Jump to content

toddinla

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Wow, I think you got it! I've tried numerous searches for virus/malware related terms and all come back w/ legit pages/links. Do you have any suggestions for addional protection? Много благодаря!
  2. Haven't tried using it until I heard from you. I'll check it now.
  3. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. HKEY_USERS\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_USERS\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}\ not found. Prefs.js: "My Web Search" removed from searchreset.backup.browser.search.defaultenginename ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NICOLE ->Temp folder emptied: 2441 bytes ->Temporary Internet Files folder emptied: 31018358 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 49139941 bytes ->Google Chrome cache emptied: 12191516 bytes ->Flash cache emptied: 648 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 704504 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4468 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes RecycleBin emptied: 186 bytes Total Files Cleaned = 89.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.39.2 log created on 04132012_142420 Files\Folders moved on Reboot... C:\Users\NICOLE\AppData\Local\Temp\RDR4A92.tmp\results_876.hlk moved successfully. C:\Users\NICOLE\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  4. OTL logfile created on: 4/13/2012 11:25:55 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\NICOLE\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 39.55% Memory free 7.60 Gb Paging File | 5.56 Gb Available in Paging File | 73.21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58.59 Gb Total Space | 22.87 Gb Free Space | 39.03% Space Free | Partition Type: NTFS Drive D: | 397.30 Gb Total Space | 396.85 Gb Free Space | 99.89% Space Free | Partition Type: NTFS Drive F: | 976.97 Mb Total Space | 294.85 Mb Free Space | 30.18% Space Free | Partition Type: FAT32 Computer Name: NICOLE-PC | User Name: NICOLE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/13 11:24:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\NICOLE\Desktop\OTL.exe PRC - [2012/01/16 22:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe PRC - [2010/07/06 13:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe PRC - [2009/07/21 17:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe PRC - [2009/07/06 19:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/07/01 03:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/05/04 14:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe PRC - [2009/05/04 14:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe PRC - [2008/12/17 23:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe ========== Modules (No Company Name) ========== MOD - [2012/04/10 18:18:29 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012/04/10 17:53:07 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll MOD - [2012/04/10 17:52:32 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll MOD - [2012/04/10 17:52:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll MOD - [2012/04/10 17:52:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/04/10 17:52:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/04/10 17:52:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/04/10 17:51:53 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/07/21 17:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe MOD - [2009/07/06 19:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/07/06 19:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/07/06 19:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/07/06 19:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/07/06 19:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009/07/06 19:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/04 20:33:00 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/09/21 10:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2009/09/21 10:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2009/09/21 10:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (rp_fws) SRV:64bit: - [2009/07/01 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2008/12/17 23:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2012/04/13 11:24:59 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/30 17:35:36 | 000,151,064 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool) SRV - [2012/01/16 22:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/23 01:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/04 14:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/09 02:50:32 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/22 11:41:12 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/17 15:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS) DRV:64bit: - [2012/01/17 15:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/01/17 15:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/01/17 15:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/01/17 15:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/11/29 15:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys -- (SymDS) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009/12/17 04:09:20 | 000,036,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2009/10/29 20:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2009/10/25 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/10/18 17:37:24 | 006,956,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009/09/25 15:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/08/23 20:20:00 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/23 08:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler) DRV:64bit: - [2009/07/22 21:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt) DRV:64bit: - [2009/07/16 20:14:12 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 17:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009/07/08 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/02 07:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/07/02 07:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/02 07:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/07/02 07:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/14 22:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2012/04/12 16:37:48 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120412.018\ex64.sys -- (NAVEX15) DRV - [2012/04/12 16:37:48 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120412.018\eng64.sys -- (NAVENG) DRV - [2012/04/03 21:40:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/04/03 21:40:44 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/04/03 15:28:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120412.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/04/02 16:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9346663E-9F78-40AC-8D73-B65D79ADCD31} IE:64bit: - HKLM\..\SearchScopes\{9346663E-9F78-40AC-8D73-B65D79ADCD31}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB} IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKLM\..\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes,DefaultScope = {DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB} IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18 IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{B61D2A43-CFBB-4296-8C7A-B07C353D8205}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg114 IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\SearchScopes\{DDE6082D-E0B4-4FC3-8FF1-54891AE4D3AB}: "URL" = http://findgala.com/?&uid=328&q={searchTerms} IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "My Web Search" FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - prefs.js..searchreset.backup.keyword.URL: "https://www.google.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\NICOLE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/12/10 13:55:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/09 02:28:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/04/12 13:35:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/22 04:05:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/10 18:03:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 18:03:09 | 000,000,000 | ---D | M] [2010/12/11 02:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Extensions [2012/04/10 20:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions [2011/08/26 07:12:29 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011/05/10 14:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\Access Privileges Test [2011/03/28 01:10:27 | 000,002,470 | ---- | M] () -- C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\searchplugins\safesearch.xml [2012/01/15 14:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/12 13:35:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/04/09 02:28:56 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4CSQAJ5M.DEFAULT\EXTENSIONS\FHXNMHFJLU@FHXNMHFJLU.ORG.XPI [2012/03/17 16:58:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/12 22:48:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/12 22:48:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - Extension: Entanglement = C:\Users\NICOLE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\ CHR - Extension: Poppit = C:\Users\NICOLE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ O1 HOSTS File: ([2012/04/12 13:59:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (no name) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No CLSID value found. O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.) O4 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001..\Run: [Mikogo] C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe () O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3218077374-2183425147-417290081-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71481F14-188C-4518-A592-59D41A4B254D}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/13 11:24:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\NICOLE\Desktop\OTL.exe [2012/04/12 15:13:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/12 15:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/04/12 12:51:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/04/12 12:26:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/12 12:26:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/12 12:26:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/12 12:26:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/12 12:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/12 12:22:35 | 004,460,173 | R--- | C] (Swearware) -- C:\Users\NICOLE\Desktop\ComboFix.exe [2012/04/12 12:21:55 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\Desktop\Nicole's files [2012/04/11 15:56:06 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Canon [2012/04/11 01:37:59 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper [2012/04/11 01:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012/04/11 01:34:02 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012/04/11 01:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012/04/11 01:24:12 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012/04/10 21:22:42 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012/04/10 20:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/04/10 18:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/04/10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/04/10 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/04/10 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/04/10 18:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/04/10 18:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/04/10 16:37:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/04/10 16:36:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012/04/10 16:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012/04/10 14:46:58 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Malwarebytes [2012/04/10 14:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/10 14:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/10 14:46:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/04/10 14:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/04/10 14:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/04/10 14:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/04/10 01:59:38 | 000,000,000 | ---D | C] -- C:\NBRT [2012/04/09 22:04:22 | 000,000,000 | ---D | C] -- C:\NPE [2012/04/09 18:52:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2012/04/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/04/09 03:17:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/04/09 03:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/04/07 13:46:13 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012/04/03 17:34:08 | 000,000,000 | ---D | C] -- C:\Users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2012/03/29 09:58:42 | 000,000,000 | ---D | C] -- C:\Windows\system64 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/13 11:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/13 11:25:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/13 11:24:51 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/04/13 11:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/13 11:24:12 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\NICOLE\Desktop\OTL.exe [2012/04/12 17:29:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/12 13:59:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/12 13:48:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/12 13:48:33 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/12 13:35:35 | 3061,215,232 | -HS- | M] () -- C:\hiberfil.sys [2012/04/12 12:12:28 | 004,460,173 | R--- | M] (Swearware) -- C:\Users\NICOLE\Desktop\ComboFix.exe [2012/04/11 18:48:08 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\VT20120410.034 [2012/04/11 03:14:33 | 002,098,208 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB [2012/04/11 01:24:12 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012/04/10 18:08:01 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/10 18:02:57 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/04/10 17:47:18 | 000,425,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/04/10 11:49:14 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/04/09 22:20:51 | 000,000,882 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak [2012/04/09 22:20:51 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120410-202649.backup [2012/04/09 19:30:20 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/09 18:37:55 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/04/09 03:03:35 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/04/09 02:50:32 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/04/09 02:50:32 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/04/09 02:50:32 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/22 18:14:54 | 000,191,272 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2012/03/19 21:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/12 12:26:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/12 12:26:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/12 12:26:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/12 12:26:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/12 12:26:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/10 18:08:01 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/10 18:02:56 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/04/09 18:52:51 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012/04/09 18:52:42 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012/04/09 18:45:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/09 03:03:35 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/04/09 03:03:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/03/22 18:14:54 | 000,191,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/12/20 21:29:28 | 000,000,080 | ---- | C] () -- C:\Users\NICOLE\AppData\Roaming\wklnhst.dat [2011/05/10 12:59:32 | 000,007,598 | ---- | C] () -- C:\Users\NICOLE\AppData\Local\Resmon.ResmonCfg [2011/05/09 17:52:02 | 000,000,000 | ---- | C] () -- C:\Users\NICOLE\AppData\Local\{02C26254-005D-472F-9241-70F49F3A60C0} [2011/03/28 16:44:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/12/11 15:48:15 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll [2010/12/11 15:48:14 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll [2010/12/11 03:09:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI ========== LOP Check ========== [2012/04/11 15:56:06 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Canon [2011/03/04 14:55:10 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\GARMIN [2011/09/16 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Mikogo [2011/07/29 06:36:38 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\PCDr [2010/12/12 09:36:16 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Pro700 Series [2011/12/20 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Template [2011/10/31 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Tific [2011/11/26 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\NICOLE\AppData\Roaming\Unity [2012/04/10 11:49:14 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012/03/07 09:27:55 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/13 11:24:51 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report >
  5. Should I just give up, reformat and reinstall? I wonder if the recovery partition has malware, too? Ugh.....
  6. It looks like ESET only found files that TDSSkiller had already quarantined. FYI, the log file in the ESET folder doesn't include the results. I had to save a separate file via the ESET scanner's window. -------- log.txt ---------- (C:\Program Files (x86)\EsetOnlineScanner\log.txt) ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK -------- Results log.txt ---------- (saved by me, to Desktop) C:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined C:\TDSSKiller_Quarantine\12.04.2012_11.41.35\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
  7. Running ESET scanner now. When I typed "ESET" into Internet Explorer's address field a search list dropped down showing "eset online scanner". Clicked that and was redirected to findgala.com.
  8. ComboFix 12-04-12.03 - NICOLE 04/12/2012 13:51:29.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2061 [GMT -7:00] Running from: c:\users\NICOLE\Desktop\ComboFix.exe Command switches used :: c:\users\NICOLE\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\NICOLE\AppData\Local\c98ae578 c:\users\NICOLE\AppData\Local\c98ae578\@ . . ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 ))))))))))))))))))))))))))))))) . . 2012-04-12 20:59 . 2012-04-12 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-12 20:56 . 2012-04-12 20:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\offreg.dll 2012-04-11 22:56 . 2012-04-11 22:56 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Canon 2012-04-11 08:37 . 2012-04-11 08:38 -------- d-----w- c:\windows\Standalone System Sweeper 2012-04-11 08:34 . 2012-04-11 08:34 -------- d-----w- c:\programdata\Sophos 2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-04-11 08:33 . 2012-04-11 08:33 -------- d-----w- c:\program files (x86)\Sophos 2012-04-11 08:24 . 2012-04-11 08:24 16200 ----a-w- c:\windows\stinger.sys 2012-04-11 04:22 . 2012-04-11 04:23 -------- d-----w- c:\windows\rescache 2012-04-11 03:20 . 2012-04-11 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-11 03:20 . 2012-04-11 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iPod 2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iTunes 2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files (x86)\iTunes 2012-04-11 00:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-11 00:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-10 23:37 . 2012-04-10 23:37 -------- d-----w- c:\windows\system32\SPReview 2012-04-10 23:36 . 2012-04-10 23:36 -------- d-----w- c:\windows\system32\EventProviders 2012-04-10 23:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-10 23:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-10 23:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-10 23:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-10 23:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-10 23:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-10 23:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-10 23:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-10 23:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-10 23:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-10 23:14 . 2012-04-11 08:32 -------- d-----w- c:\program files (x86)\stinger 2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Malwarebytes 2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\programdata\Malwarebytes 2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-10 21:46 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-10 21:12 . 2012-04-10 21:12 -------- d-----w- c:\program files\CCleaner 2012-04-10 08:59 . 2012-04-10 11:39 -------- d-----w- C:\NBRT 2012-04-10 05:04 . 2012-04-10 05:04 -------- d-----w- C:\NPE 2012-04-10 02:01 . 2012-04-10 02:01 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-10 01:45 . 2012-04-10 02:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-10 01:45 . 2012-04-10 01:45 -------- d-----w- c:\windows\system32\Macromed 2012-04-09 10:17 . 2012-04-12 18:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-09 09:49 . 2012-04-12 01:48 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A 2012-04-07 20:46 . 2012-04-09 02:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-03-30 04:00 . 2012-04-03 08:00 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing 2012-03-29 16:58 . 2012-03-29 16:58 -------- d-----we c:\windows\system64 2012-03-29 01:55 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll 2012-03-17 23:58 . 2012-03-17 23:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-17 23:58 . 2012-03-17 23:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 12:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 12:43 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 12:43 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 12:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 12:43 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 12:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-11 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-04-10 02:01 . 2012-01-18 01:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-09 09:50 . 2011-03-28 07:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-02-23 16:18 . 2011-01-09 03:32 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-30 18:36 . 2012-01-30 18:36 704504 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP . . ((((((((((((((((((((((((((((( SnapShot@2012-04-12_19.39.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-28 06:31 . 2012-04-12 20:38 55594 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-12 20:38 35760 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-09 23:46 . 2012-04-12 20:38 18962 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3218077374-2183425147-417290081-1001_UserData.bin - 2009-07-14 05:30 . 2012-04-12 19:40 86016 c:\windows\system64\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-04-12 20:37 86016 c:\windows\system64\DriverStore\infpub.dat - 2010-02-28 07:03 . 2012-04-12 19:36 1882 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2010-02-28 07:03 . 2012-04-12 20:34 1882 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat + 2012-04-12 20:35 . 2012-04-12 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-12 19:38 . 2012-04-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-12 20:35 . 2012-04-12 20:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-12 19:38 . 2012-04-12 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:30 . 2012-04-12 20:37 143360 c:\windows\system64\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-04-12 19:40 143360 c:\windows\system64\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-04-12 19:40 143360 c:\windows\system64\DriverStore\infstor.dat + 2009-07-14 05:30 . 2012-04-12 20:37 143360 c:\windows\system64\DriverStore\infstor.dat + 2009-07-14 05:01 . 2012-04-12 20:34 393648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-04-12 19:36 393648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mikogo"="c:\users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2011-09-17 5420408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-04 206064] "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] . c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600] R3 B-Service;B-Service;c:\users\NICOLE\Downloads\B-Service.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-03-31 151064] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSvia64.sys [2012-04-03 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-05 92160] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-04 206064] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-04 138360] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:01] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41] . 2012-04-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04] . 2012-04-12 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-05 8123936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-03 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-03 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-03 408600] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rp_fws . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9, 25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04, 14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4 "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e, 71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96, 33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6, d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49, e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04 "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27, 25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:98,59,9b,a8,1a,10,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ ”1*] "DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"\04\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦$*] "DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"F\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦5*] @="c:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\System.ServiceModel.Discovery.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-12 14:01:31 ComboFix-quarantined-files.txt 2012-04-12 21:01 ComboFix2.txt 2012-04-12 19:51 . Pre-Run: 24,716,574,720 bytes free Post-Run: 24,632,758,272 bytes free . - - End Of File - - 35A659BF57E9FA3B8C5FE1E9613729B7
  9. Yes, notepad is still working. I just think it's strange that the 32-bit version of notepad.exe (C:\Windows\SysWOW64\) is being loaded, instead of the 64-bit version at C:\Windows\System32. Running ComboFix with the script now.
  10. Restarting again fixed the error messages, but Notepad is still loading from C:\Windows\SysWOW64\notepad.exe.
  11. Ran TDSSKiller and removed the TDSS file system. When TDSSKiller removed that, Norton AV then grabbed the malware from TDSS's quarantine. Such a great help Norton is. ComboFix log is below. Things I noticed during the ComboFix run: - No prompt for recovery console install, though I don't recall ever having installed it. - Clock format did not change, though CF doc says it will. - Network connection never disabled (no messages saying it was, at least) - CF restarted the computer, though this is not mentioned in the doc. Since CF finished, Notepad, MS Paint and Explorer are having problems. The following error message displays if I try to use them: "Illegal operation attempted on a registery key that has been marked for deletion." Notepad is attempting to load from C:\Windows\SysWOW64\notepad.exe instead of C:\Windows\System32 (its location on my non-infected Win7 computer). Explorer opens if I click Windows Explorer icon on Taskbar (bottom of screen), but not when I right-click on same icon and choose "Windows Explorer" to open a second Explorer window. It also opens if I use Winkey+E. MS Paint seems to be loading from proper location (C:\Windows\System32\mspaint.exe) but still gives "Illegal operation" error. Oh no! I set Norton to automatically re-activate after a restart. When ComboFix rebooted the computer Norton apparently prevented some portion of ComboFix (C:\combofix\pev.exe and pev.3xe) from running . Should I set Norton to "Permanently" disabled and then rerun ComboFix? What a mess. I apologize for my mucking things up. ------------- ComboFix 12-04-12.03 - NICOLE 04/12/2012 12:28:29.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2183 [GMT -7:00] Running from: c:\users\NICOLE\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\NICOLE\AppData\Local\c98ae578\U c:\users\NICOLE\AppData\Local\c98ae578\U\000000cb.@ c:\users\NICOLE\AppData\Roaming\Directory c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\eb.exe c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\energy.sys c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\exec.exe c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\sld.dll c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\sld.drv c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\std.dll c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\NICOLE\Documents\~WRL1004.tmp c:\users\NICOLE\Documents\~WRL1062.tmp c:\users\NICOLE\Documents\~WRL1394.tmp c:\users\NICOLE\Documents\~WRL1450.tmp c:\users\NICOLE\Documents\~WRL1786.tmp c:\users\NICOLE\Documents\~WRL1874.tmp c:\users\NICOLE\Documents\~WRL2341.tmp c:\users\NICOLE\Documents\~WRL2423.tmp c:\users\NICOLE\Documents\~WRL2468.tmp c:\users\NICOLE\Documents\~WRL2563.tmp c:\users\NICOLE\Documents\~WRL2646.tmp c:\users\NICOLE\Documents\~WRL3693.tmp c:\users\NICOLE\Documents\~WRL3813.tmp c:\windows\system32\dds_trash_log.cmd c:\windows\system32\drivers\etc\host_new . . ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 ))))))))))))))))))))))))))))))) . . 2012-04-12 19:36 . 2012-04-12 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-11 22:56 . 2012-04-11 22:56 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Canon 2012-04-11 08:37 . 2012-04-11 08:38 -------- d-----w- c:\windows\Standalone System Sweeper 2012-04-11 08:34 . 2012-04-11 08:34 -------- d-----w- c:\programdata\Sophos 2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34 . 2012-04-11 08:34 73728 ----a-r- c:\users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-04-11 08:33 . 2012-04-11 08:33 -------- d-----w- c:\program files (x86)\Sophos 2012-04-11 08:24 . 2012-04-11 08:24 16200 ----a-w- c:\windows\stinger.sys 2012-04-11 04:22 . 2012-04-11 04:23 -------- d-----w- c:\windows\rescache 2012-04-11 03:20 . 2012-04-11 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-11 03:20 . 2012-04-11 03:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iPod 2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files\iTunes 2012-04-11 01:07 . 2012-04-11 01:07 -------- d-----w- c:\program files (x86)\iTunes 2012-04-11 00:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-11 00:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-10 23:37 . 2012-04-10 23:37 -------- d-----w- c:\windows\system32\SPReview 2012-04-10 23:36 . 2012-04-10 23:36 -------- d-----w- c:\windows\system32\EventProviders 2012-04-10 23:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-10 23:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-10 23:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-10 23:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-10 23:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-10 23:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-10 23:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-10 23:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-10 23:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-10 23:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-10 23:14 . 2012-04-11 08:32 -------- d-----w- c:\program files (x86)\stinger 2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\users\NICOLE\AppData\Roaming\Malwarebytes 2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\programdata\Malwarebytes 2012-04-10 21:46 . 2012-04-10 21:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-10 21:46 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-10 21:12 . 2012-04-10 21:12 -------- d-----w- c:\program files\CCleaner 2012-04-10 08:59 . 2012-04-10 11:39 -------- d-----w- C:\NBRT 2012-04-10 05:04 . 2012-04-10 05:04 -------- d-----w- C:\NPE 2012-04-10 02:01 . 2012-04-10 02:01 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-10 01:45 . 2012-04-10 02:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-10 01:45 . 2012-04-10 01:45 -------- d-----w- c:\windows\system32\Macromed 2012-04-09 10:17 . 2012-04-12 18:52 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-09 09:49 . 2012-04-12 01:48 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A 2012-04-07 20:46 . 2012-04-09 02:25 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-04-03 05:38 . 2012-04-12 19:35 -------- d-sh--w- c:\users\NICOLE\AppData\Local\c98ae578 2012-03-30 04:00 . 2012-04-03 08:00 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing 2012-03-29 16:58 . 2012-03-29 16:58 -------- d-----we c:\windows\system64 2012-03-29 01:55 . 2012-03-20 10:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll 2012-03-17 23:58 . 2012-03-17 23:58 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-17 23:58 . 2012-03-17 23:58 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 12:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 12:43 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 12:43 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 12:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 12:43 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 12:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-11 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-04-10 02:01 . 2012-01-18 01:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-09 09:50 . 2011-03-28 07:38 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-02-23 16:18 . 2011-01-09 03:32 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-30 18:36 . 2012-01-30 18:36 704504 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mikogo"="c:\users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" [2011-09-17 5420408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-14 498160] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-04 206064] "MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] . c:\users\NICOLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-29 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600] R3 B-Service;B-Service;c:\users\NICOLE\Downloads\B-Service.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 136176] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-03-31 151064] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSvia64.sys [2012-04-03 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-05 92160] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232] S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-04 206064] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-04-04 138360] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:01] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41] . 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 23:41] . 2012-04-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04] . 2012-04-12 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-05 8123936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-03 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-03 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-03 408600] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-30 3169872] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs rp_fws . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9, 25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04, 14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4 "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e, 71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96, 33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6, d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49, e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04 "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27, 25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:98,59,9b,a8,1a,10,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,d2,5f,4b,5c,1c,d8,46,a0,94,a4,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ ”1*] "DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"\04\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦$*] "DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"F\00\00\00ÀP#\04€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ÿÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00À\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð¦5*] @="c:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\System.ServiceModel.Discovery.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Completion time: 2012-04-12 12:51:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-12 19:51 . Pre-Run: 24,203,726,848 bytes free Post-Run: 24,129,953,792 bytes free . - - End Of File - - F603EAF34ACE626DEDAFCE72F859383F
  12. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.11.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 NICOLE :: NICOLE-PC [administrator] 4/11/2012 5:41:06 PM mbam-log-2012-04-11 (17-41-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 261026 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ----------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by NICOLE at 18:26:01 on 2012-04-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1822 [GMT -7:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [Mikogo] "C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" -asp uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe StartupFolder: C:\Users\NICOLE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-explorer: DisallowRun = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\43241354 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\C696E6B6379737 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{71481F14-188C-4518-A592-59D41A4B254D} : DhcpNameServer = 192.168.1.254 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll IFEO: image file execution options - BHO-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IFEO-X64: image file execution options - Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\NICOLE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSviA64.sys [2012-4-11 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-4 92160] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-17 155648] R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-2-27 60928] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-4-9 138232] R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-4 206064] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-3 138360] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253600] S3 B-Service;B-Service;C:\Users\NICOLE\Downloads\B-Service.exe --> C:\Users\NICOLE\Downloads\B-Service.exe [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-3-30 151064] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] . =============== Created Last 30 ================ . 2012-04-11 08:37:59 -------- d-----w- C:\Windows\Standalone System Sweeper 2012-04-11 08:34:21 -------- d-----w- C:\ProgramData\Sophos 2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-04-11 08:33:57 -------- d-----w- C:\Program Files (x86)\Sophos 2012-04-11 08:24:12 16200 ----a-w- C:\Windows\stinger.sys 2012-04-11 04:22:42 -------- d-----w- C:\Windows\rescache 2012-04-11 03:20:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-04-11 03:20:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-04-11 01:07:29 -------- d-----w- C:\Program Files\iPod 2012-04-11 01:07:28 -------- d-----w- C:\Program Files\iTunes 2012-04-11 01:07:28 -------- d-----w- C:\Program Files (x86)\iTunes 2012-04-11 00:26:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-11 00:26:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-10 23:37:55 -------- d-----w- C:\Windows\System32\SPReview 2012-04-10 23:36:57 -------- d-----w- C:\Windows\System32\EventProviders 2012-04-10 23:36:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-10 23:36:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-10 23:36:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-10 23:33:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-10 23:33:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-10 23:33:04 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-10 23:33:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-10 23:33:04 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-10 23:33:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-10 23:33:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-10 23:14:04 -------- d-----w- C:\Program Files (x86)\stinger 2012-04-10 21:46:58 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Malwarebytes 2012-04-10 21:46:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-10 21:46:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-10 21:46:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-10 21:12:19 -------- d-----w- C:\Program Files\CCleaner 2012-04-10 08:59:38 -------- d-----w- C:\NBRT 2012-04-10 05:04:22 -------- d-----w- C:\NPE 2012-04-10 02:01:05 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-10 01:45:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-09 10:17:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-09 09:50:12 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys 2012-04-09 09:50:12 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys 2012-04-09 09:50:11 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys 2012-04-09 09:50:11 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys 2012-04-09 09:50:10 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys 2012-04-09 09:50:10 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys 2012-04-09 09:50:10 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys 2012-04-09 09:49:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A 2012-04-07 20:46:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-04-03 05:38:31 -------- d-sh--w- C:\Users\NICOLE\AppData\Local\c98ae578 2012-04-03 05:37:35 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Directory 2012-03-29 16:59:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-03-29 16:58:42 -------- d-----we C:\Windows\system64 2012-03-29 01:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll 2012-03-17 23:58:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-17 23:58:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 12:43:53 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 12:43:49 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 12:43:49 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 12:43:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 12:43:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 12:43:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 12:43:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 12:43:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll . ==================== Find3M ==================== . 2012-04-11 00:00:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-04-11 00:00:20 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-04-10 02:01:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-09 09:50:32 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-30 18:36:25 704504 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP . ============= FINISH: 18:27:25.63 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/9/2010 3:37:50 PM System Uptime: 4/11/2012 4:01:03 PM (2 hours ago) . Motherboard: Dell Inc. | | 0R225F Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | U2E1 | 1178/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 59 GiB total, 23.102 GiB free. D: is FIXED (NTFS) - 397 GiB total, 396.851 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . Accelerometer Adobe Reader 9.5.0 Advanced Audio FX Engine Apple Application Support Apple Software Update Banctec Service Agreement Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool Canon MG5200 series User Registration Canon MP Navigator EX 4.0 Canon My Printer Compatibility Pack for the 2007 Office system Complete Care Business Service Agreement Complete Care Consumer Service Agreement Consumer In-Home Service Agreement Cozi Dell Communications (Support Software) Dell DataSafe Online Dell Driver Download Manager Dell Getting Started Guide Dell Home Systems Service Agreement Dell Webcam Central Driver Medic Google Chrome Google Update Helper Intel® Graphics Media Accelerator Driver Java Auto Updater Junk Mail filter update Lexmark Printable Web Lexmark Toolbar Lexmark Tools for Office Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Choice Guard Microsoft Default Manager Microsoft Office 2003 Web Components Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Office Suite Activation Assistant Microsoft Office XP Web Components Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 11.0 (x86 en-US) MSN Toolbar MSN Toolbar Platform MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Norton Internet Security PDFCreator QualXServ Service Agreement QuickTime Realtek High Definition Audio Driver Roxio Burn Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Sophos Virus Removal Tool Spybot - Search & Destroy Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 6:44:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/9/2012 2:48:54 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2. 4/11/2012 9:58:58 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 4/11/2012 9:58:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/11/2012 9:58:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/11/2012 9:58:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/11/2012 9:58:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/11/2012 9:58:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 4/11/2012 9:58:38 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/11/2012 9:46:15 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/11/2012 9:46:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/11/2012 9:46:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/11/2012 9:45:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 9:45:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 6:15:44 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 4/11/2012 3:39:42 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 4/11/2012 3:35:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 4/11/2012 3:35:35 PM, Error: Service Control Manager [7023] - The Drvnddm service terminated with the following error: The system cannot find the file specified. 4/11/2012 3:14:42 AM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted. 4/11/2012 2:48:39 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/11/2012 1:37:18 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 4/11/2012 1:36:36 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259 4/11/2012 1:24:25 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly. It has done this 1 time(s). 4/10/2012 7:44:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 4/10/2012 7:28:52 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied. 4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 4/10/2012 6:05:21 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422). 4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656372). 4/10/2012 5:20:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 4/10/2012 5:12:52 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Help/Operational. 4/10/2012 12:10:05 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The system cannot find the file specified. . ==== End Of File =========================== -------------------------------------------------------------------------------- Standalone System Sweeper Log, © 2006 Started On Wed Apr 11 2012 00:38:50 ************************************************************ Product Version: 2.0.213.0 Engine Version: 1.1.2803.0 AS Signature Version: 1.0.0.0 AV Signature Version: 1.0.0.0 ************************************************************ Signature updated on Wed Apr 11 2012 00:39:05 Product Version: 2.0.213.0 Engine Version: 1.1.7801.0 AS Signature Version: 1.115.1207.0 AV Signature Version: 1.115.1207.0 ************************************************************ Signature updated on Wed Apr 11 2012 00:40:00 Product Version: 2.0.213.0 Engine Version: 1.1.8202.0 AS Signature Version: 1.123.1500.0 AV Signature Version: 1.123.1500.0 ************************************************************ Standalone System Sweeper Log, © 2006 Stopped On Wed Apr 11 2012 01:11:24 (Exit Code = 0x0) ************************************************************ -------------------------------------------------------------------------------- Standalone System Sweeper Log, © 2006 Started On Wed Apr 11 2012 11:45:12 ************************************************************ Product Version: 2.0.213.0 Engine Version: 1.1.2803.0 AS Signature Version: 1.0.0.0 AV Signature Version: 1.0.0.0 ************************************************************ Signature updated on Wed Apr 11 2012 11:45:20 Product Version: 2.0.213.0 Engine Version: 1.1.7801.0 AS Signature Version: 1.115.1207.0 AV Signature Version: 1.115.1207.0 ************************************************************ Signature updated on Wed Apr 11 2012 11:46:44 Product Version: 2.0.213.0 Engine Version: 1.1.8202.0 AS Signature Version: 1.123.1537.0 AV Signature Version: 1.123.1537.0 ************************************************************ Begin Full Scan Scan ID:{90EDB7DF-D543-4B0F-A77C-3C338EC2BE5D} Scan Source:1 Start Time:Wed Apr 11 2012 11:49:11 End Time:Wed Apr 11 2012 13:14:43 Result Count:2 Threat Name:Trojan:DOS/Alureon.I ID:2147655494 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta Extended Info:36576288090949 Resource Schema:file Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta Extended Info:36576288090949 Threat Name:Exploit:Java/CVE-2012-0507.D!ldr ID:6442622705 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class Extended Info:304287121147483 Resource Schema:containerfile Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78 Extended Info:0 End Scan ************************************************************ Begin Resource Scan Scan ID:{37F36575-3E30-4C2E-8385-B2E0FA55D3BA} Scan Source:1 Start Time:Wed Apr 11 2012 13:30:03 End Time:Wed Apr 11 2012 13:30:10 Explicit resource to scan Resource Schema:file Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta Explicit resource to scan Resource Schema:file Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta Explicit resource to scan Resource Schema:containerfile Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78 Explicit resource to scan Resource Schema:file Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class Result Count:2 Threat Name:Trojan:DOS/Alureon.I ID:2147655494 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta Extended Info:36576288090949 Resource Schema:file Resource Path:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta Extended Info:36576288090949 Threat Name:Exploit:Java/CVE-2012-0507.D!ldr ID:6442622705 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class Extended Info:304287121147483 Resource Schema:containerfile Resource Path:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78 Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:Wed Apr 11 2012 13:30:11 Threat Name:Trojan:DOS/Alureon.I Threat ID:2147655494 Action:remove Threat Name:Exploit:Java/CVE-2012-0507.D!ldr Threat ID:6442622705 Action:remove File to act on SHA1:CD86F7522C990C2526E6E1D6E46BBACAC3AF7ED8 File cleaned/removed successfully File Name:E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class Resource action complete:Removal Schema:file Path:\\?\E:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1f76e3c8-206b4f78->oemloader.class Threat ID:6442622705 Resource refcount:1 Result:0 File to act on SHA1:053DE04868B1950D9F44DE9C5AA7D0DD0516D3FB File cleaned/removed successfully File Name:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta Resource action complete:Removal Schema:file Path:\\?\E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0001.dta Threat ID:2147655494 Resource refcount:1 Result:0 File to act on SHA1:1DC045873007885836AB8176ED51B2838A627326 File cleaned/removed successfully File Name:E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta Resource action complete:Removal Schema:file Path:\\?\E:\TDSSKiller_Quarantine\09.04.2012_03.17.16\mbr0000\mbr0000\tsk0000.dta Threat ID:2147655494 Resource refcount:1 Result:0 Finished threat ID:6442622705 Threat result:0 Threat status flags:0 Finished threat ID:2147655494 Threat result:0 Threat status flags:4 Finished threat actions End time:Wed Apr 11 2012 13:30:12 Result:0 Standalone System Sweeper Log, © 2006 Stopped On Wed Apr 11 2012 13:30:30 (Exit Code = 0x0) ************************************************************
  13. Hi, Maniac. Thanks for the quick reply and instructions. Unthinkingly, I ran Microsoft's System Sweeper x64 earlier today, which removed two items. I've included it's log at the end of this message, just in case. Seeing as I've been trying to kill this bug for several days, yuu should know that RKILL, TDSSKiller, Spybot S&D, CCleaner, McAfee Stinger & Norton Power Eraser have all been used. With all their actions the system now is up and running, but the Google redirect is still there. Also, I noticed today that when Windows is in Safe Mode w/ Networking the redirection doesn't seem to happen. Not sure if that helps your analysis or not. A Zip of all log files is available at: http://dl.dropbox.com/u/22574394/maniac_logs.zip ---------------- 17:32:44.0959 5048 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 17:32:45.0442 5048 ============================================================ 17:32:45.0442 5048 Current date / time: 2012/04/11 17:32:45.0442 17:32:45.0442 5048 SystemInfo: 17:32:45.0442 5048 17:32:45.0458 5048 OS Version: 6.1.7601 ServicePack: 1.0 17:32:45.0458 5048 Product type: Workstation 17:32:45.0458 5048 ComputerName: NICOLE-PC 17:32:45.0458 5048 UserName: NICOLE 17:32:45.0458 5048 Windows directory: C:\Windows 17:32:45.0458 5048 System windows directory: C:\Windows 17:32:45.0458 5048 Running under WOW64 17:32:45.0458 5048 Processor architecture: Intel x64 17:32:45.0458 5048 Number of processors: 4 17:32:45.0458 5048 Page size: 0x1000 17:32:45.0458 5048 Boot type: Normal boot 17:32:45.0458 5048 ============================================================ 17:32:46.0615 5048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:32:46.0631 5048 Drive \Device\Harddisk1\DR1 - Size: 0x3D500000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 17:32:46.0631 5048 \Device\Harddisk0\DR0: 17:32:46.0631 5048 MBR used 17:32:46.0631 5048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000 17:32:46.0631 5048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000 17:32:46.0662 5048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x31A9A800 17:32:46.0662 5048 \Device\Harddisk1\DR1: 17:32:46.0662 5048 MBR used 17:32:46.0662 5048 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1EA7C1 17:32:46.0724 5048 Initialize success 17:32:46.0724 5048 ============================================================ 17:32:52.0403 4504 ============================================================ 17:32:52.0403 4504 Scan started 17:32:52.0403 4504 Mode: Manual; SigCheck; TDLFS; 17:32:52.0403 4504 ============================================================ 17:32:53.0370 4504 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 17:32:53.0495 4504 1394ohci - ok 17:32:53.0557 4504 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys 17:32:53.0573 4504 Acceler - ok 17:32:53.0604 4504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 17:32:53.0635 4504 ACPI - ok 17:32:53.0666 4504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 17:32:53.0729 4504 AcpiPmi - ok 17:32:53.0807 4504 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:32:53.0838 4504 AdobeFlashPlayerUpdateSvc - ok 17:32:53.0885 4504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 17:32:53.0932 4504 adp94xx - ok 17:32:53.0947 4504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 17:32:53.0963 4504 adpahci - ok 17:32:54.0010 4504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 17:32:54.0025 4504 adpu320 - ok 17:32:54.0056 4504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 17:32:54.0212 4504 AeLookupSvc - ok 17:32:54.0259 4504 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 17:32:54.0353 4504 AERTFilters - ok 17:32:54.0400 4504 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 17:32:54.0446 4504 AFD - ok 17:32:54.0493 4504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 17:32:54.0509 4504 agp440 - ok 17:32:54.0540 4504 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 17:32:54.0587 4504 ALG - ok 17:32:54.0649 4504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 17:32:54.0680 4504 aliide - ok 17:32:54.0696 4504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 17:32:54.0712 4504 amdide - ok 17:32:54.0743 4504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 17:32:54.0774 4504 AmdK8 - ok 17:32:54.0790 4504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 17:32:54.0836 4504 AmdPPM - ok 17:32:54.0868 4504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 17:32:54.0899 4504 amdsata - ok 17:32:54.0930 4504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 17:32:54.0961 4504 amdsbs - ok 17:32:54.0977 4504 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 17:32:54.0977 4504 amdxata - ok 17:32:55.0039 4504 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 17:32:55.0102 4504 AppID - ok 17:32:55.0117 4504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 17:32:55.0164 4504 AppIDSvc - ok 17:32:55.0195 4504 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 17:32:55.0273 4504 Appinfo - ok 17:32:55.0351 4504 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:32:55.0367 4504 Apple Mobile Device - ok 17:32:55.0445 4504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 17:32:55.0460 4504 arc - ok 17:32:55.0476 4504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 17:32:55.0492 4504 arcsas - ok 17:32:55.0523 4504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 17:32:55.0616 4504 AsyncMac - ok 17:32:55.0632 4504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 17:32:55.0648 4504 atapi - ok 17:32:55.0694 4504 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:32:55.0788 4504 AudioEndpointBuilder - ok 17:32:55.0804 4504 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 17:32:55.0850 4504 AudioSrv - ok 17:32:55.0882 4504 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 17:32:55.0944 4504 AxInstSV - ok 17:32:56.0022 4504 B-Service - ok 17:32:56.0084 4504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 17:32:56.0147 4504 b06bdrv - ok 17:32:56.0162 4504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 17:32:56.0209 4504 b57nd60a - ok 17:32:56.0272 4504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 17:32:56.0303 4504 BDESVC - ok 17:32:56.0334 4504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 17:32:56.0381 4504 Beep - ok 17:32:56.0459 4504 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 17:32:56.0568 4504 BFE - ok 17:32:56.0693 4504 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys 17:32:56.0786 4504 BHDrvx64 - ok 17:32:56.0864 4504 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 17:32:56.0989 4504 BITS - ok 17:32:57.0036 4504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 17:32:57.0067 4504 blbdrive - ok 17:32:57.0130 4504 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 17:32:57.0176 4504 Bonjour Service - ok 17:32:57.0223 4504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 17:32:57.0254 4504 bowser - ok 17:32:57.0286 4504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:32:57.0348 4504 BrFiltLo - ok 17:32:57.0364 4504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:32:57.0379 4504 BrFiltUp - ok 17:32:57.0410 4504 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 17:32:57.0488 4504 Browser - ok 17:32:57.0520 4504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 17:32:57.0566 4504 Brserid - ok 17:32:57.0582 4504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 17:32:57.0613 4504 BrSerWdm - ok 17:32:57.0629 4504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:32:57.0676 4504 BrUsbMdm - ok 17:32:57.0691 4504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 17:32:57.0738 4504 BrUsbSer - ok 17:32:57.0785 4504 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 17:32:57.0832 4504 BthEnum - ok 17:32:57.0863 4504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 17:32:57.0894 4504 BTHMODEM - ok 17:32:57.0941 4504 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 17:32:57.0988 4504 BthPan - ok 17:32:58.0019 4504 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 17:32:58.0066 4504 BTHPORT - ok 17:32:58.0112 4504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 17:32:58.0190 4504 bthserv - ok 17:32:58.0206 4504 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 17:32:58.0237 4504 BTHUSB - ok 17:32:58.0268 4504 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 17:32:58.0300 4504 btwaudio - ok 17:32:58.0440 4504 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys 17:32:58.0456 4504 btwavdt - ok 17:32:58.0518 4504 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 17:32:58.0596 4504 btwdins - ok 17:32:58.0612 4504 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 17:32:58.0627 4504 btwl2cap - ok 17:32:58.0643 4504 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 17:32:58.0658 4504 btwrchid - ok 17:32:58.0752 4504 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys 17:32:58.0783 4504 ccSet_NIS - ok 17:32:58.0814 4504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 17:32:58.0908 4504 cdfs - ok 17:32:58.0955 4504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 17:32:59.0002 4504 cdrom - ok 17:32:59.0064 4504 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 17:32:59.0142 4504 CertPropSvc - ok 17:32:59.0189 4504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 17:32:59.0236 4504 circlass - ok 17:32:59.0267 4504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 17:32:59.0298 4504 CLFS - ok 17:32:59.0345 4504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:32:59.0376 4504 clr_optimization_v2.0.50727_32 - ok 17:32:59.0423 4504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:32:59.0438 4504 clr_optimization_v2.0.50727_64 - ok 17:32:59.0501 4504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:32:59.0516 4504 clr_optimization_v4.0.30319_32 - ok 17:32:59.0548 4504 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:32:59.0563 4504 clr_optimization_v4.0.30319_64 - ok 17:32:59.0610 4504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 17:32:59.0657 4504 CmBatt - ok 17:32:59.0672 4504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 17:32:59.0688 4504 cmdide - ok 17:32:59.0735 4504 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 17:32:59.0813 4504 CNG - ok 17:32:59.0844 4504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 17:32:59.0860 4504 Compbatt - ok 17:32:59.0891 4504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 17:32:59.0938 4504 CompositeBus - ok 17:32:59.0953 4504 COMSysApp - ok 17:32:59.0984 4504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 17:33:00.0000 4504 crcdisk - ok 17:33:00.0047 4504 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 17:33:00.0125 4504 CryptSvc - ok 17:33:00.0172 4504 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 17:33:00.0203 4504 CtClsFlt - ok 17:33:00.0250 4504 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 17:33:00.0343 4504 DcomLaunch - ok 17:33:00.0374 4504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 17:33:00.0468 4504 defragsvc - ok 17:33:00.0515 4504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 17:33:00.0577 4504 DfsC - ok 17:33:00.0624 4504 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 17:33:00.0686 4504 Dhcp - ok 17:33:00.0718 4504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 17:33:00.0796 4504 discache - ok 17:33:00.0842 4504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 17:33:00.0858 4504 Disk - ok 17:33:00.0889 4504 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 17:33:00.0920 4504 Dnscache - ok 17:33:00.0998 4504 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 17:33:01.0030 4504 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 17:33:01.0030 4504 DockLoginService - detected UnsignedFile.Multi.Generic (1) 17:33:01.0061 4504 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 17:33:01.0123 4504 dot3svc - ok 17:33:01.0154 4504 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 17:33:01.0217 4504 DPS - ok 17:33:01.0264 4504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 17:33:01.0310 4504 drmkaud - ok 17:33:01.0357 4504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 17:33:01.0420 4504 DXGKrnl - ok 17:33:01.0466 4504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 17:33:01.0529 4504 EapHost - ok 17:33:01.0622 4504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 17:33:01.0747 4504 ebdrv - ok 17:33:01.0810 4504 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 17:33:01.0856 4504 eeCtrl - ok 17:33:01.0888 4504 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 17:33:01.0919 4504 EFS - ok 17:33:01.0981 4504 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 17:33:02.0028 4504 ehRecvr - ok 17:33:02.0059 4504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 17:33:02.0090 4504 ehSched - ok 17:33:02.0168 4504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 17:33:02.0215 4504 elxstor - ok 17:33:02.0278 4504 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 17:33:02.0309 4504 EraserUtilRebootDrv - ok 17:33:02.0340 4504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 17:33:02.0371 4504 ErrDev - ok 17:33:02.0418 4504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 17:33:02.0496 4504 EventSystem - ok 17:33:02.0621 4504 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 17:33:02.0683 4504 EvtEng - ok 17:33:02.0746 4504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 17:33:02.0808 4504 exfat - ok 17:33:02.0839 4504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 17:33:02.0902 4504 fastfat - ok 17:33:02.0948 4504 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 17:33:03.0011 4504 Fax - ok 17:33:03.0026 4504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 17:33:03.0058 4504 fdc - ok 17:33:03.0104 4504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 17:33:03.0167 4504 fdPHost - ok 17:33:03.0182 4504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 17:33:03.0229 4504 FDResPub - ok 17:33:03.0260 4504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 17:33:03.0260 4504 FileInfo - ok 17:33:03.0292 4504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 17:33:03.0370 4504 Filetrace - ok 17:33:03.0385 4504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 17:33:03.0401 4504 flpydisk - ok 17:33:03.0479 4504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 17:33:03.0510 4504 FltMgr - ok 17:33:03.0682 4504 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 17:33:03.0744 4504 FontCache - ok 17:33:03.0806 4504 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:33:03.0822 4504 FontCache3.0.0.0 - ok 17:33:03.0838 4504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 17:33:03.0869 4504 FsDepends - ok 17:33:03.0900 4504 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 17:33:03.0931 4504 Fs_Rec - ok 17:33:03.0962 4504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 17:33:03.0994 4504 fvevol - ok 17:33:04.0025 4504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:33:04.0040 4504 gagp30kx - ok 17:33:04.0103 4504 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 17:33:04.0134 4504 GameConsoleService - ok 17:33:04.0165 4504 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:33:04.0196 4504 GEARAspiWDM - ok 17:33:04.0243 4504 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 17:33:04.0337 4504 gpsvc - ok 17:33:04.0399 4504 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:33:04.0415 4504 gupdate - ok 17:33:04.0477 4504 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:33:04.0493 4504 gupdatem - ok 17:33:04.0540 4504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 17:33:04.0571 4504 hcw85cir - ok 17:33:04.0618 4504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 17:33:04.0649 4504 HDAudBus - ok 17:33:04.0696 4504 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 17:33:04.0711 4504 HECIx64 - ok 17:33:04.0727 4504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 17:33:04.0742 4504 HidBatt - ok 17:33:04.0774 4504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 17:33:04.0805 4504 HidBth - ok 17:33:04.0820 4504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 17:33:04.0867 4504 HidIr - ok 17:33:04.0898 4504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 17:33:04.0976 4504 hidserv - ok 17:33:05.0008 4504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 17:33:05.0039 4504 HidUsb - ok 17:33:05.0070 4504 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 17:33:05.0148 4504 hkmsvc - ok 17:33:05.0179 4504 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 17:33:05.0210 4504 HomeGroupListener - ok 17:33:05.0257 4504 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 17:33:05.0288 4504 HomeGroupProvider - ok 17:33:05.0335 4504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 17:33:05.0351 4504 HpSAMD - ok 17:33:05.0413 4504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 17:33:05.0507 4504 HTTP - ok 17:33:05.0522 4504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 17:33:05.0538 4504 hwpolicy - ok 17:33:05.0585 4504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 17:33:05.0600 4504 i8042prt - ok 17:33:05.0663 4504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 17:33:05.0710 4504 iaStorV - ok 17:33:05.0788 4504 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:33:05.0819 4504 idsvc - ok 17:33:05.0928 4504 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120411.001\IDSvia64.sys 17:33:05.0975 4504 IDSVia64 - ok 17:33:06.0162 4504 igfx (0372c154226f7074cd150f475a4870a6) C:\Windows\system32\DRIVERS\igdkmd64.sys 17:33:06.0412 4504 igfx - ok 17:33:06.0474 4504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 17:33:06.0505 4504 iirsp - ok 17:33:06.0552 4504 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 17:33:06.0630 4504 IKEEXT - ok 17:33:06.0661 4504 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys 17:33:06.0692 4504 Impcd - ok 17:33:06.0724 4504 InstallFilterService (fd5ef1d0210cb9c0773bba7ca360d762) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe 17:33:06.0739 4504 InstallFilterService ( UnsignedFile.Multi.Generic ) - warning 17:33:06.0739 4504 InstallFilterService - detected UnsignedFile.Multi.Generic (1) 17:33:06.0817 4504 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys 17:33:06.0895 4504 IntcAzAudAddService - ok 17:33:06.0942 4504 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys 17:33:06.0973 4504 IntcDAud - ok 17:33:07.0004 4504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 17:33:07.0020 4504 intelide - ok 17:33:07.0051 4504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 17:33:07.0098 4504 intelppm - ok 17:33:07.0129 4504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 17:33:07.0192 4504 IPBusEnum - ok 17:33:07.0223 4504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:33:07.0301 4504 IpFilterDriver - ok 17:33:07.0332 4504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 17:33:07.0379 4504 IPMIDRV - ok 17:33:07.0410 4504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 17:33:07.0488 4504 IPNAT - ok 17:33:07.0582 4504 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 17:33:07.0628 4504 iPod Service - ok 17:33:07.0660 4504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 17:33:07.0691 4504 IRENUM - ok 17:33:07.0722 4504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 17:33:07.0738 4504 isapnp - ok 17:33:07.0769 4504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 17:33:07.0800 4504 iScsiPrt - ok 17:33:07.0831 4504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 17:33:07.0862 4504 kbdclass - ok 17:33:07.0878 4504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 17:33:07.0909 4504 kbdhid - ok 17:33:07.0940 4504 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:33:07.0972 4504 KeyIso - ok 17:33:07.0987 4504 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 17:33:08.0003 4504 KSecDD - ok 17:33:08.0034 4504 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 17:33:08.0050 4504 KSecPkg - ok 17:33:08.0081 4504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 17:33:08.0143 4504 ksthunk - ok 17:33:08.0190 4504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 17:33:08.0284 4504 KtmRm - ok 17:33:08.0330 4504 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 17:33:08.0393 4504 LanmanServer - ok 17:33:08.0424 4504 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 17:33:08.0486 4504 LanmanWorkstation - ok 17:33:08.0549 4504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 17:33:08.0642 4504 lltdio - ok 17:33:08.0720 4504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 17:33:08.0798 4504 lltdsvc - ok 17:33:08.0814 4504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 17:33:08.0861 4504 lmhosts - ok 17:33:08.0892 4504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:33:08.0923 4504 LSI_FC - ok 17:33:08.0939 4504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:33:08.0954 4504 LSI_SAS - ok 17:33:08.0970 4504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:33:08.0986 4504 LSI_SAS2 - ok 17:33:09.0017 4504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:33:09.0032 4504 LSI_SCSI - ok 17:33:09.0048 4504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 17:33:09.0110 4504 luafv - ok 17:33:09.0142 4504 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 17:33:09.0157 4504 Mcx2Svc - ok 17:33:09.0188 4504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 17:33:09.0188 4504 megasas - ok 17:33:09.0220 4504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 17:33:09.0235 4504 MegaSR - ok 17:33:09.0266 4504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:33:09.0329 4504 MMCSS - ok 17:33:09.0344 4504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 17:33:09.0407 4504 Modem - ok 17:33:09.0438 4504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 17:33:09.0469 4504 monitor - ok 17:33:09.0532 4504 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys 17:33:09.0563 4504 motmodem - ok 17:33:09.0578 4504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 17:33:09.0594 4504 mouclass - ok 17:33:09.0625 4504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 17:33:09.0656 4504 mouhid - ok 17:33:09.0688 4504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 17:33:09.0703 4504 mountmgr - ok 17:33:09.0734 4504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 17:33:09.0766 4504 mpio - ok 17:33:09.0797 4504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 17:33:09.0844 4504 mpsdrv - ok 17:33:09.0890 4504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 17:33:09.0922 4504 MRxDAV - ok 17:33:09.0953 4504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:33:10.0000 4504 mrxsmb - ok 17:33:10.0046 4504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:33:10.0078 4504 mrxsmb10 - ok 17:33:10.0109 4504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:33:10.0124 4504 mrxsmb20 - ok 17:33:10.0156 4504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 17:33:10.0187 4504 msahci - ok 17:33:10.0218 4504 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 17:33:10.0234 4504 msdsm - ok 17:33:10.0265 4504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 17:33:10.0312 4504 MSDTC - ok 17:33:10.0343 4504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 17:33:10.0421 4504 Msfs - ok 17:33:10.0452 4504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 17:33:10.0514 4504 mshidkmdf - ok 17:33:10.0546 4504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 17:33:10.0561 4504 msisadrv - ok 17:33:10.0592 4504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 17:33:10.0686 4504 MSiSCSI - ok 17:33:10.0686 4504 msiserver - ok 17:33:10.0717 4504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 17:33:10.0764 4504 MSKSSRV - ok 17:33:10.0795 4504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 17:33:10.0858 4504 MSPCLOCK - ok 17:33:10.0889 4504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 17:33:10.0967 4504 MSPQM - ok 17:33:10.0998 4504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 17:33:11.0014 4504 MsRPC - ok 17:33:11.0045 4504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 17:33:11.0060 4504 mssmbios - ok 17:33:11.0076 4504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 17:33:11.0138 4504 MSTEE - ok 17:33:11.0170 4504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 17:33:11.0201 4504 MTConfig - ok 17:33:11.0232 4504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 17:33:11.0263 4504 Mup - ok 17:33:11.0341 4504 MyWiFiDHCPDNS (d285d0539016be299a55ff997b44da33) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 17:33:11.0372 4504 MyWiFiDHCPDNS - ok 17:33:11.0404 4504 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 17:33:11.0497 4504 napagent - ok 17:33:11.0544 4504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 17:33:11.0591 4504 NativeWifiP - ok 17:33:11.0684 4504 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120411.019\ENG64.SYS 17:33:11.0700 4504 NAVENG - ok 17:33:11.0778 4504 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120411.019\EX64.SYS 17:33:11.0825 4504 NAVEX15 - ok 17:33:11.0918 4504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 17:33:11.0981 4504 NDIS - ok 17:33:12.0012 4504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 17:33:12.0074 4504 NdisCap - ok 17:33:12.0106 4504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 17:33:12.0152 4504 NdisTapi - ok 17:33:12.0199 4504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 17:33:12.0277 4504 Ndisuio - ok 17:33:12.0293 4504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 17:33:12.0355 4504 NdisWan - ok 17:33:12.0386 4504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 17:33:12.0449 4504 NDProxy - ok 17:33:12.0464 4504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 17:33:12.0542 4504 NetBIOS - ok 17:33:12.0574 4504 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 17:33:12.0652 4504 NetBT - ok 17:33:12.0683 4504 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:33:12.0698 4504 Netlogon - ok 17:33:12.0730 4504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 17:33:12.0808 4504 Netman - ok 17:33:12.0839 4504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 17:33:12.0917 4504 netprofm - ok 17:33:12.0979 4504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:33:12.0995 4504 NetTcpPortSharing - ok 17:33:13.0182 4504 NETw5s64 (981736527b6384bd594b45b2c852432f) C:\Windows\system32\DRIVERS\NETw5s64.sys 17:33:13.0369 4504 NETw5s64 - ok 17:33:13.0432 4504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 17:33:13.0447 4504 nfrd960 - ok 17:33:13.0510 4504 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe 17:33:13.0541 4504 NIS - ok 17:33:13.0588 4504 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 17:33:13.0634 4504 NlaSvc - ok 17:33:13.0650 4504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 17:33:13.0697 4504 Npfs - ok 17:33:13.0790 4504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 17:33:13.0931 4504 nsi - ok 17:33:13.0962 4504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 17:33:14.0009 4504 nsiproxy - ok 17:33:14.0056 4504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 17:33:14.0134 4504 Ntfs - ok 17:33:14.0165 4504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 17:33:14.0212 4504 Null - ok 17:33:14.0258 4504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 17:33:14.0290 4504 nvraid - ok 17:33:14.0321 4504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 17:33:14.0352 4504 nvstor - ok 17:33:14.0383 4504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 17:33:14.0414 4504 nv_agp - ok 17:33:14.0446 4504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 17:33:14.0477 4504 ohci1394 - ok 17:33:14.0508 4504 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:33:14.0539 4504 ose - ok 17:33:14.0586 4504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:33:14.0617 4504 p2pimsvc - ok 17:33:14.0648 4504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 17:33:14.0664 4504 p2psvc - ok 17:33:14.0695 4504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 17:33:14.0726 4504 Parport - ok 17:33:14.0758 4504 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 17:33:14.0773 4504 partmgr - ok 17:33:14.0789 4504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 17:33:14.0836 4504 PcaSvc - ok 17:33:14.0867 4504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 17:33:14.0898 4504 pci - ok 17:33:14.0929 4504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 17:33:14.0945 4504 pciide - ok 17:33:14.0976 4504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 17:33:15.0007 4504 pcmcia - ok 17:33:15.0023 4504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 17:33:15.0054 4504 pcw - ok 17:33:15.0085 4504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 17:33:15.0148 4504 PEAUTH - ok 17:33:15.0194 4504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 17:33:15.0241 4504 PerfHost - ok 17:33:15.0304 4504 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 17:33:15.0397 4504 pla - ok 17:33:15.0444 4504 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 17:33:15.0491 4504 PlugPlay - ok 17:33:15.0522 4504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 17:33:15.0553 4504 PNRPAutoReg - ok 17:33:15.0569 4504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 17:33:15.0584 4504 PNRPsvc - ok 17:33:15.0631 4504 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 17:33:15.0725 4504 PolicyAgent - ok 17:33:15.0756 4504 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 17:33:15.0834 4504 Power - ok 17:33:15.0896 4504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 17:33:15.0959 4504 PptpMiniport - ok 17:33:16.0006 4504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 17:33:16.0037 4504 Processor - ok 17:33:16.0068 4504 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 17:33:16.0146 4504 ProfSvc - ok 17:33:16.0177 4504 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:33:16.0193 4504 ProtectedStorage - ok 17:33:16.0224 4504 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 17:33:16.0286 4504 Psched - ok 17:33:16.0318 4504 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 17:33:16.0333 4504 PxHlpa64 - ok 17:33:16.0380 4504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 17:33:16.0458 4504 ql2300 - ok 17:33:16.0474 4504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 17:33:16.0489 4504 ql40xx - ok 17:33:16.0520 4504 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 17:33:16.0552 4504 QWAVE - ok 17:33:16.0567 4504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 17:33:16.0614 4504 QWAVEdrv - ok 17:33:16.0645 4504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 17:33:16.0692 4504 RasAcd - ok 17:33:16.0723 4504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:33:16.0786 4504 RasAgileVpn - ok 17:33:16.0801 4504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 17:33:16.0895 4504 RasAuto - ok 17:33:16.0926 4504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:33:16.0973 4504 Rasl2tp - ok 17:33:17.0004 4504 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 17:33:17.0066 4504 RasMan - ok 17:33:17.0082 4504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 17:33:17.0129 4504 RasPppoe - ok 17:33:17.0160 4504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 17:33:17.0207 4504 RasSstp - ok 17:33:17.0238 4504 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 17:33:17.0300 4504 rdbss - ok 17:33:17.0316 4504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 17:33:17.0347 4504 rdpbus - ok 17:33:17.0363 4504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:33:17.0441 4504 RDPCDD - ok 17:33:17.0456 4504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 17:33:17.0534 4504 RDPENCDD - ok 17:33:17.0566 4504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 17:33:17.0628 4504 RDPREFMP - ok 17:33:17.0659 4504 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 17:33:17.0690 4504 RDPWD - ok 17:33:17.0737 4504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 17:33:17.0768 4504 rdyboost - ok 17:33:17.0846 4504 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 17:33:17.0893 4504 RegSrvc - ok 17:33:17.0940 4504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 17:33:18.0034 4504 RemoteAccess - ok 17:33:18.0080 4504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 17:33:18.0143 4504 RemoteRegistry - ok 17:33:18.0205 4504 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 17:33:18.0236 4504 RFCOMM - ok 17:33:18.0268 4504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 17:33:18.0346 4504 RpcEptMapper - ok 17:33:18.0361 4504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 17:33:18.0392 4504 RpcLocator - ok 17:33:18.0455 4504 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 17:33:18.0502 4504 RpcSs - ok 17:33:18.0533 4504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 17:33:18.0673 4504 rspndr - ok 17:33:18.0704 4504 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys 17:33:18.0751 4504 RSUSBSTOR - ok 17:33:18.0798 4504 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys 17:33:18.0845 4504 RTL8167 - ok 17:33:18.0860 4504 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:33:18.0892 4504 SamSs - ok 17:33:18.0923 4504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 17:33:18.0970 4504 sbp2port - ok 17:33:18.0985 4504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 17:33:19.0063 4504 SCardSvr - ok 17:33:19.0094 4504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 17:33:19.0172 4504 scfilter - ok 17:33:19.0235 4504 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 17:33:19.0328 4504 Schedule - ok 17:33:19.0360 4504 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 17:33:19.0406 4504 SCPolicySvc - ok 17:33:19.0422 4504 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 17:33:19.0469 4504 SDRSVC - ok 17:33:19.0516 4504 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 17:33:19.0547 4504 SeaPort - ok 17:33:19.0594 4504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 17:33:19.0672 4504 secdrv - ok 17:33:19.0703 4504 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 17:33:19.0765 4504 seclogon - ok 17:33:19.0796 4504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 17:33:19.0874 4504 SENS - ok 17:33:19.0890 4504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 17:33:19.0906 4504 SensrSvc - ok 17:33:19.0937 4504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 17:33:19.0968 4504 Serenum - ok 17:33:19.0984 4504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 17:33:20.0030 4504 Serial - ok 17:33:20.0077 4504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 17:33:20.0108 4504 sermouse - ok 17:33:20.0155 4504 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 17:33:20.0233 4504 SessionEnv - ok 17:33:20.0264 4504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 17:33:20.0280 4504 sffdisk - ok 17:33:20.0311 4504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 17:33:20.0327 4504 sffp_mmc - ok 17:33:20.0358 4504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 17:33:20.0389 4504 sffp_sd - ok 17:33:20.0420 4504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 17:33:20.0452 4504 sfloppy - ok 17:33:20.0498 4504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 17:33:20.0576 4504 SharedAccess - ok 17:33:20.0623 4504 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 17:33:20.0701 4504 ShellHWDetection - ok 17:33:20.0732 4504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:33:20.0748 4504 SiSRaid2 - ok 17:33:20.0764 4504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 17:33:20.0779 4504 SiSRaid4 - ok 17:33:20.0810 4504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 17:33:20.0873 4504 Smb - ok 17:33:20.0904 4504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 17:33:20.0935 4504 SNMPTRAP - ok 17:33:21.0076 4504 SophosVirusRemovalTool (c2471399f95fef9941480f98ea7bc126) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe 17:33:21.0091 4504 SophosVirusRemovalTool - ok 17:33:21.0138 4504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 17:33:21.0154 4504 spldr - ok 17:33:21.0201 4504 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 17:33:21.0263 4504 Spooler - ok 17:33:21.0372 4504 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 17:33:21.0513 4504 sppsvc - ok 17:33:21.0544 4504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 17:33:21.0591 4504 sppuinotify - ok 17:33:21.0637 4504 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe 17:33:21.0669 4504 sprtsvc_DellComms - ok 17:33:21.0778 4504 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS 17:33:21.0809 4504 SRTSP - ok 17:33:21.0825 4504 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS 17:33:21.0840 4504 SRTSPX - ok 17:33:21.0887 4504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 17:33:21.0949 4504 srv - ok 17:33:21.0981 4504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 17:33:22.0012 4504 srv2 - ok 17:33:22.0043 4504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 17:33:22.0074 4504 srvnet - ok 17:33:22.0121 4504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 17:33:22.0199 4504 SSDPSRV - ok 17:33:22.0215 4504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 17:33:22.0277 4504 SstpSvc - ok 17:33:22.0324 4504 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys 17:33:22.0339 4504 stdflt - ok 17:33:22.0355 4504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 17:33:22.0371 4504 stexstor - ok 17:33:22.0417 4504 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 17:33:22.0495 4504 stisvc - ok 17:33:22.0527 4504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 17:33:22.0558 4504 swenum - ok 17:33:22.0589 4504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 17:33:22.0667 4504 swprv - ok 17:33:22.0761 4504 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS 17:33:22.0792 4504 SymDS - ok 17:33:22.0854 4504 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS 17:33:22.0917 4504 SymEFA - ok 17:33:22.0963 4504 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 17:33:22.0995 4504 SymEvent - ok 17:33:23.0026 4504 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS 17:33:23.0041 4504 SymIRON - ok 17:33:23.0073 4504 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS 17:33:23.0104 4504 SymNetS - ok 17:33:23.0151 4504 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys 17:33:23.0182 4504 SynTP - ok 17:33:23.0244 4504 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 17:33:23.0322 4504 SysMain - ok 17:33:23.0353 4504 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 17:33:23.0385 4504 TabletInputService - ok 17:33:23.0416 4504 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 17:33:23.0463 4504 TapiSrv - ok 17:33:23.0494 4504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 17:33:23.0556 4504 TBS - ok 17:33:23.0634 4504 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 17:33:23.0712 4504 Tcpip - ok 17:33:23.0790 4504 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 17:33:23.0837 4504 TCPIP6 - ok 17:33:23.0868 4504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 17:33:23.0946 4504 tcpipreg - ok 17:33:23.0977 4504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 17:33:24.0009 4504 TDPIPE - ok 17:33:24.0040 4504 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 17:33:24.0071 4504 TDTCP - ok 17:33:24.0102 4504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 17:33:24.0165 4504 tdx - ok 17:33:24.0196 4504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 17:33:24.0211 4504 TermDD - ok 17:33:24.0258 4504 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 17:33:24.0336 4504 TermService - ok 17:33:24.0367 4504 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 17:33:24.0414 4504 Themes - ok 17:33:24.0445 4504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 17:33:24.0492 4504 THREADORDER - ok 17:33:24.0508 4504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 17:33:24.0601 4504 TrkWks - ok 17:33:24.0633 4504 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 17:33:24.0711 4504 TrustedInstaller - ok 17:33:24.0742 4504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:33:24.0804 4504 tssecsrv - ok 17:33:24.0851 4504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 17:33:24.0882 4504 TsUsbFlt - ok 17:33:24.0913 4504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 17:33:24.0991 4504 tunnel - ok 17:33:25.0023 4504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 17:33:25.0038 4504 uagp35 - ok 17:33:25.0085 4504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 17:33:25.0163 4504 udfs - ok 17:33:25.0210 4504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 17:33:25.0225 4504 UI0Detect - ok 17:33:25.0257 4504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 17:33:25.0288 4504 uliagpkx - ok 17:33:25.0319 4504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 17:33:25.0350 4504 umbus - ok 17:33:25.0381 4504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 17:33:25.0413 4504 UmPass - ok 17:33:25.0444 4504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 17:33:25.0537 4504 upnphost - ok 17:33:25.0600 4504 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 17:33:25.0615 4504 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 17:33:25.0615 4504 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 17:33:25.0647 4504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 17:33:25.0662 4504 usbccgp - ok 17:33:25.0709 4504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 17:33:25.0740 4504 usbcir - ok 17:33:25.0756 4504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 17:33:25.0787 4504 usbehci - ok 17:33:25.0818 4504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 17:33:25.0849 4504 usbhub - ok 17:33:25.0881 4504 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 17:33:25.0912 4504 usbohci - ok 17:33:25.0959 4504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 17:33:25.0990 4504 usbprint - ok 17:33:26.0037 4504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 17:33:26.0083 4504 usbscan - ok 17:33:26.0099 4504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:33:26.0146 4504 USBSTOR - ok 17:33:26.0161 4504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 17:33:26.0208 4504 usbuhci - ok 17:33:26.0255 4504 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 17:33:26.0286 4504 usbvideo - ok 17:33:26.0317 4504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 17:33:26.0395 4504 UxSms - ok 17:33:26.0427 4504 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 17:33:26.0442 4504 VaultSvc - ok 17:33:26.0458 4504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 17:33:26.0489 4504 vdrvroot - ok 17:33:26.0520 4504 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 17:33:26.0598 4504 vds - ok 17:33:26.0629 4504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 17:33:26.0661 4504 vga - ok 17:33:26.0692 4504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 17:33:26.0770 4504 VgaSave - ok 17:33:26.0801 4504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 17:33:26.0832 4504 vhdmp - ok 17:33:26.0863 4504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 17:33:26.0879 4504 viaide - ok 17:33:26.0910 4504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 17:33:26.0926 4504 volmgr - ok 17:33:26.0957 4504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 17:33:27.0004 4504 volmgrx - ok 17:33:27.0019 4504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 17:33:27.0051 4504 volsnap - ok 17:33:27.0097 4504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 17:33:27.0113 4504 vsmraid - ok 17:33:27.0175 4504 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 17:33:27.0285 4504 VSS - ok 17:33:27.0316 4504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 17:33:27.0347 4504 vwifibus - ok 17:33:27.0378 4504 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 17:33:27.0425 4504 vwififlt - ok 17:33:27.0472 4504 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 17:33:27.0503 4504 vwifimp - ok 17:33:27.0550 4504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 17:33:27.0628 4504 W32Time - ok 17:33:27.0643 4504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 17:33:27.0675 4504 WacomPen - ok 17:33:27.0706 4504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:33:27.0768 4504 WANARP - ok 17:33:27.0784 4504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 17:33:27.0815 4504 Wanarpv6 - ok 17:33:27.0877 4504 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 17:33:27.0940 4504 WatAdminSvc - ok 17:33:27.0987 4504 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 17:33:28.0065 4504 wbengine - ok 17:33:28.0096 4504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 17:33:28.0127 4504 WbioSrvc - ok 17:33:28.0174 4504 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 17:33:28.0221 4504 wcncsvc - ok 17:33:28.0252 4504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 17:33:28.0267 4504 WcsPlugInService - ok 17:33:28.0299 4504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 17:33:28.0314 4504 Wd - ok 17:33:28.0377 4504 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 17:33:28.0392 4504 WDC_SAM - ok 17:33:28.0423 4504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 17:33:28.0470 4504 Wdf01000 - ok 17:33:28.0486 4504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:33:28.0517 4504 WdiServiceHost - ok 17:33:28.0533 4504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 17:33:28.0548 4504 WdiSystemHost - ok 17:33:28.0595 4504 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\Windows\system32\DRIVERS\WDKMD.sys 17:33:28.0611 4504 wdkmd - ok 17:33:28.0673 4504 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 17:33:28.0720 4504 WebClient - ok 17:33:28.0735 4504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 17:33:28.0813 4504 Wecsvc - ok 17:33:28.0845 4504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 17:33:28.0907 4504 wercplsupport - ok 17:33:28.0938 4504 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 17:33:28.0985 4504 WerSvc - ok 17:33:29.0032 4504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 17:33:29.0079 4504 WfpLwf - ok 17:33:29.0094 4504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 17:33:29.0110 4504 WIMMount - ok 17:33:29.0125 4504 WinHttpAutoProxySvc - ok 17:33:29.0172 4504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 17:33:29.0235 4504 Winmgmt - ok 17:33:29.0297 4504 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 17:33:29.0406 4504 WinRM - ok 17:33:29.0469 4504 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 17:33:29.0515 4504 WinUsb - ok 17:33:29.0562 4504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 17:33:29.0671 4504 Wlansvc - ok 17:33:29.0765 4504 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:33:29.0859 4504 wlidsvc - ok 17:33:29.0905 4504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 17:33:29.0937 4504 WmiAcpi - ok 17:33:29.0983 4504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 17:33:30.0030 4504 wmiApSrv - ok 17:33:30.0046 4504 WMPNetworkSvc - ok 17:33:30.0061 4504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 17:33:30.0077 4504 WPCSvc - ok 17:33:30.0108 4504 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 17:33:30.0139 4504 WPDBusEnum - ok 17:33:30.0171 4504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 17:33:30.0202 4504 ws2ifsl - ok 17:33:30.0249 4504 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 17:33:30.0280 4504 WSDPrintDevice - ok 17:33:30.0327 4504 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys 17:33:30.0358 4504 WSDScan - ok 17:33:30.0358 4504 WSearch - ok 17:33:30.0436 4504 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 17:33:30.0545 4504 wuauserv - ok 17:33:30.0623 4504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 17:33:30.0685 4504 WudfPf - ok 17:33:30.0701 4504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:33:30.0748 4504 WUDFRd - ok 17:33:30.0779 4504 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 17:33:30.0841 4504 wudfsvc - ok 17:33:30.0888 4504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 17:33:30.0919 4504 WwanSvc - ok 17:33:30.0966 4504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:33:31.0153 4504 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 17:33:31.0153 4504 \Device\Harddisk0\DR0 - detected TDSS File System (1) 17:33:31.0169 4504 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1 17:33:31.0294 4504 \Device\Harddisk1\DR1 - ok 17:33:31.0309 4504 Boot (0x1200) (83fcba3d1c8956b2d773b41909242ec1) \Device\Harddisk0\DR0\Partition0 17:33:31.0309 4504 \Device\Harddisk0\DR0\Partition0 - ok 17:33:31.0341 4504 Boot (0x1200) (5fbeec304255b89f9f44bfbc42ea0a09) \Device\Harddisk0\DR0\Partition1 17:33:31.0341 4504 \Device\Harddisk0\DR0\Partition1 - ok 17:33:31.0356 4504 Boot (0x1200) (657164162664d93ccd3c7294cfd8f09a) \Device\Harddisk0\DR0\Partition2 17:33:31.0372 4504 \Device\Harddisk0\DR0\Partition2 - ok 17:33:31.0372 4504 Boot (0x1200) (bd930969848e9e7b36a0003cdbac1fc7) \Device\Harddisk1\DR1\Partition0 17:33:31.0372 4504 \Device\Harddisk1\DR1\Partition0 - ok 17:33:31.0372 4504 ============================================================ 17:33:31.0372 4504 Scan finished 17:33:31.0372 4504 ============================================================ 17:33:31.0387 4460 Detected object count: 4 17:33:31.0387 4460 Actual detected object count: 4 17:37:11.0566 4460 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:11.0566 4460 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:11.0566 4460 InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:11.0566 4460 InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:11.0566 4460 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:11.0566 4460 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:11.0566 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 17:37:11.0566 4460 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 17:37:28.0461 0368 Deinitialize success -------------
  14. As the title says, I've got a Google redirect virus that just won't die. The ystem was infected with tons of viruses/trojans, seemingly all of which MalwareBytes, my Norton Recovery Tool CD and Spybot S&D removed, except for this redirect thing. Also tried Kaspersky Rescue Disc, but it found nothing (after the previous tools). Logs from DDS is below. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by NICOLE at 3:17:47 on 2012-04-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2403 [GMT -7:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\system32\igfxsrvc.exe C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\DellDock\DellDock.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [Mikogo] "C:\Users\NICOLE\AppData\Roaming\Mikogo\Mikogo-Host.exe" -asp uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [CanonSolutionMenuEx] "REM C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon mRun: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe StartupFolder: C:\Users\NICOLE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-explorer: DisallowRun = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\43241354 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{0AD91CD1-817F-4D01-B851-21721229E987}\C696E6B6379737 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{71481F14-188C-4518-A592-59D41A4B254D} : DhcpNameServer = 192.168.1.254 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll IFEO: image file execution options - BHO-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO-X64: Canon Easy-WebPrint EX BHO - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - No File BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [CanonSolutionMenuEx] "REM C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon mRun-x64: [iJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IFEO-X64: image file execution options - Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\NICOLE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\NICOLE\AppData\Roaming\Mozilla\Firefox\Profiles\4csqaj5m.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-4-2 1160824] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120410.002\IDSviA64.sys [2012-4-10 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-4 92160] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-17 155648] R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-2-27 60928] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-4-9 138232] R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-4 206064] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-3 138360] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253600] S3 B-Service;B-Service;C:\Users\NICOLE\Downloads\B-Service.exe --> C:\Users\NICOLE\Downloads\B-Service.exe [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-28 136176] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-3-30 151064] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] . =============== Created Last 30 ================ . 2012-04-11 08:37:59 -------- d-----w- C:\Windows\Standalone System Sweeper 2012-04-11 08:34:21 -------- d-----w- C:\ProgramData\Sophos 2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-04-11 08:34:02 73728 ----a-r- C:\Users\NICOLE\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-04-11 08:33:57 -------- d-----w- C:\Program Files (x86)\Sophos 2012-04-11 08:24:12 16200 ----a-w- C:\Windows\stinger.sys 2012-04-11 04:22:42 -------- d-----w- C:\Windows\rescache 2012-04-11 03:20:55 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-04-11 03:20:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-04-11 01:07:29 -------- d-----w- C:\Program Files\iPod 2012-04-11 01:07:28 -------- d-----w- C:\Program Files\iTunes 2012-04-11 01:07:28 -------- d-----w- C:\Program Files (x86)\iTunes 2012-04-11 00:26:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-11 00:26:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-10 23:37:55 -------- d-----w- C:\Windows\System32\SPReview 2012-04-10 23:36:57 -------- d-----w- C:\Windows\System32\EventProviders 2012-04-10 23:36:44 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-10 23:36:43 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-10 23:36:43 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-10 23:33:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-10 23:33:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-10 23:33:04 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-10 23:33:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-10 23:33:04 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-10 23:33:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-10 23:33:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-10 23:14:04 -------- d-----w- C:\Program Files (x86)\stinger 2012-04-10 21:46:58 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Malwarebytes 2012-04-10 21:46:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-10 21:46:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-10 21:46:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-10 21:12:19 -------- d-----w- C:\Program Files\CCleaner 2012-04-10 08:59:38 -------- d-----w- C:\NBRT 2012-04-10 05:04:22 -------- d-----w- C:\NPE 2012-04-10 02:01:05 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-10 01:45:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-09 10:17:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-09 09:50:12 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys 2012-04-09 09:50:12 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys 2012-04-09 09:50:11 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys 2012-04-09 09:50:11 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys 2012-04-09 09:50:10 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys 2012-04-09 09:50:10 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys 2012-04-09 09:50:10 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys 2012-04-09 09:49:21 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A 2012-04-07 20:46:13 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2012-04-03 05:38:31 -------- d-sh--w- C:\Users\NICOLE\AppData\Local\c98ae578 2012-04-03 05:37:35 -------- d-----w- C:\Users\NICOLE\AppData\Roaming\Directory 2012-03-29 16:59:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-03-29 16:58:42 -------- d-----we C:\Windows\system64 2012-03-29 01:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EC4D2123-B0F0-4190-B5FF-BDC1E96D1337}\mpengine.dll 2012-03-17 23:58:30 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-17 23:58:30 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 12:43:53 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 12:43:49 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 12:43:49 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 12:43:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 12:43:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 12:43:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 12:43:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 12:43:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll . ==================== Find3M ==================== . 2012-04-11 00:00:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-04-11 00:00:20 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-04-10 02:01:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-09 09:50:32 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-30 18:36:25 704504 ----a-w- C:\Windows\SysWow64\PerfStringBackup.TMP . ============= FINISH: 3:22:33.72 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/9/2010 3:37:50 PM System Uptime: 4/11/2012 3:14:02 AM (0 hours ago) . Motherboard: Dell Inc. | | 0R225F Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | U2E1 | 2267/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 59 GiB total, 22.981 GiB free. D: is FIXED (NTFS) - 397 GiB total, 396.851 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318} Description: Intel® Active Management Technology - SOL Device ID: PCI\VEN_8086&DEV_3B67&SUBSYS_04171028&REV_06\3&11583659&0&B3 Manufacturer: Intel Name: Intel® Active Management Technology - SOL (COM3) PNP Device ID: PCI\VEN_8086&DEV_3B67&SUBSYS_04171028&REV_06\3&11583659&0&B3 Service: Serial . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . Accelerometer Adobe Reader 9.5.0 Advanced Audio FX Engine Apple Application Support Apple Software Update Banctec Service Agreement Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool Canon MG5200 series User Registration Canon MP Navigator EX 4.0 Canon My Printer Canon Solution Menu EX Compatibility Pack for the 2007 Office system Complete Care Business Service Agreement Complete Care Consumer Service Agreement Consumer In-Home Service Agreement Cozi Dell Communications (Support Software) Dell DataSafe Online Dell Driver Download Manager Dell Getting Started Guide Dell Home Systems Service Agreement Dell Webcam Central Driver Medic Google Chrome Google Update Helper Intel® Graphics Media Accelerator Driver Java Auto Updater Junk Mail filter update Lexmark Printable Web Lexmark Toolbar Lexmark Tools for Office Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Choice Guard Microsoft Default Manager Microsoft Office 2003 Web Components Microsoft Office File Validation Add-In Microsoft Office Small Business Edition 2003 Microsoft Office Suite Activation Assistant Microsoft Office XP Web Components Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 11.0 (x86 en-US) MSN Toolbar MSN Toolbar Platform MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Norton Internet Security PDFCreator QualXServ Service Agreement QuickTime Realtek High Definition Audio Driver Roxio Burn Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Sophos Virus Removal Tool Spybot - Search & Destroy Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 6:44:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 4/9/2012 2:48:54 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2. 4/11/2012 3:19:22 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 4/11/2012 3:15:06 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 4/11/2012 3:15:01 AM, Error: Service Control Manager [7023] - The Drvnddm service terminated with the following error: The system cannot find the file specified. 4/11/2012 3:14:42 AM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted. 4/11/2012 2:48:39 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 4/11/2012 1:24:25 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellComms) service terminated unexpectedly. It has done this 1 time(s). 4/10/2012 7:44:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 4/10/2012 7:28:52 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied. 4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 4/10/2012 7:24:56 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied. 4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 4/10/2012 6:10:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 4/10/2012 6:05:21 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422). 4/10/2012 5:22:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656372). 4/10/2012 5:20:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 4/10/2012 5:18:06 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 4/10/2012 5:12:52 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1500) while initializing logging resources for channel Microsoft-Windows-Help/Operational. 4/10/2012 12:10:05 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The system cannot find the file specified. 4/10/2012 11:57:20 AM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: %%-2147467259 4/10/2012 10:38:46 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. . ==== End Of File =========================== Thanks in advance for your help! Todd
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.