I was Infected by Trojan.Gen2

[racerx9]

I believe I was infected with Trojan.Gen2. Norton AV said it blocked it twice but I think it got thru the 3rd time. I had pop ups for System Check staing hard drive was failing, boot sector damaged, memory low etc. then my browser closed and all my icons and start menu was missing. I deleted C9S8H2.EXE and zx1s0jz4hrugd1.exe. it was all a blur at 5:30am I do not remeber how I found those files, I thnk it was from norton alerts or something. After work did a restore to a previous date and got my start menu back, ran mbam and unhide.exe which brought back my favorites & favorites bar.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Fred at 14:06:59 on 2012-04-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6126.4700 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1 198.6.1.3

TCP: Interfaces\{622D4D9F-C922-4D7C-87B2-EA7F2D6A8989} : DhcpNameServer = 192.168.0.1 198.6.1.3

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PC Tools Browser Defender BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

BHO-X64: Browser Defender BHO - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

TB-X64: PC Tools Browser Defender: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-30 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-3-29 550864]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13336]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-30 652360]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-30 1692480]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-7-13 150920]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\system32\Drivers\PCTBD64.sys --> C:\Windows\system32\Drivers\PCTBD64.sys [?]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-02 14:40:07 -------- d-----w- C:\Users\Fred\AppData\Local\{1561C7A0-8DA1-460F-A295-1CF0F984EDB3}

2012-04-01 23:36:44 -------- d-----w- C:\Users\Fred\AppData\Local\{3E301A45-EBFA-4644-8E7F-CB657EA44097}

2012-04-01 03:34:13 -------- d-----w- C:\Users\Fred\AppData\Local\{2B966F98-A826-4F91-8696-737053497226}

2012-03-31 15:33:49 -------- d-----w- C:\Users\Fred\AppData\Local\{62D4CBCC-AD60-464F-AEBE-13BABC551F17}

2012-03-31 01:22:38 -------- d-----w- C:\Users\Fred\AppData\Roaming\Malwarebytes

2012-03-31 01:22:30 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-31 01:22:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-31 01:22:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-31 01:14:12 -------- d-----w- C:\Users\Fred\AppData\Local\{361DCF39-C3E4-4A4F-B761-38FD4B28BB65}

2012-03-30 01:57:37 70760 ----a-w- C:\Windows\System32\drivers\PCTBD64.sys

2012-03-30 01:57:36 767952 ----a-w- C:\Windows\BDTSupport.dll

2012-03-30 01:57:36 2250704 ----a-w- C:\Windows\PCTBDCore.dll

2012-03-30 01:57:36 1681360 ----a-w- C:\Windows\PCTBDRes.dll

2012-03-30 01:57:36 149456 ----a-w- C:\Windows\SGDetectionTool.dll

2012-03-30 01:57:08 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-03-30 01:50:40 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-03-30 01:50:40 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-03-30 01:50:16 -------- d-----w- C:\ProgramData\PC Tools

2012-03-30 01:50:15 -------- d-----w- C:\Users\Fred\AppData\Roaming\TestApp

2012-03-30 00:35:19 -------- d-----w- C:\Users\Fred\AppData\Local\{413F9AA6-70B7-43FC-A314-96DB3B617499}

2012-03-30 00:18:17 -------- d-----w- C:\Users\Fred\AppData\Roaming\PCDr

2012-03-29 01:26:13 -------- d-----w- C:\Users\Fred\AppData\Local\{A3A4C29F-6C74-45A6-A78D-CE8B15DDF6CB}

2012-03-28 13:14:54 -------- d-----w- C:\Users\Fred\AppData\Local\{01720C6E-63E8-47E9-994E-D06469ED92DA}

2012-03-28 13:14:43 -------- d-----w- C:\Users\Fred\AppData\Local\{584D568F-71B7-4CE7-9396-AAFE2C9F430E}

2012-03-27 12:02:33 -------- d-----w- C:\Users\Fred\AppData\Local\{F68CC446-5020-4BD5-9792-6DFE2321D1F9}

2012-03-27 12:02:22 -------- d-----w- C:\Users\Fred\AppData\Local\{80E93CC7-11DE-4523-B7F7-CBB2C88202E9}

2012-03-26 12:04:27 -------- d-----w- C:\Users\Fred\AppData\Local\{58EAFADF-92D9-48DE-AC44-0ED984C4222F}

2012-03-26 12:04:17 -------- d-----w- C:\Users\Fred\AppData\Local\{E1D1E1E9-7F05-48A3-AEDF-30E509B89EB5}

2012-03-25 18:39:57 -------- d-----w- C:\Users\Fred\AppData\Local\{A7B59D97-22A1-4C4D-AADA-FD8AE99E3E30}

2012-03-25 18:39:46 -------- d-----w- C:\Users\Fred\AppData\Local\{D7DC2441-05EC-43FB-A3AA-6A4487F35FCA}

2012-03-24 15:42:01 -------- d-----w- C:\Users\Fred\AppData\Local\{F0FC8382-D864-4D9B-A95A-BE4C3FE97FDB}

2012-03-24 15:41:50 -------- d-----w- C:\Users\Fred\AppData\Local\{7056615F-D909-4D75-811E-5164856B5303}

2012-03-23 12:11:02 -------- d-----w- C:\Users\Fred\AppData\Local\{64C7A09A-BB56-4466-8AAB-41C9309A882F}

2012-03-23 12:10:51 -------- d-----w- C:\Users\Fred\AppData\Local\{2AE71A86-9247-440D-9309-DC3A154BBA8C}

2012-03-22 02:58:48 -------- d-----w- C:\Users\Fred\AppData\Local\{783CCE70-49DD-445D-8144-B6ACDA421C8B}

2012-03-22 02:58:38 -------- d-----w- C:\Users\Fred\AppData\Local\{4B582617-7F81-4B42-A12F-8FB2715A93B6}

2012-03-21 12:28:15 -------- d-----w- C:\Users\Fred\AppData\Local\{B2530FA9-9193-4317-8386-554EC07DBE69}

2012-03-21 12:28:04 -------- d-----w- C:\Users\Fred\AppData\Local\{4FDA260F-B787-48DF-96BC-32489DE843DD}

2012-03-20 12:25:56 -------- d-----w- C:\Users\Fred\AppData\Local\{F306D895-5946-46BF-9692-754AE2CFFB79}

2012-03-20 12:25:45 -------- d-----w- C:\Users\Fred\AppData\Local\{41546515-C324-4797-A18A-E31A87E94AB3}

2012-03-19 12:12:53 -------- d-----w- C:\Users\Fred\AppData\Local\{18547E97-668C-4C8F-A0B1-5E4DFCD367C9}

2012-03-19 12:12:43 -------- d-----w- C:\Users\Fred\AppData\Local\{4FAEB5AE-D83F-476D-9A21-7D7791BD431A}

2012-03-18 16:04:27 -------- d-----w- C:\Users\Fred\AppData\Local\{0348D933-CF9E-4CB0-B415-E6D99B8E1106}

2012-03-18 16:04:16 -------- d-----w- C:\Users\Fred\AppData\Local\{764E7BC4-9D88-42FC-889F-095071E1ABFF}

2012-03-17 16:09:11 -------- d-----w- C:\Users\Fred\AppData\Local\{BC3D26C9-3115-4217-81A5-CD50BC04E3E5}

2012-03-17 16:09:00 -------- d-----w- C:\Users\Fred\AppData\Local\{900579EA-C5DF-4A5C-B143-93878B069883}

2012-03-17 03:58:47 -------- d-----w- C:\Users\Fred\AppData\Local\{5F27F68F-845C-4724-A31B-C2B1A6AA78E2}

2012-03-17 03:58:36 -------- d-----w- C:\Users\Fred\AppData\Local\{17143974-3BD8-4544-A295-A0F9AA62F2B0}

2012-03-16 12:32:47 -------- d-----w- C:\Users\Fred\AppData\Local\{E75B0A74-BC1B-4AB3-914B-4B08D9C67842}

2012-03-16 12:32:36 -------- d-----w- C:\Users\Fred\AppData\Local\{154D87D5-7F5E-47DF-BC89-B0E847E0492B}

2012-03-15 10:01:17 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-15 10:01:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-15 10:01:17 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-15 03:19:28 -------- d-----w- C:\Users\Fred\AppData\Local\{5B01D637-328A-49D0-A9ED-195F4030F516}

2012-03-15 03:19:17 -------- d-----w- C:\Users\Fred\AppData\Local\{7D1AA0C4-6619-4877-B90F-DE59D119012E}

2012-03-14 12:19:29 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 12:19:28 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 12:19:28 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 12:18:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 12:18:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 12:18:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 12:18:54 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 12:18:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 12:18:54 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 12:18:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 12:10:39 -------- d-----w- C:\Users\Fred\AppData\Local\{3294424E-2355-4E87-A25C-070BDF00E89C}

2012-03-14 12:10:28 -------- d-----w- C:\Users\Fred\AppData\Local\{AE586977-1205-433A-BF65-9C6C6CB74410}

2012-03-11 15:18:46 -------- d-----w- C:\Users\Fred\AppData\Local\{36CA1994-1787-4B33-8203-2B4408B9EF24}

2012-03-11 15:18:35 -------- d-----w- C:\Users\Fred\AppData\Local\{DD3E365B-CF5A-415F-A309-FA37AE41DE4B}

2012-03-11 02:37:13 -------- d-----w- C:\Users\Fred\AppData\Local\{D0D1EC90-EB09-44AD-B7D5-CCA8CA95FEAD}

2012-03-11 02:37:00 -------- d-----w- C:\Users\Fred\AppData\Local\{C32FBE93-29AD-4926-A62A-F59DBF19A9EE}

2012-03-10 02:55:53 -------- d-----w- C:\Users\Fred\AppData\Local\{D92D5F5D-7489-4CEE-ADE2-5AC44AE6AF51}

2012-03-10 02:55:43 -------- d-----w- C:\Users\Fred\AppData\Local\{151CDA3B-92A9-4621-80A3-08A57EED6E76}

2012-03-09 13:09:06 -------- d-----w- C:\Users\Fred\AppData\Local\{474A4F1E-6351-4D21-A403-0340907DE58B}

2012-03-09 13:08:56 -------- d-----w- C:\Users\Fred\AppData\Local\{2C9D2F28-6C34-45A3-ADD6-288D82FD2081}

2012-03-08 12:58:51 -------- d-----w- C:\Users\Fred\AppData\Local\{A0C06B29-226A-4763-8B00-7FF8A21F2059}

2012-03-08 12:58:41 -------- d-----w- C:\Users\Fred\AppData\Local\{F0AD9BFE-42B7-40CC-8DB6-177E12832EB8}

2012-03-07 13:03:37 -------- d-----w- C:\Users\Fred\AppData\Local\{E6BCE90F-B044-401F-AB42-883B628A42D8}

2012-03-07 13:03:27 -------- d-----w- C:\Users\Fred\AppData\Local\{0169A9F2-D2DB-457F-8127-406C55F50416}

2012-03-06 13:08:01 -------- d-----w- C:\Users\Fred\AppData\Local\{2F5CE56D-5709-4F8C-8EB9-8912B0202756}

2012-03-06 13:07:50 -------- d-----w- C:\Users\Fred\AppData\Local\{52290BE9-CF7F-4E9B-B55B-AA1FF160AD4B}

2012-03-06 01:07:27 -------- d-----w- C:\Users\Fred\AppData\Local\{C4C95ACB-5B53-4073-AA47-92D62D4490F1}

2012-03-06 01:07:16 -------- d-----w- C:\Users\Fred\AppData\Local\{6C7F3C76-AB1F-47A6-A5C4-5447AA31CE37}

2012-03-05 13:06:53 -------- d-----w- C:\Users\Fred\AppData\Local\{F6471417-6F6A-4339-AA39-9E872D9ACD69}

2012-03-05 13:06:42 -------- d-----w- C:\Users\Fred\AppData\Local\{BE3CE07D-42F0-4D2F-BB1D-CDB25413A2CD}

2012-03-04 16:17:33 -------- d-----w- C:\Users\Fred\AppData\Local\{CC47CF87-54EB-4644-A866-E7BEAC496CC2}

2012-03-04 16:17:23 -------- d-----w- C:\Users\Fred\AppData\Local\{87510759-1BB7-4721-A2CB-E2D70E78C73A}

.

==================== Find3M ====================

.

2012-03-10 22:01:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 14:07:13.05 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/5/2011 6:39:09 PM

System Uptime: 4/2/2012 1:11:40 AM (13 hours ago)

.

Motherboard: Dell Inc. | | 0Y2MRG

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 385.525 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP52: 3/15/2012 3:00:12 AM - Windows Update

RP53: 3/16/2012 5:31:53 AM - Installed Dell Stage

RP54: 3/18/2012 3:00:20 AM - Windows Update

RP55: 3/25/2012 9:23:49 AM - Scheduled Checkpoint

RP56: 3/29/2012 5:20:20 PM - Restore Operation

RP57: 3/29/2012 6:46:50 PM - Installed Dell Support Center

.

==== Installed Programs ======================

.

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.2) MUI

AnswerWorks 5.0 English Runtime

Blio

Browser Defender 4.0

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Consumer In-Home Service Agreement

Cozi

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Digital Delivery

Dell Getting Started Guide

Dell MusicStage

Dell PhotoStage

Dell Stage

Dell VideoStage

DirectX 9 Runtime

High-Definition Video Playback

Intel® Rapid Storage Technology

Java Auto Updater

Java™ 6 Update 30

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.1.1000

Mesh Runtime

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Office XP Small Business

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Card Reader

Nero 10 Movie ThemePack Basic

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Norton Internet Security

PhotoShowExpress

PlayReady PC Runtime x86

Quicken 2009

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

Sonic CinePlayer Decoder Pack

SyncUP

THX TruStudio PC

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Warranty Wizard Ford

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

4/1/2012 9:27:37 AM, Error: Service Control Manager [7003] - The PC Tools Browser Defender Driver service depends the following service: PCTCore. This service might not be installed.

4/1/2012 9:15:29 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

4/1/2012 9:14:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

3/29/2012 7:00:53 PM, Error: PCTCore [280] -

3/29/2012 5:57:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

3/29/2012 5:27:14 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

3/29/2012 5:25:16 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

3/29/2012 5:03:48 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[racerx9]

Thanks for the repy, here is the latest scan from MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.04.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Fred :: FRED-XPS [administrator]

Protection: Enabled

4/4/2012 3:49:47 PM

mbam-log-2012-04-04 (15-49-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194412

Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I have had no trouble in the last 24 hrs or so. Maybe I got lucky any way able to remove it. I was worried after I did the restore that I may have screwed up and removed the traces but ot the virus

[MrCharlie]

OK, use it a couple of days and let me know how it is, MrC

[racerx9]

Thanks, I'll keep you posted.

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[racerx9]

All seems good. Thanks so much for all the resources this site has to offer. I think you can close the thread. I am considering purchasing MBAM. This may sound stupid but can it co exist with Norton? or should I just get rid of Norton? I know it is kind of a resource hog to say the least. It does, err, did make my feel secure, how secure it actually is, is now in question.

[MrCharlie]

Yes.....uninstall it and download and install Microsoft Security Essentials:

http://windows.micro...rity-essentials

Get the pro version of MB and you'll be well protected.

It's all in My Preventive Maintenance.

MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!