Nebraskarain

Thank you so much for all your help!

So far so good!! Things seem to be a lot faster then before!

Its running faster. BefoRE Startup was so slow that nothing was loading to my desktop and I had to restart everytime i wanted to use my laptop

All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== c:\windows\SysWow64\sho2F6D.tmp moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: nebraskarain ->Temp folder emptied: 1365799 bytes ->Temporary Internet Files folder emptied: 895495 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 372133590 bytes ->Google Chrome cache emptied: 6502498 bytes ->Flash cache emptied: 14725 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41144 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52503022 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 617 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46427033 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 458.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 12242012_111852 Files moved on Reboot... File move failed. C:\Users\nebraskarain\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...

Nothing found

ComboFix 12-12-23.01 - nebraskarain 12/23/2012 16:57:03.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2504 [GMT -6:00] Running from: c:\users\nebraskarain\Desktop\ComboFix.exe Command switches used :: c:\users\nebraskarain\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\SysWow64\sho62BD.tmp" "c:\windows\SysWow64\shoBCFA.tmp" "c:\windows\SysWow64\shoBFD6.tmp" . . ((((((((((((((((((((((((( Files Created from 2012-11-23 to 2012-12-23 ))))))))))))))))))))))))))))))) . . 2012-12-23 23:02 . 2012-12-23 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-23 15:54 . 2012-12-23 15:54 0 ----a-w- c:\windows\SysWow64\sho2F6D.tmp 2012-12-21 22:52 . 2012-12-21 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-21 22:51 . 2012-12-21 22:51 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-21 22:50 . 2012-12-21 22:50 -------- d-----w- c:\program files (x86)\Java 2012-12-21 17:36 . 2012-12-21 17:36 -------- d-----w- c:\program files (x86)\Norton Identity Safe 2012-12-21 17:36 . 2012-12-21 17:36 -------- d-----w- c:\windows\system32\drivers\NSTx64 2012-12-21 13:48 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 13:48 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 13:48 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 13:48 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-21 00:02 . 2012-12-21 00:02 -------- d-----w- C:\FRST 2012-12-18 04:21 . 2012-12-18 04:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-12-16 16:16 . 2012-12-16 17:23 -------- d-----w- c:\program files (x86)\Google 2012-12-16 16:16 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-16 16:13 . 2012-12-17 19:00 -------- d-----w- c:\programdata\AVAST Software 2012-12-16 16:13 . 2012-12-16 16:13 -------- d-----w- c:\program files\AVAST Software 2012-12-15 15:05 . 2012-12-15 15:05 -------- d-----w- c:\windows\Sun 2012-12-12 11:33 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 11:33 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 11:33 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-12-09 16:36 . 2012-12-09 16:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-12-09 15:37 . 2012-12-09 15:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-12-09 15:36 . 2012-12-12 14:52 -------- d-----w- c:\programdata\Microsoft Help 2012-12-09 15:36 . 2012-12-09 15:36 -------- d-----r- C:\MSOCache 2012-12-02 19:04 . 2012-12-21 22:50 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-02 19:04 . 2012-12-21 22:50 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-02 13:55 . 2012-12-09 15:41 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\system32\Wat 2012-12-01 17:34 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2012-12-01 17:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2012-12-01 16:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-01 16:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-01 16:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-01 16:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-01 16:31 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2012-12-01 16:31 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2012-12-01 16:31 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2012-12-01 16:31 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2012-12-01 16:31 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2012-12-01 16:31 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2012-12-01 16:31 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-12-01 16:31 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2012-12-01 16:31 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-12-01 16:31 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-12-01 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-01 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-01 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-01 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-01 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-01 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-01 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-01 16:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-01 16:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-01 16:08 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-01 16:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-01 16:08 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-01 13:36 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-12-01 13:36 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2012-12-01 13:35 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-12-01 13:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-12-01 13:35 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe 2012-12-01 13:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe 2012-12-01 13:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-12-01 13:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-12-01 13:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll 2012-12-01 13:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2012-12-01 13:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2012-12-01 13:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2012-12-01 13:35 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll 2012-12-01 13:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll 2012-12-01 13:33 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-12-01 13:33 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll 2012-12-01 13:33 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-12-01 13:33 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-12-01 13:33 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-12-01 13:33 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-12-01 13:31 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll 2012-12-01 13:31 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll 2012-12-01 13:31 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-12-01 13:31 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-12-01 13:31 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-12-01 13:31 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-12-01 13:29 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-12-01 13:29 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-12-01 13:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-12-01 13:29 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-12-01 13:29 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2012-12-01 13:29 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll 2012-12-01 13:29 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2012-12-01 13:29 . 2012-08-30 18:10 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-01 13:29 . 2012-08-30 18:11 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-12-01 13:29 . 2012-08-30 18:11 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-12-01 13:27 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-12-01 13:26 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2012-12-01 13:25 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-12-01 13:25 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys 2012-12-01 13:25 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-12-01 13:25 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-12-01 13:25 . 2011-03-03 06:17 356352 ----a-w- c:\windows\system32\dnsapi.dll 2012-12-01 13:25 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-12-01 13:25 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2012-12-01 13:24 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll 2012-12-01 13:24 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll 2012-12-01 13:24 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-12-01 13:24 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-12-01 13:22 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-12-01 13:21 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-12-01 13:21 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2012-12-01 13:21 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2012-12-01 13:21 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2012-12-01 13:21 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2012-12-01 13:19 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-12-01 13:18 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2012-12-01 13:18 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-12-01 04:46 . 2012-12-01 19:46 -------- d-----w- c:\programdata\VirtualizedApplications 2012-12-01 00:50 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-12-01 00:50 . 2012-12-01 00:50 -------- d-----w- c:\program files\Microsoft Office 2012-12-01 00:05 . 2012-12-23 22:55 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-11-30 22:09 . 2012-12-23 22:55 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-11-30 22:00 . 2012-11-30 22:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 22:00 . 2012-11-30 22:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-30 22:00 . 2012-11-30 22:00 -------- d-----w- c:\windows\system32\Macromed 2012-11-30 21:55 . 2012-11-30 21:55 -------- d-----w- c:\programdata\PCSettings . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-16 21:20 . 2012-12-01 13:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-12-01 13:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-12-01 13:22 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:45 . 2012-12-12 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}] 2012-10-18 17:57 498584 ----a-r- c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\coIEPlg.dll" [2012-10-18 498584] . [HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-01 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-04 168096] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [2009-03-03 89600] S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-11 143928] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2009-12-17 20984] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\nebraskarain\AppData\Roaming\Mozilla\Firefox\Profiles\b8ix3dpj.default\ FF - ExtSQL: 2012-12-22 10:57; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn FF - ExtSQL: 2012-12-22 12:48; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO] "ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.2.0.18\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2012-12-23 17:08:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-23 23:08 ComboFix2.txt 2012-12-18 20:37 ComboFix3.txt 2012-12-18 17:01 . Pre-Run: 257,702,252,544 bytes free Post-Run: 257,310,711,808 bytes free . - - End Of File - - 666D0D485CB66E2DB99CA12E26CACAE7

ComboFix 12-12-17.02 - nebraskarain 12/18/2012 14:05:43.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2678 [GMT -6:00] Running from: c:\users\nebraskarain\Desktop\ComboFix.exe Command switches used :: c:\users\nebraskarain\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))))) . . 2012-12-18 20:17 . 2012-12-18 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-18 04:21 . 2012-12-18 04:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-12-16 16:16 . 2012-12-16 17:23 -------- d-----w- c:\program files (x86)\Google 2012-12-16 16:16 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-16 16:13 . 2012-12-17 19:00 -------- d-----w- c:\programdata\AVAST Software 2012-12-16 16:13 . 2012-12-16 16:13 -------- d-----w- c:\program files\AVAST Software 2012-12-16 05:07 . 2012-12-16 05:07 0 ----a-w- c:\windows\SysWow64\shoBCFA.tmp 2012-12-15 15:05 . 2012-12-15 15:05 -------- d-----w- c:\windows\Sun 2012-12-12 11:33 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 11:33 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 11:33 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-12-09 16:36 . 2012-12-09 16:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-12-09 15:37 . 2012-12-09 15:37 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-12-09 15:36 . 2012-12-12 14:52 -------- d-----w- c:\programdata\Microsoft Help 2012-12-09 15:36 . 2012-12-09 15:36 -------- d-----r- C:\MSOCache 2012-12-02 19:05 . 2012-12-02 19:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-02 19:04 . 2012-12-02 19:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-02 19:04 . 2012-12-02 19:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-02 19:04 . 2012-12-02 19:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-02 19:04 . 2012-12-02 19:04 -------- d-----w- c:\program files (x86)\Java 2012-12-02 14:01 . 2012-12-02 14:01 0 ----a-w- c:\windows\SysWow64\shoBFD6.tmp 2012-12-02 13:55 . 2012-12-09 15:41 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-01 19:01 . 2012-12-01 19:01 -------- d-----w- c:\windows\system32\Wat 2012-12-01 17:44 . 2012-12-01 17:44 0 ----a-w- c:\windows\SysWow64\sho62BD.tmp 2012-12-01 17:34 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2012-12-01 17:34 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2012-12-01 16:48 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-01 16:48 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-01 16:48 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-01 16:48 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-01 16:31 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2012-12-01 16:31 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2012-12-01 16:31 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2012-12-01 16:31 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2012-12-01 16:31 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2012-12-01 16:31 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2012-12-01 16:31 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-12-01 16:31 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2012-12-01 16:31 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2012-12-01 16:31 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-12-01 16:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-01 16:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-01 16:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-01 16:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-01 16:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-01 16:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-01 16:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-01 16:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-01 16:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-01 16:08 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-01 16:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-01 16:08 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-01 13:36 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-12-01 13:36 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2012-12-01 13:35 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-12-01 13:35 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-12-01 13:35 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe 2012-12-01 13:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe 2012-12-01 13:35 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-12-01 13:35 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-12-01 13:35 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll 2012-12-01 13:35 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2012-12-01 13:35 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll 2012-12-01 13:35 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2012-12-01 13:35 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll 2012-12-01 13:35 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll 2012-12-01 13:33 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-12-01 13:33 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll 2012-12-01 13:33 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-12-01 13:33 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-12-01 13:33 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-12-01 13:33 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-12-01 13:31 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll 2012-12-01 13:31 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll 2012-12-01 13:31 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-12-01 13:31 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-12-01 13:31 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-12-01 13:31 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-12-01 13:29 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-12-01 13:29 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-12-01 13:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-12-01 13:29 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2012-12-01 13:29 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2012-12-01 13:29 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll 2012-12-01 13:29 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2012-12-01 13:29 . 2012-08-30 18:10 5473136 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-01 13:29 . 2012-08-30 18:11 3971440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-12-01 13:29 . 2012-08-30 18:11 3915632 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-12-01 13:27 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-12-01 13:26 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2012-12-01 13:25 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-12-01 13:25 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys 2012-12-01 13:25 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-12-01 13:25 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-12-01 13:25 . 2011-03-03 06:17 356352 ----a-w- c:\windows\system32\dnsapi.dll 2012-12-01 13:25 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-12-01 13:25 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2012-12-01 13:24 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll 2012-12-01 13:24 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll 2012-12-01 13:24 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-12-01 13:24 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-12-01 13:22 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-12-01 13:21 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-12-01 13:21 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2012-12-01 13:21 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2012-12-01 13:21 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2012-12-01 13:21 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2012-12-01 13:19 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-12-01 13:18 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2012-12-01 13:18 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-12-01 04:46 . 2012-12-01 19:46 -------- d-----w- c:\programdata\VirtualizedApplications 2012-12-01 00:50 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-12-01 00:50 . 2012-12-01 00:50 -------- d-----w- c:\program files\Microsoft Office 2012-12-01 00:05 . 2012-12-01 00:05 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-11-30 22:09 . 2012-11-30 22:09 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files\Symantec 2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files (x86)\Norton 360 2012-11-30 22:09 . 2012-11-30 22:09 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-11-30 22:00 . 2012-11-30 22:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-30 22:00 . 2012-11-30 22:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-30 22:00 . 2012-11-30 22:00 -------- d-----w- c:\windows\system32\Macromed 2012-11-30 21:55 . 2012-11-30 21:55 -------- d-----w- c:\programdata\PCSettings 2012-11-30 21:46 . 2012-11-30 21:46 -------- d-----w- c:\program files (x86)\AWS . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-16 21:20 . 2012-12-01 13:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-12-01 13:22 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-12-01 13:22 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:45 . 2012-12-12 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-01 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121215.001\IDSvia64.sys [2012-11-30 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe [2009-03-03 89600] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2009-12-17 20984] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-29 138912] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\nebraskarain\AppData\Roaming\Mozilla\Firefox\Profiles\b8ix3dpj.default\ FF - ExtSQL: 2012-11-30 16:10; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn FF - ExtSQL: 2012-11-30 16:10; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-18 14:37:14 ComboFix-quarantined-files.txt 2012-12-18 20:37 ComboFix2.txt 2012-12-18 17:01 . Pre-Run: 254,941,192,192 bytes free Post-Run: 254,880,440,320 bytes free . - - End Of File - - A795EA3DD2C543CA6F18C2791C5D88D6

Now my system is running very slow and is freezing so I have to restart a lot

C:\TDSSKiller_Quarantine\17.12.2012_22.20.22\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan unable to clean C:\TDSSKiller_Quarantine\17.12.2012_22.20.22\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan unable to clean C:\TDSSKiller_Quarantine\17.12.2012_22.20.22\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan unable to clean C:\TDSSKiller_Quarantine\17.12.2012_22.20.22\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan unable to clean C:\TDSSKiller_Quarantine\17.12.2012_22.20.22\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan unable to clean C:\TDSSKiller_Quarantine\17.12.2012_22.20.22\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.21.17 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 nebraskarain :: NEBRASKARAIN-PC [administrator] 12/21/2012 4:54:15 PM mbam-log-2012-12-21 (16-54-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208694 Time elapsed: 3 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Reinstalled and working!! Thank you again!!!

So far so good except Norton which i will reinstall. Thank you so much!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2012 Ran by SYSTEM at 2012-12-20 20:55:21 Run:1 Running from F:\ ============================================== C:\Windows\SysWOW64\shoBCFA.tmp moved successfully. C:\Windows\SysWOW64\shoBFD6.tmp moved successfully. C:\Windows\SysWOW64\sho62BD.tmp moved successfully. ==== End of Fixlog ====

Never mind I got it.... Will post now Thank you!

I know this is going to sound dumb but Im confused about exactly what to do. I have the code saved to my flashdrive but do you want me to go through the same steps as reply #26 and go to command prompt again?