1st time noob with 10 regsitry hits, please help decipher

[seventech]

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by BT at 11:53:00 on 2012-10-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.12565 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\IDT\WDM\Beats64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\DllHost.exe

c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\foobar2000\foobar2000.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Program Files\OO Software\Defrag\oodtray.exe

C:\Program Files\OO Software\Defrag\oodcnt.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SelectionLinks: {f90a5a0d-cd98-49cc-9aa7-9cd11c7478bf} - C:\Program Files (x86)\OApps\bho.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll"

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\BT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\windows\Installer\{EAD525A8-13CD-400E-A01D-E4492BBB0FEC}\DefragIcon.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\windows\system32\Sendori.dll

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149} : NameServer = 216.146.35.240,216.146.36.240,192.168.0.1,205.171.3.25

TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll

BHO-X64: uTorrentControl_v2 - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: SelectionLinks: {F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} - C:\Program Files (x86)\OApps\bho.dll

BHO-X64: BHO_PROJECT - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll"

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll

mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun-x64: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.blabbermouth.net/|http://www.denverpost.com/|http://www.9news.com/|http://www.youtube.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\system32\drivers\iusb3hcs.sys --> C:\windows\system32\drivers\iusb3hcs.sys [?]

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R0 vididr;Acronis Virtual Disk;C:\windows\system32\DRIVERS\vididr.sys --> C:\windows\system32\DRIVERS\vididr.sys [?]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\windows\system32\DRIVERS\vsflt53.sys --> C:\windows\system32\DRIVERS\vsflt53.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-9-26 118632]

R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-9-15 138272]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2012-10-2 2552176]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-9-6 1134584]

R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-9-6 372736]

R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2012-9-6 447488]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-9-26 15208]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-9-26 3569512]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-9-15 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121012.001\IDSviA64.sys [2012-10-12 513184]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\system32\drivers\iusb3hub.sys --> C:\windows\system32\drivers\iusb3hub.sys [?]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\drivers\iusb3xhc.sys --> C:\windows\system32\drivers\iusb3xhc.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]

R3 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]

R3 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]

R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-9-6 625728]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-5-21 276288]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-22 115168]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-10-13 17:09:03 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-10-13 17:09:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-13 17:03:50 -------- d-----w- C:\windows\System32\oodag

2012-10-13 17:02:08 -------- d-----w- C:\Users\BT\AppData\Roaming\KeePass

2012-10-13 17:00:25 -------- d-----w- C:\Users\BT\AppData\Local\O&O

2012-10-13 16:59:45 -------- d-----w- C:\Program Files\OO Software

2012-10-13 16:58:14 -------- d-----w- C:\ProgramData\OO Software

2012-10-13 16:56:33 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2

2012-10-10 08:14:25 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-10-07 15:31:38 -------- d-----w- C:\Program Files (x86)\MediaFire

2012-10-03 05:18:21 -------- d-----w- C:\Users\BT\AppData\Local\Apple Computer

2012-10-03 05:18:14 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2012-10-03 05:17:47 -------- d-----w- C:\Program Files\iPod

2012-10-03 05:17:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-03 05:17:46 -------- d-----w- C:\Program Files\iTunes

2012-10-03 05:17:46 -------- d-----w- C:\Program Files (x86)\iTunes

2012-10-03 05:16:46 -------- d-----w- C:\Program Files\Bonjour

2012-10-03 05:16:46 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-10-03 04:22:01 -------- d-----w- C:\Users\BT\AppData\Roaming\IDT

2012-10-02 21:41:42 4873072 ----a-w- C:\windows\System32\ooscrsav.scr

2012-10-02 21:41:26 256368 ----a-w- C:\windows\System32\oodbs.exe

2012-10-02 21:41:02 537456 ----a-w- C:\windows\System32\oodssrs.dll

2012-10-02 21:40:56 10096 ----a-w- C:\windows\System32\oodbsrs.dll

2012-10-01 21:56:22 737952 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\srtsp64.sys

2012-10-01 21:56:22 451192 ----a-r- C:\windows\System32\drivers\NISx64\1309000.009\symds64.sys

2012-10-01 21:56:22 405624 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\symnets.sys

2012-10-01 21:56:22 37536 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\srtspx64.sys

2012-10-01 21:56:22 1129120 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\symefa64.sys

2012-10-01 21:56:21 190072 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\ironx64.sys

2012-10-01 21:56:21 167072 ----a-w- C:\windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys

2012-10-01 21:56:16 -------- d-----w- C:\windows\System32\drivers\NISx64\1309000.009

2012-09-30 23:29:11 -------- d-----w- C:\Users\BT\AppData\Local\Ilivid Player

2012-09-30 18:01:45 -------- d-----w- C:\Users\BT\AppData\Local\CrashDumps

2012-09-30 15:05:44 -------- d-----w- C:\Collections_2012

2012-09-30 15:04:28 -------- d-----w- C:\Video_DL

2012-09-30 09:01:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-09-30 00:44:09 -------- d-----w- C:\Program Files (x86)\Sony Setup

2012-09-30 00:36:39 -------- d-----w- C:\Users\BT\AppData\Local\Sony

2012-09-30 00:31:34 -------- d-----w- C:\Program Files (x86)\Sony

2012-09-28 23:11:32 -------- d-----w- C:\PFS8.1 PE_TMP

2012-09-28 23:09:24 -------- d-----w- C:\ProgramData\Panasonic

2012-09-28 22:58:43 -------- d-----w- C:\BT 2012 VIDEO

2012-09-28 22:58:34 -------- d-----w- C:\Users\BT\AppData\Local\Panasonic

2012-09-28 22:58:27 80024 ----a-w- C:\windows\SysWow64\PICSDK.dll

2012-09-28 22:58:27 71840 ----a-w- C:\windows\SysWow64\EPPicMgr.dll

2012-09-28 22:58:27 501912 ----a-w- C:\windows\SysWow64\PICSDK2.dll

2012-09-28 22:58:27 120992 ----a-w- C:\windows\SysWow64\EpPicPrt.dll

2012-09-28 22:58:27 108704 ----a-w- C:\windows\SysWow64\PICEntry.dll

2012-09-28 22:56:12 -------- d-----w- C:\Program Files (x86)\Common Files\Panasonic

2012-09-28 22:56:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2012-09-28 22:56:08 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-09-28 22:56:06 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2012-09-28 22:23:56 -------- d-----w- C:\Users\BT\AppData\Local\Apple

2012-09-28 21:39:26 -------- d-----w- C:\Users\BT\AppData\Local\Downloaded Installations

2012-09-28 21:38:31 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-09-28 21:38:10 -------- d-----w- C:\ProgramData\Seagate

2012-09-28 21:38:02 971360 ----a-w- C:\windows\System32\drivers\timntr.sys

2012-09-28 21:37:54 210016 ----a-w- C:\windows\System32\drivers\vididr.sys

2012-09-28 21:37:53 141920 ----a-w- C:\windows\System32\drivers\vsflt53.sys

2012-09-28 21:37:51 275552 ----a-w- C:\windows\System32\drivers\snapman.sys

2012-09-28 21:37:46 -------- d-----w- C:\Program Files (x86)\Seagate

2012-09-28 21:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\Seagate

2012-09-26 06:24:36 -------- d-----r- C:\Users\BT\Dropbox

2012-09-26 06:22:50 -------- d-----w- C:\Users\BT\AppData\Roaming\Dropbox

2012-09-26 03:14:41 245760 ----a-w- C:\windows\System32\OxpsConverter.exe

2012-09-25 13:07:53 -------- d-----w- C:\Torr

2012-09-25 02:43:17 -------- d-----w- C:\Program Files (x86)\SMPlayer

2012-09-25 02:42:00 321384 ----a-w- C:\windows\SysWow64\Sendori.dll

2012-09-25 02:41:57 -------- d-----w- C:\ProgramData\Sendori

2012-09-25 02:41:56 -------- d-----w- C:\Program Files (x86)\Sendori

2012-09-25 02:41:27 -------- d-----w- C:\Program Files (x86)\OApps

2012-09-24 04:39:48 258352 ----a-w- C:\windows\SysWow64\unicows.dll

2012-09-24 04:39:48 -------- d-----w- C:\Program Files (x86)\CD Wave

2012-09-24 04:20:41 -------- d-----w- C:\Users\BT\AppData\Roaming\Malwarebytes

2012-09-24 04:20:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-24 04:16:31 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-09-23 16:18:57 -------- d-----w- C:\Users\BT\dwhelper

2012-09-23 15:31:18 -------- d-----w- C:\Program Files (x86)\Amazon

2012-09-23 15:16:47 -------- d-----w- C:\ProgramData\Recovery

2012-09-23 14:40:53 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2012-09-23 14:40:22 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-09-23 14:40:22 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-09-23 14:40:09 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-23 14:17:34 -------- d-----w- C:\Program Files\CCleaner

2012-09-22 20:37:19 -------- d-----w- C:\Users\BT\AppData\Local\Macromedia

2012-09-22 20:30:51 -------- d-----w- C:\Users\BT\AppData\Local\Mozilla

2012-09-22 20:30:41 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-09-22 19:52:15 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll

2012-09-19 04:16:43 -------- d-----w- C:\Users\BT\AppData\Local\SeagateMenu

2012-09-18 12:50:11 -------- d-----w- C:\Users\BT\AppData\Roaming\foobar2000

2012-09-18 12:49:59 -------- d-----w- C:\Program Files (x86)\foobar2000

2012-09-17 09:38:48 -------- d-----w- C:\windows\SysWow64\Wat

2012-09-17 09:38:48 -------- d-----w- C:\windows\System32\Wat

2012-09-17 09:09:57 -------- d-----r- C:\Program Files (x86)\Skype

2012-09-17 09:05:11 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-09-17 09:05:11 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-09-17 09:05:11 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-09-17 09:05:10 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-09-17 09:05:10 5120 ----a-w- C:\windows\System32\wmi.dll

2012-09-17 00:31:54 -------- d-----w- C:\Users\BT\AppData\Roaming\HP Support Assistant

2012-09-16 16:26:14 -------- d-----w- C:\Users\BT\AppData\Roaming\HpUpdate

2012-09-16 15:41:02 90624 ----a-w- C:\windows\System32\drivers\bowser.sys

2012-09-16 15:41:00 1544704 ----a-w- C:\windows\System32\DWrite.dll

2012-09-16 15:41:00 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-09-16 15:31:15 -------- d-----w- C:\Users\BT\AppData\Local\Deployment

2012-09-16 15:31:15 -------- d-----w- C:\Users\BT\AppData\Local\Apps

2012-09-16 02:34:33 -------- d-----w- C:\Users\BT\AppData\Local\Google

2012-09-16 02:34:33 -------- d-----w- C:\Users\BT\AppData\Local\CRE

2012-09-16 02:34:27 -------- d-----w- C:\Program Files (x86)\Conduit

2012-09-16 02:34:24 -------- d-----w- C:\Users\BT\AppData\Local\Conduit

2012-09-16 02:34:22 -------- d-----w- C:\Program Files (x86)\uTorrentControl_v2

2012-09-16 02:33:51 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-09-16 02:33:19 -------- d-----w- C:\Users\BT\AppData\Roaming\uTorrent

2012-09-15 22:49:19 -------- d-----w- C:\ProgramData\VirtualizedApplications

2012-09-15 18:27:42 737952 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys

2012-09-15 18:27:42 451192 ----a-r- C:\windows\System32\drivers\NISx64\1308000.00E\symds64.sys

2012-09-15 18:27:42 405624 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\symnets.sys

2012-09-15 18:27:42 37536 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys

2012-09-15 18:27:42 190072 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\ironx64.sys

2012-09-15 18:27:42 167072 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys

2012-09-15 18:27:42 1129120 ----a-w- C:\windows\System32\drivers\NISx64\1308000.00E\symefa64.sys

2012-09-15 18:27:39 -------- d-----w- C:\windows\System32\drivers\NISx64\1308000.00E

2012-09-15 18:22:32 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-09-15 16:15:55 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-09-15 16:15:55 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-09-15 16:15:55 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-09-15 16:12:07 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-09-15 16:12:05 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-09-15 16:12:04 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-09-15 16:12:04 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-09-15 16:00:32 -------- d-----w- C:\COLLECTIONS

2012-09-15 15:59:25 -------- d-----w- C:\Users\BT\hpremote

2012-09-15 15:55:00 -------- d-----w- C:\Users\BT\AppData\Roaming\SoftGrid Client

2012-09-15 15:55:00 -------- d-----w- C:\Users\BT\AppData\Local\SoftGrid Client

2012-09-15 15:54:39 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client

2012-09-15 15:54:35 -------- d-----w- C:\Users\BT\AppData\Roaming\TP

2012-09-15 15:54:19 -------- d-----w- C:\Users\BT\AppData\Local\Diagnostics

2012-09-15 15:52:16 -------- dc----w- C:\Users\BT\AppData\Local\MigWiz

2012-09-15 15:48:50 -------- d-----w- C:\Users\BT\AppData\Local\PDFC

2012-09-15 15:48:49 -------- d-----w- C:\Users\BT\AppData\Local\Adobe

2012-09-15 15:48:22 -------- d-----w- C:\Users\BT\AppData\Local\VirtualStore

2012-09-15 15:44:13 -------- d-----w- C:\Users\BT\AppData\Local\TouchSmartData

.

==================== Find3M ====================

.

2012-10-03 04:20:46 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-03 04:20:46 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-09-06 20:49:13 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS

2012-09-06 20:21:13 296320 ----a-w- C:\windows\System32\drivers\volsnap.sys

2012-09-06 20:21:02 96768 ----a-w- C:\windows\System32\fsutil.exe

2012-09-06 20:21:02 74240 ----a-w- C:\windows\SysWow64\fsutil.exe

2012-09-06 20:21:02 410496 ----a-w- C:\windows\System32\drivers\iaStorV.sys

2012-09-06 20:21:02 27008 ----a-w- C:\windows\System32\drivers\amdxata.sys

2012-09-06 20:21:02 2565632 ----a-w- C:\windows\System32\esent.dll

2012-09-06 20:21:02 189824 ----a-w- C:\windows\System32\drivers\storport.sys

2012-09-06 20:21:02 1699328 ----a-w- C:\windows\SysWow64\esent.dll

2012-09-06 20:21:02 166272 ----a-w- C:\windows\System32\drivers\nvstor.sys

2012-09-06 20:21:02 148352 ----a-w- C:\windows\System32\drivers\nvraid.sys

2012-09-06 20:21:02 107904 ----a-w- C:\windows\System32\drivers\amdsata.sys

2012-09-06 20:20:51 515584 ----a-w- C:\windows\System32\timedate.cpl

2012-09-06 20:20:51 478720 ----a-w- C:\windows\SysWow64\timedate.cpl

2012-09-06 20:20:47 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll

2012-09-06 20:20:47 634880 ----a-w- C:\windows\System32\msvcrt.dll

2012-09-06 20:20:29 498688 ----a-w- C:\windows\System32\drivers\afd.sys

2012-09-06 20:20:25 1731920 ----a-w- C:\windows\System32\ntdll.dll

2012-09-06 20:20:25 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll

2012-09-06 20:20:13 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-09-06 20:20:13 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

2012-09-06 20:18:58 861696 ----a-w- C:\windows\System32\oleaut32.dll

2012-09-06 20:17:58 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll

2012-09-06 20:16:11 91648 ----a-w- C:\windows\System32\SetIEInstalledDate.exe

2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 19:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll

2012-08-21 19:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-11 00:56:03 715776 ----a-w- C:\windows\System32\kerberos.dll

2012-08-10 23:56:14 542208 ----a-w- C:\windows\SysWow64\kerberos.dll

2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys

.

============= FINISH: 11:53:33.46 ===============

http://forums.malwar...howtopic=117281

[jeffce]

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for the issues on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.
  

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Go ahead and run Malwarebytes again, remove what is found and post a new log.

---------

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  
• Click the Scan button to start scan.
  
• If you are asked to update the Avast Virus database please allow it to do so.
  
• When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.
  

Click the image to enlarge it

----------

[seventech]

since my last post I went to the auto shop and now on my return had a malwarebytes message saying I got a trojan.bho and a pup.fct.plugin (googlechrome) but I dont use chrome. i did try it but I didnt like it tyring the asmMBR now

[seventech]

did you want me to give yout the attach file that goes with the DDS post I made?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-13 16:23:03

-----------------------------

16:23:03.596 OS Version: Windows x64 6.1.7601 Service Pack 1

16:23:03.596 Number of processors: 8 586 0x3A09

16:23:03.596 ComputerName: BT12-HP UserName: BT

16:23:03.706 Initialze error 1

16:24:54.122 AVAST engine defs: 12101301

16:28:10.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:28:10.851 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3

16:28:10.866 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

16:28:10.866 Disk 1 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3

16:28:10.866 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3

16:28:10.866 Disk 2 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3

16:28:10.882 Disk 0 MBR read successfully

16:28:10.882 Disk 0 MBR scan

16:28:10.897 Disk 0 unknown MBR code

16:28:10.897 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

16:28:10.897 Disk 0 scanning C:\windows\system32\drivers

16:28:10.897 Service scanning

16:28:11.443 Modules scanning

16:28:11.443 Disk 0 trace - called modules:

16:28:11.443 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys iaStor.sys hal.dll

16:28:11.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d9a2790]

16:28:11.443 3 CLASSPNP.SYS[fffff88000cc143f] -> nt!IofCallDriver -> [0xfffffa800d897e30]

16:28:11.459 5 vsflt53.sys[fffff88000e64cfd] -> nt!IofCallDriver -> [0xfffffa800d870950]

16:28:11.459 7 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d9a1050]

16:28:11.459 AVAST engine scan C:\windows

16:28:11.459 AVAST engine scan C:\windows\system32

16:28:11.459 AVAST engine scan C:\windows\system32\drivers

16:28:11.475 AVAST engine scan C:\Users\BT

16:28:11.475 AVAST engine scan C:\ProgramData

16:28:11.475 Scan finished successfully

16:28:21.693 Disk 0 MBR has been saved successfully to "C:\MBR.dat"

16:28:21.693 The log file has been saved successfully to "C:\aswMBR.txt"

[seventech]

running malwarebytes again now and going to remove as suggested.

[seventech]

i didnt have problems earlier this week and did a restore point on my new system. and then made a set of win7 backup files on a usb stick, then today installed some new software:

O&O Defrag

Malwarebytes

KeePass

[seventech]

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.13.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

BT :: BT12-HP [administrator]

Protection: Enabled

10/13/2012 4:31:03 PM

mbam-log-2012-10-13 (16-31-03).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|K:\|Q:\|R:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209461

Time elapsed: 48 minute(s), 34 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 8

HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCR\CLSID\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[seventech]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-13 17:21:52

-----------------------------

17:21:52.032 OS Version: Windows x64 6.1.7601 Service Pack 1

17:21:52.032 Number of processors: 8 586 0x3A09

17:21:52.032 ComputerName: BT12-HP UserName: BT

17:21:52.052 Initialze error 1

17:21:58.550 AVAST engine defs: 12101301

17:22:01.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:22:01.171 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3

17:22:01.186 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

17:22:01.186 Disk 1 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3

17:22:01.186 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3

17:22:01.186 Disk 2 Vendor: ST3000DM CC4C Size: 2861588MB BusType: 3

17:22:01.218 Disk 0 MBR read successfully

17:22:01.218 Disk 0 MBR scan

17:22:01.218 Disk 0 unknown MBR code

17:22:01.233 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

17:22:01.233 Disk 0 scanning C:\windows\system32\drivers

17:22:01.233 Service scanning

17:22:01.857 Modules scanning

17:22:01.857 Disk 0 trace - called modules:

17:22:01.857 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys ACPI.sys iaStor.sys hal.dll

17:22:01.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d9a2790]

17:22:01.873 3 CLASSPNP.SYS[fffff88000cc143f] -> nt!IofCallDriver -> [0xfffffa800d897e30]

17:22:01.873 5 vsflt53.sys[fffff88000e64cfd] -> nt!IofCallDriver -> [0xfffffa800d870950]

17:22:01.888 7 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d9a1050]

17:22:01.888 AVAST engine scan C:\windows

17:22:01.904 AVAST engine scan C:\windows\system32

17:22:01.904 AVAST engine scan C:\windows\system32\drivers

17:22:01.904 AVAST engine scan C:\Users\BT

17:22:01.920 AVAST engine scan C:\ProgramData

17:22:01.920 Scan finished successfully

17:22:09.977 Disk 0 MBR has been saved successfully to "C:\MBR.dat"

17:22:09.977 The log file has been saved successfully to "C:\aswMBR2.txt"

[jeffce]

did you want me to give yout the attach file that goes with the DDS post I made?

Yes that would be great thank you. You can just attach it if you want.

--------------

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

• 
  When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.
  

----------

[seventech]

FOR AOME REson I xcan zip, cna I copy/paste? sorry dumb question, where's the attch function/button on this forum window?>

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

[jeffce]

Not a dumb question at all....please copy/paste the log.

[seventech]

ok, on my 2nd PC as when I started combo fix, the firefox window disappeared or crashed, look liks pc rebooted.let me log on

[seventech]

preparing log, do not run any programs until this has finished

[seventech]

yikes, now I got errors on both mozilla and ie. illrgal operation regitry key marked for deletion. not sure if I need to go into qurantine and retore something?

[seventech]

somethings alot worse now, I cant get to explorer and its asking to remove, it took away ie and now firefox. can get to files/folers or to malwarebytes

[jeffce]

illrgal operation regitry key marked for deletion. not sure if I need to go into qurantine and retore something?

Just go ahead and reboot your system once or twice and that should fix you up.

Are you able to boot to Safe Mode and get the ComboFix log that was created?

[seventech]

I can try safe mode, tried to go over the network and it wont take my log/pass. is it f8 to get into safe?

[jeffce]

is it f8 to get into safe?

Yes it is.

[seventech]

ok back on infected pc, wasnt able to get to f8 (safe) but had a second instance of IE (thnaks facebook). here's the first log

[seventech]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/15/2012 9:43:31 AM

System Uptime: 10/12/2012 10:55:42 PM (13 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2AD5

Processor: Intel® Core i7-3770 CPU @ 3.40GHz | | 3401/29285mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 911 GiB total, 601.918 GiB free.

D: is FIXED (NTFS) - 20 GiB total, 2.487 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 2794 GiB total, 2120.655 GiB free.

K: is FIXED (NTFS) - 2794 GiB total, 2794.219 GiB free.

R: is FIXED (NTFS) - 1397 GiB total, 345.929 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP26: 10/10/2012 3:00:13 AM - Windows Update

RP27: 10/13/2012 10:58:56 AM - Installed O&O Defrag Professional

.

==== Installed Programs ======================

.

µTorrent

4 Elements II

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 10

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Software Update

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Blio

Bubble Wrap

CD Wave Editor 1.98

Chuzzle Deluxe

Cradle of Rome 2

D3DX10

DirectX for Managed Code Update (Summer 2004)

Dora's World Adventure

Dropbox

Elements 10 Organizer

Escape the Emerald Star

Facebook

Farm Frenzy

Farmscapes

FATE

Final Drive Fury

foobar2000 v1.1.15

Golden Trails 2: The Lost Legacy Collector's Edition

Hewlett-Packard ACLM.NET v1.1.2.0

Hoyle Card Games

HP Calendar

HP Clock

HP Customer Experience Enhancements

HP Games

HP LinkUp

HP Magic Canvas

HP Magic Canvas Tutorials

HP Notes

HP Odometer

HP RSS

HP Setup

HP Support Assistant

HP Support Information

HP TouchSmart Background - Beats

HP TouchSmart RecipeBox

HP Update

HP Weather

ImgBurn

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 7

Java Auto Updater

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

KeePass Password Safe 2.20.1

LabelPrint

Luxor HD

Mah Jong Medley

Malwarebytes Anti-Malware version 1.65.0.1400

Mesh Runtime

Metric Converter

Microsoft Mathematics

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mortimer Beckett and the Crimson Thief Premium Edition

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Firefox 16.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Farm Life 2

Norton Internet Security

Norton Online Backup

opensource

PDF Complete Corporate Edition

Penguins!

PHOTOfunSTUDIO 8.1 PE

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PRE10STI64Installer

PSE10 STI Installer

Ralink 802.11n Wireless LAN Card

Recovery Manager

Remote Graphics Receiver

Roads of Rome 3

Seagate DiscWizard

Seagate Drive Settings Installer

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SelectionLinks

Sendori

Skype™ 5.10

SmartSound Common Data

SmartSound Sonicfire Pro 5

SMPlayer 0.6.9

Sony Sound Forge Audio Studio 9.0

Spot

System Requirements Lab for Intel

Tales of Lagoona

Tap Tap Bear

Torchlight

TSHostedAppLauncher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

uTorrentControl_v2 Toolbar

Virtual Villagers 4 - The Tree of Life

VLC media player 2.0.3

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Youda Fisherman

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

10/8/2012 6:05:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/8/2012 6:05:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/13/2012 12:12:56 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

10/12/2012 10:56:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

10/10/2012 6:31:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000006, 0xfffffa80119eb010). A dump was saved in: C:\windows\Minidump\101012-26566-01.dmp. Report Id: 101012-26566-01.

10/10/2012 2:31:35 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

[seventech]

combo fix log

ComboFix 12-10-13.04 - BT 10/13/2012 18:12:48.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16384.9774 [GMT -6:00]

Running from: c:\users\BT\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))

.

.

2012-10-14 00:16 . 2012-10-14 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-13 17:09 . 2012-10-13 17:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-13 17:09 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-13 17:03 . 2012-10-13 17:03 -------- d-----w- c:\windows\system32\oodag

2012-10-13 16:59 . 2012-10-13 16:59 -------- d-----w- c:\program files\OO Software

2012-10-13 16:58 . 2012-10-13 16:58 -------- d-----w- c:\programdata\OO Software

2012-10-13 16:56 . 2012-10-13 16:56 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2

2012-10-07 15:31 . 2012-10-07 15:31 -------- d-----w- c:\program files (x86)\MediaFire

2012-10-03 05:18 . 2012-10-03 05:18 -------- dc----w- c:\windows\system32\DRVSTORE

2012-10-03 05:18 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-03 05:17 . 2012-10-03 05:17 -------- d-----w- c:\program files\iPod

2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\program files\iTunes

2012-10-03 05:17 . 2012-10-03 05:18 -------- d-----w- c:\program files (x86)\iTunes

2012-10-03 05:17 . 2012-10-03 05:17 -------- d-----w- c:\programdata\Apple Computer

2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files\Common Files\Apple

2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files\Bonjour

2012-10-03 05:16 . 2012-10-03 05:16 -------- d-----w- c:\program files (x86)\Bonjour

2012-10-02 21:41 . 2012-10-02 21:41 4873072 ----a-w- c:\windows\system32\ooscrsav.scr

2012-10-02 21:41 . 2012-10-02 21:41 256368 ----a-w- c:\windows\system32\oodbs.exe

2012-10-02 21:41 . 2012-10-02 21:41 537456 ----a-w- c:\windows\system32\oodssrs.dll

2012-10-02 21:40 . 2012-10-02 21:40 10096 ----a-w- c:\windows\system32\oodbsrs.dll

2012-10-01 21:56 . 2012-10-01 21:56 -------- d-----w- c:\windows\system32\drivers\NISx64\1309000.009

2012-09-30 15:05 . 2012-09-30 15:05 -------- d-----w- C:\Collections_2012

2012-09-30 15:04 . 2012-09-30 15:04 -------- d-----w- C:\Video_DL

2012-09-30 09:01 . 2012-09-30 09:01 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-09-30 02:16 . 2012-09-30 02:16 -------- d-----w- c:\program files (x86)\ImgBurn

2012-09-30 00:44 . 2012-09-30 00:44 -------- d-----w- c:\program files (x86)\Sony Setup

2012-09-30 00:31 . 2012-09-30 00:31 -------- d-----w- c:\program files (x86)\Sony

2012-09-28 23:11 . 2012-10-01 01:17 -------- d-----w- C:\PFS8.1 PE_TMP

2012-09-28 23:09 . 2012-09-28 23:09 -------- d-----w- c:\programdata\Panasonic

2012-09-28 22:58 . 2012-10-01 01:10 -------- d-----w- C:\BT 2012 VIDEO

2012-09-28 22:58 . 2007-06-22 06:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll

2012-09-28 22:58 . 2006-10-31 06:10 71840 ----a-w- c:\windows\SysWow64\EPPicMgr.dll

2012-09-28 22:58 . 2006-10-31 06:10 120992 ----a-w- c:\windows\SysWow64\EpPicPrt.dll

2012-09-28 22:58 . 2006-10-20 06:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll

2012-09-28 22:58 . 2006-10-20 06:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll

2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files (x86)\Common Files\Panasonic

2012-09-28 22:56 . 2012-09-28 23:08 -------- d-----w- c:\program files (x86)\Panasonic

2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-09-28 22:56 . 2012-09-28 22:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-28 22:23 . 2012-10-03 05:17 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-09-28 22:23 . 2012-10-03 05:17 -------- d-----w- c:\programdata\Apple

2012-09-28 22:23 . 2012-09-28 22:23 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-09-28 22:17 . 2012-09-28 22:17 -------- d-----w- c:\users\Public\CyberLink

2012-09-28 21:38 . 2012-09-28 21:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-09-28 21:38 . 2012-09-28 21:42 -------- d-----w- c:\programdata\Seagate

2012-09-28 21:38 . 2012-09-28 21:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-09-28 21:37 . 2012-09-28 21:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys

2012-09-28 21:37 . 2012-09-28 21:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys

2012-09-28 21:37 . 2012-09-28 21:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\Acronis

2012-09-28 21:37 . 2012-09-28 21:42 -------- d-----w- c:\program files (x86)\Seagate

2012-09-28 21:37 . 2012-09-28 21:37 -------- d-----w- c:\program files (x86)\Common Files\Seagate

2012-09-26 03:14 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 13:07 . 2012-10-13 23:37 -------- d-----w- C:\Torr

2012-09-25 02:43 . 2012-09-25 02:43 -------- d-----w- c:\program files (x86)\SMPlayer

2012-09-25 02:42 . 2012-09-26 17:00 321384 ----a-w- c:\windows\SysWow64\Sendori.dll

2012-09-25 02:41 . 2012-09-26 23:29 -------- d-----w- c:\programdata\Sendori

2012-09-25 02:41 . 2012-09-26 23:29 -------- d-----w- c:\program files (x86)\Sendori

2012-09-25 02:41 . 2012-10-13 22:17 -------- d-----w- c:\program files (x86)\OApps

2012-09-24 04:39 . 2012-09-24 04:39 -------- d-----w- c:\program files (x86)\CD Wave

2012-09-24 04:39 . 2009-02-07 18:34 258352 ----a-w- c:\windows\SysWow64\unicows.dll

2012-09-24 04:20 . 2012-09-24 04:20 -------- d-----w- c:\programdata\Malwarebytes

2012-09-24 04:16 . 2012-09-24 04:16 -------- d-----w- c:\program files (x86)\VideoLAN

2012-09-23 15:31 . 2012-09-23 15:31 -------- d-----w- c:\program files (x86)\Amazon

2012-09-23 15:16 . 2012-09-23 15:17 -------- d-----w- c:\programdata\Recovery

2012-09-23 14:40 . 2012-09-23 14:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2012-09-23 14:40 . 2012-09-23 14:40 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-23 14:40 . 2012-09-23 14:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-23 14:40 . 2012-09-23 14:39 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-23 14:40 . 2012-09-23 14:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\program files (x86)\Java

2012-09-23 14:39 . 2012-09-23 14:39 -------- d-----w- c:\programdata\McAfee

2012-09-23 14:17 . 2012-10-08 04:56 -------- d-----w- c:\program files\CCleaner

2012-09-22 20:30 . 2012-10-14 00:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-09-22 19:52 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

2012-09-20 12:59 . 2012-10-10 09:01 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-09-18 12:49 . 2012-09-18 12:50 -------- d-----w- c:\program files (x86)\foobar2000

2012-09-17 09:38 . 2012-09-17 09:38 -------- d-----w- c:\windows\SysWow64\Wat

2012-09-17 09:38 . 2012-09-17 09:38 -------- d-----w- c:\windows\system32\Wat

2012-09-17 09:09 . 2012-09-17 09:09 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-09-17 09:09 . 2012-09-17 09:09 -------- d-----r- c:\program files (x86)\Skype

2012-09-17 09:05 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-09-17 09:05 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-09-17 09:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-09-17 09:05 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-09-17 09:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-09-17 03:10 . 2012-09-17 03:11 -------- d-----w- c:\program files\WinRAR

2012-09-16 15:41 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-09-16 15:41 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-09-16 15:41 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-09-16 02:34 . 2012-09-16 02:34 -------- d-----w- c:\program files (x86)\Conduit

2012-09-16 02:33 . 2012-09-16 02:33 -------- d-----w- c:\program files (x86)\uTorrent

2012-09-15 22:49 . 2012-09-15 22:55 -------- d-----w- c:\programdata\VirtualizedApplications

2012-09-15 18:27 . 2012-09-16 16:47 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E

2012-09-15 18:22 . 2012-09-15 18:22 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-09-15 16:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-09-15 16:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-09-15 16:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-09-15 16:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-09-15 16:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-09-15 16:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-09-15 16:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-09-15 16:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-09-15 16:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-09-15 16:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-09-15 16:12 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-09-15 16:12 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-09-15 16:00 . 2012-10-14 00:02 -------- d-----w- C:\COLLECTIONS

2012-09-15 15:54 . 2012-09-17 09:13 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-09-15 15:54 . 2012-09-15 15:54 -------- d-----w- c:\program files\Microsoft Office

2012-09-15 15:43 . 2012-10-07 20:07 -------- d-----w- c:\users\BT

2012-09-15 15:43 . 2012-09-15 15:43 -------- d-----w- c:\program files (x86)\Microsoft Mathematics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-03 04:20 . 2012-09-06 20:39 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-03 04:20 . 2012-09-06 20:39 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-15 16:41 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-09-06 20:49 . 2012-09-06 20:49 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-09-06 20:21 . 2012-09-06 20:21 296320 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-09-06 20:21 . 2012-09-06 20:21 96768 ----a-w- c:\windows\system32\fsutil.exe

2012-09-06 20:21 . 2012-09-06 20:21 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS

2012-09-06 20:21 . 2012-09-06 20:21 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2012-09-06 20:21 . 2012-09-06 20:21 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2012-09-06 20:21 . 2012-09-06 20:21 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2012-09-06 20:21 . 2012-09-06 20:21 2565632 ----a-w- c:\windows\system32\esent.dll

2012-09-06 20:21 . 2012-09-06 20:21 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2012-09-06 20:21 . 2012-09-06 20:21 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2012-09-06 20:21 . 2012-09-06 20:21 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2012-09-06 20:21 . 2012-09-06 20:21 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2012-09-06 20:21 . 2012-09-06 20:21 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2012-09-06 20:20 . 2012-09-06 20:20 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-09-06 20:20 . 2012-09-06 20:20 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-09-06 20:20 . 2012-09-06 20:20 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-09-06 20:20 . 2012-09-06 20:20 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-09-06 20:20 . 2012-09-06 20:20 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-09-06 20:20 . 2012-09-06 20:20 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-09-06 20:20 . 2012-09-06 20:20 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-09-06 20:20 . 2012-09-06 20:20 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-09-06 20:20 . 2012-09-06 20:20 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-09-06 20:19 . 2012-09-06 20:19 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-09-06 20:19 . 2012-09-06 20:19 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-09-06 20:19 . 2012-09-06 20:19 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-09-06 20:19 . 2012-09-06 20:19 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-09-06 20:19 . 2012-09-06 20:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2012-09-06 20:19 . 2012-09-06 20:19 723456 ----a-w- c:\windows\system32\EncDec.dll

2012-09-06 20:19 . 2012-09-06 20:19 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-09-06 20:19 . 2012-09-06 20:19 395776 ----a-w- c:\windows\system32\webio.dll

2012-09-06 20:19 . 2012-09-06 20:19 314880 ----a-w- c:\windows\SysWow64\webio.dll

2012-09-06 20:19 . 2012-09-06 20:19 31232 ----a-w- c:\windows\system32\lsass.exe

2012-09-06 20:19 . 2012-09-06 20:19 29184 ----a-w- c:\windows\system32\sspisrv.dll

2012-09-06 20:19 . 2012-09-06 20:19 28160 ----a-w- c:\windows\system32\secur32.dll

2012-09-06 20:19 . 2012-09-06 20:19 1447936 ----a-w- c:\windows\system32\lsasrv.dll

2012-09-06 20:19 . 2012-09-06 20:19 136192 ----a-w- c:\windows\system32\sspicli.dll

2012-09-06 20:19 . 2012-09-06 20:19 77312 ----a-w- c:\windows\system32\packager.dll

2012-09-06 20:19 . 2012-09-06 20:19 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-09-06 20:19 . 2012-09-06 20:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2012-09-06 20:19 . 2012-09-06 20:19 613888 ----a-w- c:\windows\system32\psisdecd.dll

2012-09-06 20:19 . 2012-09-06 20:19 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2012-09-06 20:19 . 2012-09-06 20:19 108032 ----a-w- c:\windows\system32\psisrndr.ax

2012-09-06 20:18 . 2012-09-06 20:18 861696 ----a-w- c:\windows\system32\oleaut32.dll

2012-09-06 20:18 . 2012-09-06 20:18 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2012-09-06 20:18 . 2012-09-06 20:18 331776 ----a-w- c:\windows\system32\oleacc.dll

2012-09-06 20:18 . 2012-09-06 20:18 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2012-09-06 20:18 . 2012-09-06 20:18 199680 ----a-w- c:\windows\system32\xmllite.dll

2012-09-06 20:18 . 2012-09-06 20:18 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2012-09-06 20:18 . 2012-09-06 20:18 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll

2012-09-06 20:18 . 2012-09-06 20:18 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll

2012-09-06 20:18 . 2012-09-06 20:18 212992 ----a-w- c:\windows\system32\odbctrac.dll

2012-09-06 20:18 . 2012-09-06 20:18 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll

2012-09-06 20:18 . 2012-09-06 20:18 163840 ----a-w- c:\windows\system32\odbccp32.dll

2012-09-06 20:18 . 2012-09-06 20:18 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll

2012-09-06 20:18 . 2012-09-06 20:18 106496 ----a-w- c:\windows\system32\odbccu32.dll

2012-09-06 20:18 . 2012-09-06 20:18 106496 ----a-w- c:\windows\system32\odbccr32.dll

2012-09-06 20:18 . 2012-09-06 20:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2012-09-06 20:18 . 2012-09-06 20:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2012-09-06 20:18 . 2012-09-06 20:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-09-06 20:18 . 2012-09-06 20:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2012-09-06 20:18 . 2012-09-06 20:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2012-09-06 20:18 . 2012-09-06 20:18 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe

2012-09-06 20:18 . 2012-09-06 20:18 778752 ----a-w- c:\windows\system32\mssvp.dll

2012-09-06 20:18 . 2012-09-06 20:18 75264 ----a-w- c:\windows\system32\msscntrs.dll

2012-09-06 20:18 . 2012-09-06 20:18 666624 ----a-w- c:\windows\SysWow64\mssvp.dll

2012-09-06 20:18 . 2012-09-06 20:18 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll

2012-09-06 20:18 . 2012-09-06 20:18 591872 ----a-w- c:\windows\system32\SearchIndexer.exe

2012-09-06 20:18 . 2012-09-06 20:18 491520 ----a-w- c:\windows\system32\mssph.dll

2012-09-06 20:18 . 2012-09-06 20:18 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe

2012-09-06 20:18 . 2012-09-06 20:18 337408 ----a-w- c:\windows\SysWow64\mssph.dll

2012-09-06 20:18 . 2012-09-06 20:18 288256 ----a-w- c:\windows\system32\mssphtb.dll

2012-09-06 20:18 . 2012-09-06 20:18 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2012-09-06 20:18 . 2012-09-06 20:18 2315776 ----a-w- c:\windows\system32\tquery.dll

2012-09-06 20:18 . 2012-09-06 20:18 2223616 ----a-w- c:\windows\system32\mssrch.dll

2012-09-06 20:18 . 2012-09-06 20:18 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll

2012-09-06 20:18 . 2012-09-06 20:18 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe

2012-09-06 20:18 . 2012-09-06 20:18 1549312 ----a-w- c:\windows\SysWow64\tquery.dll

2012-09-06 20:18 . 2012-09-06 20:18 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll

2012-09-06 20:18 . 2012-09-06 20:18 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe

2012-09-06 20:18 . 2012-09-06 20:18 976896 ----a-w- c:\windows\system32\inetcomm.dll

2012-09-06 20:18 . 2012-09-06 20:18 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2012-09-06 20:18 . 2012-09-06 20:18 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-09-06 20:18 . 2012-09-06 20:18 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-09-06 20:18 . 2012-09-06 20:18 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-09-06 20:18 . 2012-09-06 20:18 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-09-06 20:18 . 2012-09-06 20:18 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2012-09-06 20:18 . 2012-09-06 20:18 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-09-06 20:18 . 2012-09-06 20:18 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-09-06 20:18 . 2012-09-06 20:18 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-09-06 20:18 . 2012-09-06 20:18 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-09-06 20:18 . 2012-09-06 20:18 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-09-06 20:18 . 2012-09-06 20:18 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-09-06 20:18 . 2012-09-06 20:18 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-09-06 20:18 . 2012-09-06 20:18 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-09-06 20:18 . 2012-09-06 20:18 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2012-09-06 20:18 . 2012-09-06 20:18 2871808 ----a-w- c:\windows\explorer.exe

2012-09-06 20:18 . 2012-09-06 20:18 2616320 ----a-w- c:\windows\SysWow64\explorer.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-04-04 684024]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-09-26 82792]

"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]

.

c:\users\BT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\BT\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

O&O Defrag Tray.lnk - c:\windows\Installer\{EAD525A8-13CD-400E-A01D-E4492BBB0FEC}\DefragIcon.exe [2012-10-13 292878]

PHOTOfunSTUDIO 8.1 PE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-9-28 229000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [2011-08-19 625728]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-14 240408]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2011-12-05 16152]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-09-28 210016]

S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-09-28 141920]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]

S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-09-26 118632]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-14 193816]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-10-02 2552176]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-04-04 1134584]

S2 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2012-01-13 447488]

S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-09-26 15208]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-06-30 1191408]

S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-09-26 3569512]

S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-09-05 1385120]

S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-16 138912]

S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121012.001\IDSvia64.sys [2012-09-14 513184]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2011-12-05 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2011-12-05 785688]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECIx64.sys [2012-04-11 60184]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-03-06 1857600]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-08-15 451192]

S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-09 c:\windows\Tasks\HPCeeScheduleForBT.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\BT\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-30 1425408]

"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]

"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-10-02 7060848]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{1B56ABDA-6052-4E6D-8967-B10D06669149}: NameServer = 216.146.35.240,216.146.36.240,192.168.0.1,205.171.3.25

FF - ProfilePath - c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.blabbermouth.net/|http://www.denverpost.com/|http://www.9news.com/|http://www.youtube.com/

FF - ExtSQL: 2012-09-22 11:41; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn

FF - ExtSQL: 2012-09-22 13:52; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn

FF - ExtSQL: 2012-09-22 14:36; firegestures@xuldev.org; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\firegestures@xuldev.org.xpi

FF - ExtSQL: 2012-09-22 14:36; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2012-09-22 14:36; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - ExtSQL: 2012-09-22 14:40; {d62bb6fa-7192-47fd-b640-ad8855c444f3}; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\{d62bb6fa-7192-47fd-b640-ad8855c444f3}.xpi

FF - ExtSQL: 2012-09-24 20:41; plugin@selectionlinks.com; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\plugin@selectionlinks.com

FF - ExtSQL: 2012-10-12 23:00; openinie@wittersworld.com; c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\extensions\openinie@wittersworld.com.xpi

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec

WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG16.00.00.01PROFESSIONAL"="FE8CD8D0DC9866CA70103654B078419B736D244B80F564BD4D691B0B218CE944AA6350FAC66D54D6FEB29C6209EA5CD03819B554406B076AB93AA9172B6E9CF431B2BA2DE6AADAA1B6AF81E63A2A885FBCA0DF86A70ACD45FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3D8EDD5E5BE2F6E667FEBC9E127BECC74C8FC4B0BFFA267877943B2D34153B327B169C24A7BE85E9BB1603D4A010CD231E0A849F18CE9AADF048E175218A6D07D1CA432119030381A53D0856E8602B4526E0A39A5ABE32987BB810F77883D304E90D45808286C5B1853D51266E0B4938825AED5AFB88D31D0D9FB2085842C837B4AC5354CB313AD66698F1B281BA43C5F751F34B583B6E1140CDFB31445CA9A6C40EDF6241BD4FC3F3E8BA1FD7F03C2DE9320C8D2C3D743F5426E2AF243BDAC954A822A594BBF93BFE5DC6C30C01579F6402CE761C47D8E72C9E2276C21EC10D3D89144D598C31797CB6702D19123D4314D4198D2CE518BC4EC4B6A8CF1549CF80D1763B0968EF2806C85897E22099B14B568C8F4879AE66E5B5E323DE86616640344C86FD59366A57FDE2FAADFBA0F9FEC30EEDBEB71F7EC1262EEF67ACFA19C6F85C78793E08545253B87B2348829DCA70C7CCC1286C94D45D615345948CA2FEFDB191204AEDEE7CDAC4F54FFC7B136B412583662824AB36B40B41B52112B578B11C827B037138FCB7B77926E546C3C231579FA9E8D03AA19EFC635E070A73E7992EB275C32420212606CAFAA3230D58CE56E1E7ED062DF31CCC98465076F525CD3E3C613C180D5BF0676008285842533C57BEE492D76132C457F0D7DADEC7AA7A68ED706EE5553E7A59E4EABD2E298330DADEC58060AA01443732E3D84C6919DF8CCABDB12AC805389939247D707BD974201E953ABE50AD5AD1D61DCE4FCF36D1CC87C3AF82280A33AD701BD8F0E6EDE6AC0DC315138DA4D9C98B1A19F9E1E6B99012E4E814A6D008DD529692820FF6F9C9EFA0B882107B290D315762E1FB38928205E32E056E7D6836DA45447F08D5B405C0632138FC6744475E342E22EE5BEC92B56AA7039CD79A07B739D7C3DC89312F2BA7A1E1E9443BEADCF3525B7DA3EDF2A9834EBBC2CC76E34EE50EB08BBA1C5D0FE9DCAF618F30AFA9BDF62D6007CD1C9B20F364E4EE6A263626F9AA06B1BAE7828E4CD7636D5A0D769C9CC0C3A35749F915B8337CF1F66739388499B15B60ED4CD93C9563248643A801923E4739EBF7671A9565752F320B583CE8E9E94CF84EE9F7CEA3471F9254D93D00D67EAA00EC394C53B93324443347B6B50E7BB882308CF677476B6CF106D6895EBBF2801CADFBAB90F388EFEAC8EB935179A8FA8FFB17C77FC29DBFAC61A202FAA39E66DA076D1D425C4058"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Ralink\Common\RaRegistry.exe

c:\program files (x86)\Sendori\SendoriUp.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

.

**************************************************************************

.

Completion time: 2012-10-13 18:28:11 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-14 00:28

.

Pre-Run: 647,411,646,464 bytes free

Post-Run: 647,591,124,992 bytes free

.

- - End Of File - - 07B9163DC709B3F962C801D7395226D5

[seventech]

whew, thats was scary! wish I knew root cause? maybe when I turned OFF no script with firefox, it let something in perhaps?

[jeffce]

maybe when I turned OFF no script with firefox, it let something in perhaps?

Maybe....let's see what happens.

Do the following in Normal Mode if possible...if not please boot to Safe Mode to

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

  
  ClearJavaCache::
  DDS::
  uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
  mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
  BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
  BHO: SelectionLinks: {f90a5a0d-cd98-49cc-9aa7-9cd11c7478bf} - C:\Program Files (x86)\OApps\bho.dll
  TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
  BHO-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
  BHO-X64: uTorrentControl_v2 - No File
  BHO-X64: SelectionLinks: {F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} - C:\Program Files (x86)\OApps\bho.dll
  BHO-X64: BHO_PROJECT - No File
  TB-X64: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
  DirLook::
  C:\Users\BT\AppData\Roaming\foobar2000
  Firefox::
  FF - ProfilePath - c:\users\BT\AppData\Roaming\Mozilla\Firefox\Profiles\2aaesapi.default\
  FF - prefs.js: browser.startup.homepage - hxxp://www.blabbermouth.net/|http://www.denverpost.com/|http://www.9news.com/|http://www.youtube.com/
  Folder::
  c:\program files (x86)\Conduit
  C:\Users\BT\AppData\Local\Conduit
  

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix may request an update; please allow it.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you. Post the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please post the new ComboFix log and let me know how your system is running now.

[seventech]

ok got it running now, on box2 again

[jeffce]

When ComboFix finishes go ahead and post the log and let me know how your system is running.