12-02 14:01 . 2012-12-02 14:01 0 ----a-w- c:\windows\SysWow64\shoBFD6.tmp

2012-12-02 13:55 . 2012-12-09 15:41 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\SysWow64\Wat

2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\system32\Wat

2012-12-01 17:44 . 2012-12-01 17:44 0 ----a-w- c:\windows\SysWow64\sho62BD.tmp

2012-12-01 17:34 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-12-01 17:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-12-01 16:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-01 16:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-01 16:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-01 16:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-01 16:31 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-12-01 16:31 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-12-01 16:31 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-12-01 16:31 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-12-01 16:31 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-12-01 16:31 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-12-01 16:31 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-12-01 16:31 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-12-01 16:31 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-12-01 16:31 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-12-01 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-01 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-01 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-01 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-01 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-01 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-01 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-01 16:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-12-01 16:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-12-01 16:08 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-12-01 16:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-12-01 16:08 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-12-01 13:36 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2012-12-01 13:36 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2012-12-01 13:35 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-12-01 13:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2012-12-01 13:35 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2012-12-01 13:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2012-12-01 13:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2012-12-01 13:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2012-12-01 13:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2012-12-01 13:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-01 13:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2012-12-01 13:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2012-12-01 13:35 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll

2012-12-01 13:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll

2012-12-01 13:33 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-12-01 13:33 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2012-12-01 13:33 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-12-01 13:33 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-12-01 13:33 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-12-01 13:33 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-12-01 13:31 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll

2012-12-01 13:31 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll

2012-12-01 13:31 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-12-01 13:31 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-12-01 13:31 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-12-01 13:31 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-12-01 13:29 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2012-12-01 13:29 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-12-01 13:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-12-01 13:29 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-12-01 13:29 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-12-01 13:29 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll

2012-12-01 13:29 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll

2012-12-01 13:29 . 2012-08-30 18:10 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-01 13:29 . 2012-08-30 18:11 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-12-01 13:29 . 2012-08-30 18:11 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-12-01 13:27 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-12-01 13:26 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-12-01 13:25 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-12-01 13:25 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2012-12-01 13:25 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-12-01 13:25 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2012-12-01 13:25 . 2011-03-03 06:17 356352 ----a-w- c:\windows\system32\dnsapi.dll

2012-12-01 13:25 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2012-12-01 13:25 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2012-12-01 13:24 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll

2012-12-01 13:24 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll

2012-12-01 13:24 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-12-01 13:24 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-12-01 13:22 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-12-01 13:21 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-12-01 13:21 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2012-12-01 13:21 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2012-12-01 13:21 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2012-12-01 13:21 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2012-12-01 13:19 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-12-01 13:18 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-12-01 13:18 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-12-01 04:46 . 2012-12-01 19:46 -------- d-----w- c:\programdata\VirtualizedApplications

2012-12-01 00:50 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-12-01 00:50 . 2012-12-01 00:50 -------- d-----w- c:\program files\Microsoft Office

2012-12-01 00:05 . 2012-12-01 00:05 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-11-30 22:09 . 2012-11-30 22:09 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files\Symantec

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files (x86)\Norton 360

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-11-30 22:00 . 2012-11-30 22:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-30 22:00 . 2012-11-30 22:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-30 22:00 . 2012-11-30 22:00 -------- d-----w- c:\windows\system32\Macromed

2012-11-30 21:55 . 2012-11-30 21:55 -------- d-----w- c:\programdata\PCSettings

2012-11-30 21:46 . 2012-11-30 21:46 -------- d-----w- c:\program files (x86)\AWS

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 21:20 . 2012-12-01 13:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-12-01 13:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-12-01 13:22 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-04 16:45 . 2012-12-12 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-01 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121215.001\IDSvia64.sys [2012-11-30 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [2009-03-03 89600]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2009-12-17 20984]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-29 138912]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\nebraskarain\AppData\Roaming\Mozilla\Firefox\Profiles\b8ix3dpj.default\

FF - ExtSQL: 2012-11-30 16:10; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn

FF - ExtSQL: 2012-11-30 16:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-43064105.sys

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-18 11:01:09

ComboFix-quarantined-files.txt 2012-12-18 17:01

.

Pre-Run: 255,391,989,760 bytes free

Post-Run: 255,031,590,912 bytes free

.

- - End Of File - - 5EA1691B3D0FE1313DAD85B0E52E0426

Share this post


Link to post
Share on other sites

No problem. :) Just use the instructions from post 12.

Share this post


Link to post
Share on other sites

ComboFix 12-12-17.02 - nebraskarain 12/18/2012 14:05:43.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2678 [GMT -6:00]

Running from: c:\users\nebraskarain\Desktop\ComboFix.exe

Command switches used :: c:\users\nebraskarain\Desktop\CFScript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))

.

.

2012-12-18 20:17 . 2012-12-18 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-18 04:21 . 2012-12-18 04:21 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-16 16:16 . 2012-12-16 17:23 -------- d-----w- c:\program files (x86)\Google

2012-12-16 16:16 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-16 16:13 . 2012-12-17 19:00 -------- d-----w- c:\programdata\AVAST Software

2012-12-16 16:13 . 2012-12-16 16:13 -------- d-----w- c:\program files\AVAST Software

2012-12-16 05:07 . 2012-12-16 05:07 0 ----a-w- c:\windows\SysWow64\shoBCFA.tmp

2012-12-15 15:05 . 2012-12-15 15:05 -------- d-----w- c:\windows\Sun

2012-12-12 11:33 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 11:33 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 11:33 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-12-09 16:36 . 2012-12-09 16:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-12-09 15:37 . 2012-12-09 15:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-12-09 15:36 . 2012-12-12 14:52 -------- d-----w- c:\programdata\Microsoft Help

2012-12-09 15:36 . 2012-12-09 15:36 -------- d-----r- C:\MSOCache

2012-12-02 19:05 . 2012-12-02 19:05 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-02 19:04 . 2012-12-02 19:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-12-02 19:04 . 2012-12-02 19:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-02 19:04 . 2012-12-02 19:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-02 19:04 . 2012-12-02 19:04 -------- d-----w- c:\program files (x86)\Java

2012-12-02 14:01 . 2012-12-02 14:01 0 ----a-w- c:\windows\SysWow64\shoBFD6.tmp

2012-12-02 13:55 . 2012-12-09 15:41 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\SysWow64\Wat

2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\system32\Wat

2012-12-01 17:44 . 2012-12-01 17:44 0 ----a-w- c:\windows\SysWow64\sho62BD.tmp

2012-12-01 17:34 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-12-01 17:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-12-01 16:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-01 16:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-01 16:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-12-01 16:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-01 16:31 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-12-01 16:31 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-12-01 16:31 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-12-01 16:31 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-12-01 16:31 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-12-01 16:31 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-12-01 16:31 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-12-01 16:31 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-12-01 16:31 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-12-01 16:31 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-12-01 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-01 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-01 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-01 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-01 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-01 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-01 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-01 16:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-12-01 16:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-12-01 16:08 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-12-01 16:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-12-01 16:08 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-12-01 13:36 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2012-12-01 13:36 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2012-12-01 13:35 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-12-01 13:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2012-12-01 13:35 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe

2012-12-01 13:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe

2012-12-01 13:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2012-12-01 13:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2012-12-01 13:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2012-12-01 13:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-01 13:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2012-12-01 13:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2012-12-01 13:35 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll

2012-12-01 13:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll

2012-12-01 13:33 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-12-01 13:33 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2012-12-01 13:33 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-12-01 13:33 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-12-01 13:33 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-12-01 13:33 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-12-01 13:31 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll

2012-12-01 13:31 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll

2012-12-01 13:31 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-12-01 13:31 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-12-01 13:31 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-12-01 13:31 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-12-01 13:29 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2012-12-01 13:29 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-12-01 13:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-12-01 13:29 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-12-01 13:29 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-12-01 13:29 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll

2012-12-01 13:29 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll

2012-12-01 13:29 . 2012-08-30 18:10 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-12-01 13:29 . 2012-08-30 18:11 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-12-01 13:29 . 2012-08-30 18:11 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-12-01 13:27 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-12-01 13:26 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-12-01 13:25 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-12-01 13:25 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2012-12-01 13:25 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-12-01 13:25 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll

2012-12-01 13:25 . 2011-03-03 06:17 356352 ----a-w- c:\windows\system32\dnsapi.dll

2012-12-01 13:25 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2012-12-01 13:25 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2012-12-01 13:24 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll

2012-12-01 13:24 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll

2012-12-01 13:24 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-12-01 13:24 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-12-01 13:22 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-12-01 13:21 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-12-01 13:21 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2012-12-01 13:21 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2012-12-01 13:21 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2012-12-01 13:21 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2012-12-01 13:19 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-12-01 13:18 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-12-01 13:18 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-12-01 04:46 . 2012-12-01 19:46 -------- d-----w- c:\programdata\VirtualizedApplications

2012-12-01 00:50 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-12-01 00:50 . 2012-12-01 00:50 -------- d-----w- c:\program files\Microsoft Office

2012-12-01 00:05 . 2012-12-01 00:05 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-11-30 22:09 . 2012-11-30 22:09 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files\Symantec

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files (x86)\Norton 360

2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-11-30 22:00 . 2012-11-30 22:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-30 22:00 . 2012-11-30 22:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-30 22:00 . 2012-11-30 22:00 -------- d-----w- c:\windows\system32\Macromed

2012-11-30 21:55 . 2012-11-30 21:55 -------- d-----w- c:\programdata\PCSettings

2012-11-30 21:46 . 2012-11-30 21:46 -------- d-----w- c:\program files (x86)\AWS

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 21:20 . 2012-12-01 13:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-12-01 13:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-12-01 13:22 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-04 16:45 . 2012-12-12 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-01 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121215.001\IDSvia64.sys [2012-11-30 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [2009-03-03 89600]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2009-12-17 20984]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-29 138912]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\nebraskarain\AppData\Roaming\Mozilla\Firefox\Profiles\b8ix3dpj.default\

FF - ExtSQL: 2012-11-30 16:10; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn

FF - ExtSQL: 2012-11-30 16:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-18 14:37:14

ComboFix-quarantined-files.txt 2012-12-18 20:37

ComboFix2.txt 2012-12-18 17:01

.

Pre-Run: 254,941,192,192 bytes free

Post-Run: 254,880,440,320 bytes free

.

- - End Of File - - A795EA3DD2C543CA6F18C2791C5D88D6

Share this post


Link to post
Share on other sites

Run a new scan with TDSSKiller and post the new log please.

Share this post


Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/30/2012 2:17:32 PM

System Uptime: 12/18/2012 1:42:39 PM (3 hours ago)

.

Motherboard: Dell Inc. | | 0K13WN

Processor: Intel® Pentium® CPU P6200 @ 2.13GHz | CPU 1 | 915/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 237.392 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP48: 12/13/2012 7:26:19 PM - Windows Update

RP49: 12/14/2012 3:00:17 AM - Windows Update

RP50: 12/14/2012 10:17:13 AM - Windows Update

RP51: 12/14/2012 12:43:18 PM - Windows Update

RP52: 12/14/2012 4:13:15 PM - Windows Update

RP53: 12/14/2012 9:32:14 PM - Windows Update

RP54: 12/15/2012 8:08:13 AM - Windows Update

RP55: 12/15/2012 11:21:49 AM - Windows Update

RP56: 12/15/2012 1:24:50 PM - Windows Update

RP57: 12/15/2012 11:06:21 PM - Windows Update

RP58: 12/16/2012 12:55:50 AM - Windows Update

RP59: 12/16/2012 10:13:18 AM - avast! Free Antivirus Setup

RP60: 12/16/2012 9:03:47 PM - Windows Update

RP61: 12/16/2012 11:03:55 PM - Windows Update

RP62: 12/17/2012 9:12:09 AM - Windows Update

RP63: 12/17/2012 12:14:28 PM - Windows Update

RP64: 12/17/2012 12:58:17 PM - avast! Free Antivirus Setup

RP65: 12/17/2012 1:27:45 PM - Windows Update

RP66: 12/17/2012 2:10:49 PM - Windows Update

RP67: 12/17/2012 11:08:17 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1

Advanced Audio FX Engine

Bing Bar

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cozi

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Online

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell Product Registration

Dell Support Center

Dell Touchpad

Dell Webcam Central

DW WLAN Card Utility

GoToAssist 8.0.0.514

IDT Audio

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 9

Java Auto Updater

Java 6 Update 21 (64-bit)

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Starter 2010 - English

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Norton 360

Quickset64

Roxio Burn

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

WeatherBug

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

12/18/2012 2:17:25 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/18/2012 10:57:22 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/17/2012 2:11:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

12/17/2012 2:11:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

12/17/2012 1:02:27 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/15/2012 9:06:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/15/2012 9:06:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

12/13/2012 11:14:27 AM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-NetworkAccessProtection/Operational.

12/11/2012 9:23:48 PM, Error: Service Control Manager [7000] - The Intel® Management & Security Application User Notification Service service failed to start due to the following error: The pipe has been ended.

12/11/2012 9:23:44 PM, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

12/11/2012 9:23:44 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not start due to a logon failure.

12/11/2012 4:53:17 AM, Error: Service Control Manager [7023] -

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by nebraskarain at 16:04:44 on 2012-12-18

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2103 [GMT -6:00]

.

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\windows\system32\Dwm.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\CoIEPlg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\CoIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\CoIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{54BAFE21-A902-45DA-AF95-211B966667CC} : DHCPNameServer = 172.2.1.161

TCP: Interfaces\{7E532FB5-0B33-4D29-BD70-D752C6E3A13D} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\nebraskarain\AppData\Roaming\Mozilla\Firefox\Profiles\b8ix3dpj.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-30 16:10; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn

FF - ExtSQL: 2012-11-30 16:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-12-12 55280]

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1402000.013\SymDS64.sys [2012-11-30 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1402000.013\SymEFA64.sys [2012-11-30 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]

R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-11-30 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121215.001\IDSviA64.sys [2012-12-18 513184]

R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1402000.013\Ironx64.sys [2012-11-30 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1402000.013\symnets.sys [2012-11-30 432800]

R2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [2010-12-12 89600]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-12 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-30 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-30 676936]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-11-30 143928]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-12 2320920]

R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\System32\drivers\bcmvwl64.sys [2010-12-13 20984]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2010-12-12 172704]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-30 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-12-12 56344]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-12-13 158976]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-12-13 76912]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-30 25928]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-12-13 232480]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-1 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2012-12-18 16:50:00 98816 ----a-w- C:\windows\sed.exe

2012-12-18 16:50:00 256000 ----a-w- C:\windows\PEV.exe

2012-12-18 16:50:00 208896 ----a-w- C:\windows\MBR.exe

2012-12-18 04:21:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-16 16:16:44 -------- d-----w- C:\Users\nebraskarain\AppData\Local\Google

2012-12-16 16:13:48 -------- d-----w- C:\ProgramData\AVAST Software

2012-12-16 16:13:48 -------- d-----w- C:\Program Files\AVAST Software

2012-12-16 05:07:48 0 ----a-w- C:\windows\SysWow64\shoBCFA.tmp

2012-12-12 11:33:05 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 11:33:05 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-12 11:33:00 3147264 ----a-w- C:\windows\System32\win32k.sys

2012-12-09 15:37:29 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-12-09 15:36:58 -------- d-----w- C:\Users\nebraskarain\AppData\Local\Microsoft Help

2012-12-09 05:08:06 -------- d-----w- C:\Users\nebraskarain\AppData\Local\MicrosoftStore

2012-12-06 05:20:30 -------- d-----w- C:\Users\nebraskarain\AppData\Local\Adobe

2012-12-02 19:05:27 -------- d-----w- C:\Users\nebraskarain\AppData\Roaming\.minecraft

2012-12-02 19:04:44 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-12-02 19:04:44 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-12-02 19:04:24 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-02 14:01:00 0 ----a-w- C:\windows\SysWow64\shoBFD6.tmp

2012-12-01 19:01:59 -------- d-----w- C:\windows\SysWow64\Wat

2012-12-01 19:01:59 -------- d-----w- C:\windows\System32\Wat

2012-12-01 17:44:19 0 ----a-w- C:\windows\SysWow64\sho62BD.tmp

2012-12-01 17:34:08 367104 ----a-w- C:\windows\System32\wcncsvc.dll

2012-12-01 17:34:08 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll

2012-12-01 16:48:12 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-12-01 16:48:12 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-12-01 16:48:12 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-01 16:48:11 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-12-01 16:31:44 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll

2012-12-01 16:31:44 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll

2012-12-01 16:31:44 48960 ----a-w- C:\windows\System32\netfxperf.dll

2012-12-01 16:31:44 444752 ----a-w- C:\windows\System32\mscoree.dll

2012-12-01 16:31:44 320352 ----a-w- C:\windows\System32\PresentationHost.exe

2012-12-01 16:31:44 297808 ----a-w- C:\windows\SysWow64\mscoree.dll

2012-12-01 16:31:44 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe

2012-12-01 16:31:44 1942856 ----a-w- C:\windows\System32\dfshim.dll

2012-12-01 16:31:44 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll

2012-12-01 16:31:44 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll

2012-12-01 16:12:49 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-12-01 16:12:49 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-12-01 16:12:48 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-12-01 16:12:48 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-12-01 16:12:47 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-12-01 16:12:47 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-12-01 16:12:47 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-12-01 16:08:53 80896 ----a-w- C:\windows\System32\imagehlp.dll

2012-12-01 16:08:53 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-12-01 16:08:53 5120 ----a-w- C:\windows\System32\wmi.dll

2012-12-01 16:08:53 22896 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-12-01 16:08:53 158720 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-12-01 13:36:40 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2012-12-01 13:36:39 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2012-12-01 13:35:44 142336 ----a-w- C:\windows\System32\poqexec.exe

2012-12-01 13:35:44 123904 ----a-w- C:\windows\SysWow64\poqexec.exe

2012-12-01 13:35:42 2870272 ----a-w- C:\windows\explorer.exe

2012-12-01 13:35:42 2614784 ----a-w- C:\windows\SysWow64\explorer.exe

2012-12-01 13:35:40 961024 ----a-w- C:\windows\System32\CPFilters.dll

2012-12-01 13:35:40 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll

2012-12-01 13:35:39 850432 ----a-w- C:\windows\SysWow64\sbe.dll

2012-12-01 13:35:39 259072 ----a-w- C:\windows\System32\mpg2splt.ax

2012-12-01 13:35:39 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax

2012-12-01 13:35:39 1118720 ----a-w- C:\windows\System32\sbe.dll

2012-12-01 13:35:32 148992 ----a-w- C:\windows\System32\t2embed.dll

2012-12-01 13:35:32 109056 ----a-w- C:\windows\SysWow64\t2embed.dll

2012-12-01 13:33:13 1572864 ----a-w- C:\windows\System32\quartz.dll

2012-12-01 13:33:13 1328640 ----a-w- C:\windows\SysWow64\quartz.dll

2012-12-01 13:33:12 514560 ----a-w- C:\windows\SysWow64\qdvd.dll

2012-12-01 13:33:12 366592 ----a-w- C:\windows\System32\qdvd.dll

2012-12-01 13:33:03 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-12-01 13:33:03 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

2012-12-01 13:31:50 395776 ----a-w- C:\windows\System32\webio.dll

2012-12-01 13:31:50 314368 ----a-w- C:\windows\SysWow64\webio.dll

2012-12-01 13:31:45 2003968 ----a-w- C:\windows\System32\msxml6.dll

2012-12-01 13:31:44 1880064 ----a-w- C:\windows\System32\msxml3.dll

2012-12-01 13:31:44 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2012-12-01 13:31:43 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2012-12-01 13:29:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2012-12-01 13:29:53 515584 ----a-w- C:\windows\System32\timedate.cpl

2012-12-01 13:29:53 478208 ----a-w- C:\windows\SysWow64\timedate.cpl

2012-12-01 13:29:51 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2012-12-01 13:29:51 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll

2012-12-01 13:29:15 633856 ----a-w- C:\windows\System32\comctl32.dll

2012-12-01 13:29:15 530432 ----a-w- C:\windows\SysWow64\comctl32.dll

2012-12-01 13:29:11 5473136 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-12-01 13:29:09 3971440 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-12-01 13:29:08 3915632 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-12-01 13:27:14 574464 ----a-w- C:\windows\System32\d3d10level9.dll

2012-12-01 13:26:25 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL

2012-12-01 13:25:42 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys

2012-12-01 13:25:41 223448 ----a-w- C:\windows\System32\drivers\fvevol.sys

2012-12-01 13:25:40 208896 ----a-w- C:\windows\System32\profsvc.dll

2012-12-01 13:25:38 182272 ----a-w- C:\windows\System32\dnsrslvr.dll

2012-12-01 13:25:37 30208 ----a-w- C:\windows\System32\dnscacheugc.exe

2012-12-01 13:25:37 28672 ----a-w- C:\windows\SysWow64\dnscacheugc.exe

2012-12-01 13:24:09 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll

2012-12-01 13:24:09 1024512 ----a-w- C:\windows\System32\wmpmde.dll

2012-12-01 13:24:07 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-12-01 13:24:07 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-12-01 13:22:58 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-12-01 13:21:03 404992 ----a-w- C:\windows\System32\umpnpmgr.dll

2012-12-01 13:21:02 64512 ----a-w- C:\windows\SysWow64\devobj.dll

2012-12-01 13:21:02 44544 ----a-w- C:\windows\SysWow64\devrtl.dll

2012-12-01 13:21:02 252928 ----a-w- C:\windows\SysWow64\drvinst.exe

2012-12-01 13:21:02 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll

2012-12-01 13:19:55 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-12-01 13:18:39 77312 ----a-w- C:\windows\System32\packager.dll

2012-12-01 13:18:39 67072 ----a-w- C:\windows\SysWow64\packager.dll

2012-12-01 12:42:09 -------- d-----w- C:\Users\nebraskarain\AppData\Local\Diagnostics

2012-12-01 04:46:11 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-12-01 00:52:40 -------- d-----w- C:\Users\nebraskarain\AppData\Local\SoftGrid Client

2012-12-01 00:52:39 -------- d-----w- C:\Users\nebraskarain\AppData\Roaming\SoftGrid Client

2012-12-01 00:50:58 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-12-01 00:50:36 -------- d-----w- C:\Users\nebraskarain\AppData\Roaming\TP

2012-12-01 00:05:21 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-11-30 22:01:41 -------- d-----w- C:\Users\nebraskarain\AppData\Local\Macromedia

2012-11-30 22:00:43 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-30 22:00:43 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-11-30 21:55:37 -------- d-----w- C:\ProgramData\PCSettings

2012-11-30 21:48:00 -------- d-----w- C:\Users\nebraskarain\AppData\Local\WeatherBug

2012-11-30 21:46:54 -------- d-----w- C:\Users\nebraskarain\AppData\Roaming\WeatherBug

2012-11-30 21:46:48 -------- d-----w- C:\Program Files (x86)\AWS

2012-11-30 21:08:48 -------- d-----w- C:\windows\System32\drivers\N360x64\1402000.013

2012-11-30 21:08:48 -------- d-----w- C:\windows\System32\drivers\N360x64

2012-11-30 21:05:29 -------- d-----w- C:\ProgramData\NortonInstaller

2012-11-30 20:45:35 -------- d-----w- C:\ProgramData\Norton

2012-11-30 20:35:21 -------- d-----w- C:\Users\nebraskarain\AppData\Local\Mozilla

2012-11-30 20:35:15 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-11-30 20:32:31 -------- d-----w- C:\Users\nebraskarain\AppData\Roaming\Malwarebytes

2012-11-30 20:32:24 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-30 20:32:23 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-11-30 20:32:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-30 20:26:53 -------- d-----w- C:\Users\nebraskarain\AppData\Roaming\Intel Corporation

2012-11-30 20:26:23 -------- d-----w- C:\Users\nebraskarain\AppData\Local\VirtualStore

2012-11-30 20:23:12 826368 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-11-30 20:23:12 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-11-30 20:23:12 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-11-30 20:18:55 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-11-30 20:18:49 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-11-30 20:18:40 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-11-30 20:18:40 186752 ----a-w- C:\windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-11-30 22:09:43 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-05 16:25:51 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-11-05 14:17:16 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-11-05 14:03:21 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-11-05 14:03:13 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-11-02 05:27:51 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-11-02 04:48:28 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-10-16 21:20:49 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20:46 347648 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34:37 559104 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-09 01:00:02 776864 ----a-r- C:\windows\System32\drivers\N360x64\1402000.013\srtsp64.sys

2012-10-04 17:38:56 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-10-04 17:38:56 243200 ----a-w- C:\windows\System32\wow64.dll

2012-10-04 17:38:56 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-10-04 17:38:24 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-10-04 17:35:22 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-10-04 17:32:16 425984 ----a-w- C:\windows\System32\KernelBase.dll

2012-10-04 16:54:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-10-04 16:54:17 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-10-04 15:19:57 338432 ----a-w- C:\windows\System32\conhost.exe

2012-10-04 14:49:27 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-10-04 14:49:24 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-10-04 14:49:22 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-10-04 14:49:22 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-10-04 14:44:29 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:44:29 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:44:29 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:44:29 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-04 01:40:35 1133216 ----a-r- C:\windows\System32\drivers\N360x64\1402000.013\SymEFA64.sys

2012-10-04 01:40:20 493216 ----a-r- C:\windows\System32\drivers\N360x64\1402000.013\SymDS64.sys

2012-10-04 01:19:14 168096 ----a-r- C:\windows\System32\drivers\N360x64\1402000.013\ccSetx64.sys

2012-09-25 22:39:14 95744 ----a-w- C:\windows\System32\synceng.dll

2012-09-25 21:55:17 78336 ----a-w- C:\windows\SysWow64\synceng.dll

.

============= FINISH: 16:05:14.69 ===============

Share this post


Link to post
Share on other sites
Run a new scan with TDSSKiller and post the new log please.
Not DDS. :)

Share this post


Link to post
Share on other sites

OTL

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/20/2012 2:22:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nebraskarain\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 67.38% Memory free

7.60 Gb Paging File | 6.15 Gb Available in Paging File | 80.87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.34 Gb Total Space | 236.21 Gb Free Space | 83.36% Space Free | Partition Type: NTFS

Computer Name: NEBRASKARAIN-PC | User Name: nebraskarain | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\nebraskarain\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c0dc6f48b089aa04822d3e205f124f88\IAStorUtil.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\wincfi39.dll ()

MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe (Andrea Electronics Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\STacSV64.exe (IDT, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe (Andrea Electronics Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.sys (Symantec Corporation)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymDS64.sys (Symantec Corporation)

DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.sys (Symantec Corporation)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Ironx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)

DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121220.004\ex64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121220.004\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121219.001\IDSviA64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 59 F5 14 39 CF CD 01 [binary data]

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869

IE - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/11/30 16:10:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2012/12/20 12:12:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 18:48:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/04 18:48:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/30 14:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nebraskarain\AppData\Roaming\Mozilla\Extensions

[2012/12/04 18:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/04 18:48:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/11/20 00:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/11/20 00:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - homepage: http://www.google.com

CHR - Extension: Google Drive = C:\Users\nebraskarain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Users\nebraskarain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\nebraskarain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\nebraskarain\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: Norton Identity Protection = C:\Users\nebraskarain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\

CHR - Extension: Gmail = C:\Users\nebraskarain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/18 10:58:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3744671217-2616646317-1747643619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54BAFE21-A902-45DA-AF95-211B966667CC}: DhcpNameServer = 172.2.1.161

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E532FB5-0B33-4D29-BD70-D752C6E3A13D}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 14:17:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nebraskarain\Desktop\OTL.exe

[2012/12/19 05:45:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/12/18 14:37:38 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/12/18 10:51:28 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\nebraskarain\Desktop\ComboFix.exe

[2012/12/18 10:50:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/12/18 10:50:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/12/18 10:50:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/12/18 10:49:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/18 10:49:33 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012/12/17 22:21:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/12/17 16:23:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\nebraskarain\Desktop\dds.scr

[2012/12/16 10:16:44 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Google

[2012/12/16 10:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/12/16 10:16:12 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012/12/16 10:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/12/16 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/12/15 19:44:23 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\nebraskarain\Desktop\Minecraft.exe

[2012/12/15 09:05:35 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2012/12/09 09:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012/12/09 09:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012/12/09 09:36:58 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Microsoft Help

[2012/12/09 09:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012/12/09 09:36:04 | 000,000,000 | R--D | C] -- C:\MSOCache

[2012/12/08 23:08:06 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\MicrosoftStore

[2012/12/08 18:45:01 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012/12/05 23:20:30 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Adobe

[2012/12/04 18:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/12/04 05:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)

[2012/12/02 13:05:27 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\.minecraft

[2012/12/02 13:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/12/02 13:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/12/02 13:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/12/02 07:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012/12/01 13:01:59 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat

[2012/12/01 13:01:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat

[2012/12/01 10:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/12/01 06:42:09 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Diagnostics

[2012/11/30 22:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2012/11/30 18:52:40 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\SoftGrid Client

[2012/11/30 18:52:39 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\SoftGrid Client

[2012/11/30 18:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012/11/30 18:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client

[2012/11/30 18:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012/11/30 18:50:36 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\TP

[2012/11/30 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2012/11/30 16:09:43 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/11/30 16:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/11/30 16:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/11/30 16:09:25 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.sys

[2012/11/30 16:09:25 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys

[2012/11/30 16:09:25 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymDS64.sys

[2012/11/30 16:09:25 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\symnets.sys

[2012/11/30 16:09:25 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys

[2012/11/30 16:09:25 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymELAM.sys

[2012/11/30 16:09:24 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\Ironx64.sys

[2012/11/30 16:09:24 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.sys

[2012/11/30 16:09:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2012/11/30 16:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2012/11/30 16:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller

[2012/11/30 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Macromedia

[2012/11/30 16:00:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012/11/30 15:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings

[2012/11/30 15:48:00 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\WeatherBug

[2012/11/30 15:46:54 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\WeatherBug

[2012/11/30 15:46:48 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug

[2012/11/30 15:46:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS

[2012/11/30 15:08:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64

[2012/11/30 15:08:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1402000.013

[2012/11/30 15:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2012/11/30 14:45:41 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2012/11/30 14:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2012/11/30 14:35:21 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Mozilla

[2012/11/30 14:35:21 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Mozilla

[2012/11/30 14:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/11/30 14:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/11/30 14:32:31 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Malwarebytes

[2012/11/30 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/30 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/30 14:32:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/11/30 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/30 14:27:21 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Macromedia

[2012/11/30 14:27:20 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Adobe

[2012/11/30 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Roxio

[2012/11/30 14:26:53 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Intel Corporation

[2012/11/30 14:26:49 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Leadertech

[2012/11/30 14:26:36 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/11/30 14:26:36 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Searches

[2012/11/30 14:26:36 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/11/30 14:26:35 | 000,000,000 | -H-D | C] -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/11/30 14:26:27 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Identities

[2012/11/30 14:26:25 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Contacts

[2012/11/30 14:26:23 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\VirtualStore

[2012/11/30 14:17:42 | 000,000,000 | --SD | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Videos

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Saved Games

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Pictures

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Music

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Links

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Favorites

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Downloads

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Documents

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\Desktop

[2012/11/30 14:17:42 | 000,000,000 | R--D | C] -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\AppData\Local\Temporary Internet Files

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Templates

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Start Menu

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\SendTo

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Recent

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\PrintHood

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\NetHood

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Documents\My Videos

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Documents\My Pictures

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Documents\My Music

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\My Documents

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Local Settings

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\AppData\Local\History

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Cookies

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\Application Data

[2012/11/30 14:17:42 | 000,000,000 | -HSD | C] -- C:\Users\nebraskarain\AppData\Local\Application Data

[2012/11/30 14:17:42 | 000,000,000 | -H-D | C] -- C:\Users\nebraskarain\AppData

[2012/11/30 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Temp

[2012/11/30 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Local\Microsoft

[2012/11/30 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\nebraskarain\AppData\Roaming\Media Center Programs

[2012/11/30 14:14:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/20 14:17:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nebraskarain\Desktop\OTL.exe

[2012/12/20 13:48:03 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/12/20 13:48:03 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/12/20 13:48:03 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/12/20 13:44:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/12/20 12:17:47 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/20 12:17:47 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/20 12:09:02 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/18 19:41:58 | 000,115,496 | ---- | M] () -- C:\Users\nebraskarain\Documents\Alethea Marsh Degree Rationale.rtf

[2012/12/18 10:58:03 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012/12/18 10:49:02 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\nebraskarain\Desktop\ComboFix.exe

[2012/12/17 16:23:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\nebraskarain\Desktop\dds.scr

[2012/12/17 15:40:25 | 000,001,309 | ---- | M] () -- C:\Users\nebraskarain\Desktop\Norton Installation Files.lnk

[2012/12/16 20:39:34 | 000,104,156 | ---- | M] () -- C:\Users\nebraskarain\Documents\Alethea Marsh Degree Rationale Draft.rtf

[2012/12/16 10:16:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012/12/15 19:44:42 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\nebraskarain\Desktop\Minecraft.exe

[2012/12/12 08:56:13 | 000,342,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/12/12 08:53:23 | 001,842,887 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\Cat.DB

[2012/12/10 14:51:56 | 000,233,602 | ---- | M] () -- C:\Users\nebraskarain\Documents\Alethea Marsh Historiograpy of the generalship of R E Lee.rtf

[2012/12/10 14:50:44 | 000,233,692 | ---- | M] () -- C:\Users\nebraskarain\Documents\Hist. of Robert E Lee.rtf

[2012/12/09 09:42:26 | 000,003,021 | ---- | M] () -- C:\Users\nebraskarain\Desktop\Microsoft Word 2010.lnk

[2012/12/09 09:24:05 | 000,001,807 | ---- | M] () -- C:\Users\nebraskarain\Desktop\Office Home and Student 2010_1355066645105.lnk

[2012/12/08 23:12:20 | 000,002,058 | ---- | M] () -- C:\Users\nebraskarain\Desktop\Microsoft Download Manager_1355029939765.lnk

[2012/12/08 18:44:53 | 480,341,390 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/12/08 18:36:33 | 000,000,162 | -H-- | M] () -- C:\Users\nebraskarain\Documents\~$st. of Robert E Lee.rtf

[2012/12/03 18:28:59 | 000,076,434 | ---- | M] () -- C:\Users\nebraskarain\Documents\Alethea_Marsh_History_Career_Rearcch_Essay.rtf

[2012/12/01 13:07:35 | 000,001,443 | ---- | M] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/12/01 10:27:06 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf

[2012/12/01 10:27:05 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

[2012/12/01 10:15:50 | 000,731,106 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/11/30 21:20:34 | 000,013,946 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\VT20121114.016

[2012/11/30 18:52:21 | 000,002,463 | ---- | M] () -- C:\Users\nebraskarain\Desktop\Microsoft Word Starter 2010.lnk

[2012/11/30 16:09:43 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/11/30 16:09:43 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/11/30 16:09:43 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/11/30 16:09:39 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/11/30 15:46:49 | 000,001,756 | ---- | M] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk

[2012/11/30 15:46:49 | 000,001,732 | ---- | M] () -- C:\Users\nebraskarain\Desktop\WeatherBug.lnk

[2012/11/30 14:35:16 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/30 14:32:24 | 000,001,139 | ---- | M] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/11/30 14:32:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/30 14:16:14 | 000,039,219 | ---- | M] () -- C:\windows\SysWow64\license.rtf

[2012/11/30 14:16:14 | 000,039,219 | ---- | M] () -- C:\windows\SysNative\license.rtf

[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/18 10:50:00 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/12/18 10:50:00 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/12/18 10:50:00 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/12/18 10:50:00 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/12/18 10:50:00 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/12/16 20:40:24 | 000,115,496 | ---- | C] () -- C:\Users\nebraskarain\Documents\Alethea Marsh Degree Rationale.rtf

[2012/12/16 10:16:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012/12/10 14:51:56 | 000,233,602 | ---- | C] () -- C:\Users\nebraskarain\Documents\Alethea Marsh Historiograpy of the generalship of R E Lee.rtf

[2012/12/09 09:42:26 | 000,003,021 | ---- | C] () -- C:\Users\nebraskarain\Desktop\Microsoft Word 2010.lnk

[2012/12/09 09:24:05 | 000,001,807 | ---- | C] () -- C:\Users\nebraskarain\Desktop\Office Home and Student 2010_1355066645105.lnk

[2012/12/08 23:12:20 | 000,002,058 | ---- | C] () -- C:\Users\nebraskarain\Desktop\Microsoft Download Manager_1355029939765.lnk

[2012/12/08 18:44:53 | 480,341,390 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012/12/08 18:36:33 | 000,000,162 | -H-- | C] () -- C:\Users\nebraskarain\Documents\~$st. of Robert E Lee.rtf

[2012/12/07 21:09:48 | 000,233,692 | ---- | C] () -- C:\Users\nebraskarain\Documents\Hist. of Robert E Lee.rtf

[2012/12/03 20:22:53 | 000,104,156 | ---- | C] () -- C:\Users\nebraskarain\Documents\Alethea Marsh Degree Rationale Draft.rtf

[2012/12/03 18:28:58 | 000,076,434 | ---- | C] () -- C:\Users\nebraskarain\Documents\Alethea_Marsh_History_Career_Rearcch_Essay.rtf

[2012/12/01 10:48:14 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/12/01 10:27:06 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf

[2012/12/01 10:27:05 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf

[2012/12/01 10:12:47 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/30 21:22:50 | 000,013,946 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\VT20121114.016

[2012/11/30 18:52:21 | 000,002,463 | ---- | C] () -- C:\Users\nebraskarain\Desktop\Microsoft Word Starter 2010.lnk

[2012/11/30 18:51:13 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/11/30 16:09:43 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/11/30 16:09:43 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/11/30 16:09:39 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/11/30 16:09:12 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymELAM64.cat

[2012/11/30 16:09:12 | 000,009,103 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymVTcer.dat

[2012/11/30 16:09:12 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.cat

[2012/11/30 16:09:12 | 000,007,605 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\srtspx64.cat

[2012/11/30 16:09:12 | 000,007,603 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.cat

[2012/11/30 16:09:12 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\symnet64.cat

[2012/11/30 16:09:12 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\srtsp64.cat

[2012/11/30 16:09:12 | 000,007,597 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymDS64.cat

[2012/11/30 16:09:12 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\iron.cat

[2012/11/30 16:09:12 | 000,003,433 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymEFA.inf

[2012/11/30 16:09:12 | 000,002,851 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymDS.inf

[2012/11/30 16:09:12 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\SymNet.inf

[2012/11/30 16:09:12 | 000,001,437 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\srtsp64.inf

[2012/11/30 16:09:12 | 000,001,418 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\srtspx64.inf

[2012/11/30 16:09:12 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\symELAM.inf

[2012/11/30 16:09:12 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.inf

[2012/11/30 16:09:12 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\Iron.inf

[2012/11/30 16:09:12 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\isolate.ini

[2012/11/30 15:46:49 | 000,001,756 | ---- | C] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk

[2012/11/30 15:46:49 | 000,001,732 | ---- | C] () -- C:\Users\nebraskarain\Desktop\WeatherBug.lnk

[2012/11/30 15:09:24 | 001,842,887 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\Cat.DB

[2012/11/30 14:45:41 | 000,001,309 | ---- | C] () -- C:\Users\nebraskarain\Desktop\Norton Installation Files.lnk

[2012/11/30 14:35:16 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/11/30 14:35:16 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/30 14:32:24 | 000,001,139 | ---- | C] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/11/30 14:32:24 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/30 14:27:08 | 000,001,443 | ---- | C] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/11/30 14:26:40 | 000,001,415 | ---- | C] () -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/11/30 14:26:37 | 000,001,449 | ---- | C] () -- C:\Users\nebraskarain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/11/30 14:17:42 | 000,000,290 | ---- | C] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/11/30 14:17:42 | 000,000,272 | ---- | C] () -- C:\Users\nebraskarain\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/11/30 14:14:16 | 3062,915,072 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/02 13:07:37 | 000,000,000 | ---D | M] -- C:\Users\nebraskarain\AppData\Roaming\.minecraft

[2012/11/30 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\nebraskarain\AppData\Roaming\Leadertech

[2012/12/09 10:33:17 | 000,000,000 | ---D | M] -- C:\Users\nebraskarain\AppData\Roaming\SoftGrid Client

[2012/11/30 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\nebraskarain\AppData\Roaming\TP

[2012/11/30 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\nebraskarain\AppData\Roaming\WeatherBug

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/20/2012 2:22:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nebraskarain\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 67.38% Memory free

7.60 Gb Paging File | 6.15 Gb Available in Paging File | 80.87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.34 Gb Total Space | 236.21 Gb Free Space | 83.36% Space Free | Partition Type: NTFS

Computer Name: NEBRASKARAIN-PC | User Name: nebraskarain | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3744671217-2616646317-1747643619-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{151E67A7-BB49-448C-A2A7-CB20745A64F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{28E85DA4-EDE5-4A6B-B6E4-3053CA224BB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2B3130FC-EAD9-4D9D-9E85-0E19DDFD9F36}" = lport=137 | protocol=17 | dir=in | app=system |

"{3A790124-69AA-412B-BD1F-1B01AF7FFCDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3AF39A36-4950-4779-A9BF-8CDC8887F615}" = lport=2869 | protocol=6 | dir=in | app=system |

"{46BECD89-A01F-4BA9-8F2C-F3CB7A590DBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5D06E758-724D-413F-A969-291B371DF804}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5FFB7179-87D9-4416-B2C4-B78118CBA58D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{6D4DC4BD-723B-45FB-B041-F567BA34BE57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7741B901-ADD9-432F-B687-C7BA37515134}" = rport=138 | protocol=17 | dir=out | app=system |

"{995DC349-DA2D-476D-9C51-E3D0EEC5010B}" = rport=10243 | protocol=6 | dir=out | app=system |

"{9D87EFAF-4393-4321-A6F9-F4B59AD6F80B}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A7F98B86-2E39-473A-84C1-47477E100CB1}" = lport=139 | protocol=6 | dir=in | app=system |

"{AC2A30C8-F678-494A-B86B-3B570E3D9584}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BC49EC74-BE28-433B-987F-F7642907D20D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C694D1F2-949B-4C9E-A197-83E48B57AB59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CB611851-0FF4-49E0-977B-9EAE57BE382A}" = lport=138 | protocol=17 | dir=in | app=system |

"{D5605012-0FD5-4ED2-97D5-E45166A9380D}" = rport=445 | protocol=6 | dir=out | app=system |

"{DD04EC57-D61D-4394-883C-D6FF51087871}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DD9F5A64-48C3-47CE-91FA-9543981A9C26}" = lport=445 | protocol=6 | dir=in | app=system |

"{E1301CA4-30CD-4DD0-BBFC-CE96D2EA0A90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E1CF1EDB-650A-4B43-A7D4-20A3855244EB}" = lport=10243 | protocol=6 | dir=in | app=system |

"{EC8C9F02-977C-4924-B30A-53EC62C5C91E}" = rport=137 | protocol=17 | dir=out | app=system |

"{F31FDA87-58D2-40D1-A739-91621B4A146A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F622170C-F108-49D7-8C2B-73B0A9C4ADB5}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{022ECF71-EE0B-4D6C-A7AA-CCEAE518DADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0ED402B7-07CB-482D-9F06-D4D71B435464}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1B47CEA5-D6DA-4E40-B458-C413FB34F724}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3089809D-DB1C-4EBF-AD0E-76B6F852ACB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{36F47757-FB33-4C9E-9BB7-03DC46C38DBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{37994867-40A3-4D10-B01A-BD7762D23A42}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{4D6D24AB-90E9-4392-9B92-80AE9B9F66C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{586174AA-4650-4A03-8A27-E692306FA57F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{58AB5397-8E6B-41B5-9039-5C55F256751F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5B136D94-954F-4F24-B4E0-5D6367EBB42A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{5F8E1654-AFAA-471D-92FC-540AA2933535}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7D48E69E-69D3-4133-AB53-39A5F2A19628}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{99CFBBDA-0E08-45A9-84D2-432C0124EE3A}" = protocol=6 | dir=out | app=system |

"{9BB5C15F-5444-42B6-8D31-CE9E704B1FA5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{AF7AD582-642C-49C5-A2E9-85D52CF9E48D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B41926B3-281F-44B0-9339-EA6A58F6D7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B6AED4A8-9B47-4FD0-B30A-92A2F865CFB3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{C13C9BD4-40AC-4C78-9C9B-3D8297499ADA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C60F00CA-9B2D-4FB2-AF9C-7FF16E3F69CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CCF45329-10B5-4979-8AC9-E423C7015101}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{E75988BC-62C5-4CF2-99F1-B4CBCE522E26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{EBA96960-77ED-4A6E-890D-A090CB3D3EF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F0F74A53-075D-492E-A3D4-D1EDB8F5D51E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FC366405-5CF5-4C1C-AC7E-0A753FF68D35}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{FEB06394-C103-4E9C-AB34-A2A8F13597A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{FEF8D007-F5B1-49C4-9C36-B99B1715F6FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"TCP Query User{F14A6686-D6EB-4969-BDD9-56E73F0061B5}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |

"UDP Query User{E5A8EBDE-DC7D-4D4E-A6D6-5084AC01CDF4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java 6 Update 21 (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Dell Support Center" = Dell Support Center

"DW WLAN Card Utility" = DW WLAN Card Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug

"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration

"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Dell Webcam Central" = Dell Webcam Central

"GoToAssist" = GoToAssist 8.0.0.514

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"N360" = Norton 360

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/15/2012 12:08:29 PM | Computer Name = nebraskarain-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16457, time

stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x001d9ac6 Faulting process

id: 0x1590 Faulting application start time: 0x01cddad745ef9c0f Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll

Report

Id: aa1122c7-46d1-11e2-bddb-f04da2bc5b87

Error - 12/15/2012 12:25:32 PM | Computer Name = nebraskarain-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16457, time

stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x001d9ac6 Faulting process

id: 0xd0c Faulting application start time: 0x01cddade74259559 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll

Report

Id: 0bce43c2-46d4-11e2-bddb-f04da2bc5b87

Error - 12/15/2012 1:09:02 PM | Computer Name = nebraskarain-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16457, time

stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x001d9ac6 Faulting process

id: 0xf1c Faulting application start time: 0x01cddae0d4f7d8e6 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll

Report

Id: 1efa3b25-46da-11e2-bddb-f04da2bc5b87

Error - 12/15/2012 1:16:27 PM | Computer Name = nebraskarain-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16457, time

stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x001d9ac6 Faulting process

id: 0x1938 Faulting application start time: 0x01cddae6ed89b81d Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll

Report

Id: 2862ff90-46db-11e2-bddb-f04da2bc5b87

Error - 12/15/2012 3:07:18 PM | Computer Name = nebraskarain-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16457, time

stamp: 0x50a30507 Exception code: 0xc0000005 Fault offset: 0x001d9ac6 Faulting process

id: 0xe08 Faulting application start time: 0x01cddaf356aac8e8 Faulting application

path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\system32\MSHTML.dll

Report

Id: a4c3c375-46ea-11e2-ab36-f04da2bc5b87

Error - 12/15/2012 10:58:46 PM | Computer Name = nebraskarain-PC | Source = EventSystem | ID = 4621

Description =

Error - 12/16/2012 1:06:02 AM | Computer Name = nebraskarain-PC | Source = EventSystem | ID = 4621

Description =

Error - 12/16/2012 11:25:28 AM | Computer Name = nebraskarain-PC | Source = EventSystem | ID = 4621

Description =

Error - 12/16/2012 3:31:34 PM | Computer Name = nebraskarain-PC | Source = EventSystem | ID = 4622

Description =

Error - 12/16/2012 7:07:22 PM | Computer Name = nebraskarain-PC | Source = EventSystem | ID = 4622

Description =

[ Broadcom Wireless LAN Events ]

Error - 12/7/2012 4:41:28 PM | Computer Name = nebraskarain-PC | Source = WLAN-Tray | ID = 0

Description = 14:41:25, Fri, Dec 07, 12 Error - Unable to gain access to user store

[ System Events ]

Error - 12/17/2012 9:40:41 AM | Computer Name = nebraskarain-PC | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 12/17/2012 11:12:34 AM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

Error - 12/17/2012 11:12:35 AM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

Error - 12/17/2012 2:14:45 PM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

Error - 12/17/2012 2:14:46 PM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

Error - 12/17/2012 3:02:27 PM | Computer Name = nebraskarain-PC | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 12/17/2012 3:28:00 PM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

Error - 12/17/2012 3:28:02 PM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

Error - 12/17/2012 4:11:48 PM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

Error - 12/17/2012 4:11:50 PM | Computer Name = nebraskarain-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

< End of report >

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.