Jump to content

Recommended Posts

.

DDS (Ver_11-03-05.01) - NTFS_AMD64 NETWORK

Run by MaryAnn at 4:46:24.20 on Mon 03/28/2011

Internet Explorer: 8.0.7601.17514

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2826 [GMT -4:00]

.

AV: Norton Security Suite *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\Downloads\dds (1).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP

mStart Page = hxxp://www.yahoo.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {395610AE-C624-4f58-B89E-23733EA00F9A} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

uRun: [C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run] "C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\dpotspluginie8.dll

BHO-X64: HP SimplePass Identity Protection Extension - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll

FF - plugin: C:\Users\MaryAnn\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\MaryAnn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2011-3-28 36384]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-2-9 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-2-9 221232]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-19 46136]

R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2011-3-28 24024]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-1 38456]

S0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-3-27 33800]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-10 1124472]

S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-2-9 615040]

S1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSviA64.sys [2011-3-21 476792]

S1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2011-3-28 65736]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-2-9 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-2-9 451120]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58:56];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-7-1 146928]

S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-13 89600]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203264]

S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-3-28 6746280]

S2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-6 338168]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]

S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]

S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2011-2-9 126392]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-9-29 206120]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-9-29 185640]

S2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 2184496]

S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 7767552]

S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 279040]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-3-10 132656]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-26 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]

S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-2-26 17920]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-1 239136]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-1 295424]

S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-6 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]

S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-03-28 07:50:50 -------- d-----w- C:\Program Files (x86)\RegistryFix8

2011-03-28 07:30:10 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys

2011-03-28 07:30:10 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys

2011-03-28 07:30:09 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys

2011-03-28 07:30:09 -------- d-----w- C:\Program Files\Prevx

2011-03-28 07:29:49 -------- d-----w- C:\PROGRA~3\PrevxCSI

2011-03-28 00:36:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-28 00:36:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com

2011-03-28 00:35:14 -------- d-----w- C:\PROGRA~3\!SASCORE

2011-03-28 00:35:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-03-28 00:26:38 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys

2011-03-11 17:50:37 -------- d-----w- C:\Windows\System32\SPReview

2011-03-11 17:50:08 -------- d-----w- C:\Windows\System32\EventProviders

2011-03-11 17:47:05 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-03-11 17:47:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-03-11 17:45:59 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll

2011-03-11 17:44:59 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-03-11 17:43:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll

2011-03-11 17:42:59 71168 ----a-w- C:\Windows\bfsvc.exe

2011-03-11 17:41:46 323072 ------w- C:\Windows\SysWow64\drvstore.dll

2011-03-11 17:41:46 257024 ------w- C:\Windows\SysWow64\dpx.dll

2011-03-11 17:41:34 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-03-11 17:41:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll

2011-03-11 17:36:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-03-11 17:36:28 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-03-11 17:36:28 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-03-11 17:36:04 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-03-11 17:35:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-03-11 17:34:28 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-03-11 17:34:27 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-03-11 17:11:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-03-11 17:11:52 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll

2011-03-11 13:23:53 -------- d-----w- C:\$RECYCLE.BIN

2011-03-11 13:15:18 89088 ----a-w- C:\Windows\MBR.exe

2011-03-11 13:15:18 256512 ----a-w- C:\Windows\PEV.exe

2011-03-11 13:15:18 161792 ----a-w- C:\Windows\SWREG.exe

2011-03-11 13:15:17 98816 ----a-w- C:\Windows\sed.exe

2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations

2011-03-11 07:46:28 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil

2011-03-11 07:44:44 -------- d-----w- C:\PROGRA~3\Returnil

2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie

2011-03-11 07:23:50 -------- d-----w- C:\!KillBox

2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes

2011-03-11 07:23:12 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-03-11 07:23:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-03-11 07:18:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-03-10 18:29:20 -------- d-----w- C:\Program Files (x86)\Panda Security

2011-03-10 17:00:48 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-03-09 20:42:09 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-03-09 20:39:38 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-09 20:39:35 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity

2011-03-06 19:41:58 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio

2011-03-06 19:04:30 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12

2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla

.

==================== Find3M ====================

.

2011-03-11 17:59:44 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:30:51 1076736 ------w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ------w- C:\Windows\SysWow64\d2d1.dll

2011-02-07 06:34:01 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll

2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-01-24 02:30:35 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys

2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 07:46:34 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 34304 ------w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 06:01:22 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb

2011-01-07 05:43:36 294400 ------w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys

2011-01-05 05:55:55 428032 ------w- C:\Windows\SysWow64\vbscript.dll

.

============= FINISH: 4:47:28.51 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6190

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.7601.17514

3/28/2011 11:09:28 AM

mbam-log-2011-03-28 (11-09-28).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 434880

Time elapsed: 51 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\MaryAnn\downloads\setup (1).exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\Users\MaryAnn\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

attach.zip.zip

Link to post
Share on other sites

Hi mareimbri02 and Welcome to Malwarebytes!

I see you can't run Malwarebytes in normal mode. Let's see what we can do.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

  1. eXplorer.exe - This renamed copy may trigger an alert from MBAM. It can be ignored and is safe.
  2. WiNlOgOn.exe

Please post the log in your next reply. (To see what was terminate).

Once you've gotten one of them to run then try to immediately run the following:

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hello and thank you for getting to me so soon! I did as you said, but now I've lost my external mouse and my internet is mostly down. As for Combo fix, I was unable to do anything with my Norton. I do believe it's a casualty of this wretched virus. But here are the log files.

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 03/28/2011 at 14:53:13.

Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

Rkill completed on 03/28/2011 at 14:53:26.

ComboFix 11-03-28.01 - MaryAnn 03/28/2011 14:29:04.3.3 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2765 [GMT -4:00]

Running from: c:\users\MaryAnn\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Security Suite *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))

.

.

2011-03-28 18:32 . 2011-03-28 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-28 07:50 . 2011-03-28 07:52 -------- d-----w- c:\program files (x86)\RegistryFix8

2011-03-28 07:30 . 2011-03-28 07:30 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-03-28 07:30 . 2011-03-28 07:30 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-03-28 07:30 . 2011-03-28 07:32 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-03-28 07:30 . 2011-03-28 07:30 -------- d-----w- c:\program files\Prevx

2011-03-28 07:29 . 2011-03-28 07:32 -------- d-----w- c:\programdata\PrevxCSI

2011-03-28 00:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-28 00:36 . 2011-03-28 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com

2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\programdata\!SASCORE

2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-03-28 00:26 . 2009-06-30 14:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys

2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\SPReview

2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\EventProviders

2011-03-11 17:47 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-03-11 17:47 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-03-11 17:45 . 2010-11-20 13:25 1975296 ----a-w- c:\windows\system32\CertEnroll.dll

2011-03-11 17:44 . 2010-11-20 13:27 183808 ----a-w- c:\windows\system32\prncache.dll

2011-03-11 17:43 . 2010-11-20 13:27 65536 ----a-w- c:\windows\system32\RpcRtRemote.dll

2011-03-11 17:42 . 2010-11-20 13:27 337920 ----a-w- c:\windows\system32\raschap.dll

2011-03-11 17:41 . 2010-11-20 12:18 323072 ------w- c:\windows\SysWow64\drvstore.dll

2011-03-11 17:41 . 2010-11-20 12:18 257024 ------w- c:\windows\SysWow64\dpx.dll

2011-03-11 17:41 . 2010-11-20 12:21 363008 ------w- c:\windows\SysWow64\wbemcomn.dll

2011-03-11 17:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-03-11 17:36 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-03-11 17:36 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-03-11 17:36 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-03-11 17:36 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-03-11 17:35 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-03-11 17:34 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-03-11 17:34 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-03-11 17:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-03-11 17:11 . 2011-01-17 05:47 161792 ------w- c:\windows\SysWow64\d3d10_1.dll

2011-03-11 16:50 . 2011-03-16 05:52 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Media Player Classic

2011-03-11 13:09 . 2011-03-11 13:09 -------- d-----w- c:\users\MaryAnn\AppData\Local\Downloaded Installations

2011-03-11 07:46 . 2011-03-11 07:46 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Returnil

2011-03-11 07:44 . 2011-03-11 07:44 -------- d-----w- c:\programdata\Returnil

2011-03-11 07:34 . 2011-03-11 07:34 -------- d-----w- c:\program files\Sandboxie

2011-03-11 07:23 . 2011-03-28 08:00 -------- d-----w- C:\!KillBox

2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Malwarebytes

2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\programdata\Malwarebytes

2011-03-11 07:23 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-11 07:18 . 2011-03-11 07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-03-10 18:29 . 2011-03-28 00:26 -------- d-----w- c:\program files (x86)\Panda Security

2011-03-10 17:00 . 2011-03-10 17:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-03-09 20:42 . 2011-03-09 20:42 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-03-09 20:39 . 2011-03-09 20:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-09 20:39 . 2011-03-09 20:39 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-08 21:57 . 2011-03-08 21:57 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Unity

2011-03-06 19:41 . 2011-03-06 19:41 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Rovio

2011-03-06 19:04 . 2011-03-28 04:12 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12

2011-03-06 18:59 . 2011-03-06 18:59 -------- d-----w- c:\users\MaryAnn\AppData\Local\Mozilla

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 17:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-03-10 17:01 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-14 00:17 . 2011-02-14 00:18 515584 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2011-02-14 00:17 . 2011-02-14 00:18 431616 ----a-w- c:\windows\system32\stcplx64.dll

2011-02-14 00:17 . 2011-02-14 00:18 1466880 ----a-w- c:\windows\system32\stapo64.dll

2011-02-14 00:17 . 2010-07-02 02:52 487424 ----a-w- c:\windows\sttray64.exe

2011-02-14 00:17 . 2010-07-02 02:52 1952256 ----a-w- c:\windows\system32\stlang64.dll

2011-02-14 00:17 . 2011-02-14 00:18 646656 ------w- c:\windows\system32\stapi64.dll

2011-02-14 00:17 . 2010-07-02 02:52 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2011-02-14 00:17 . 2010-07-02 02:52 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2011-02-14 00:17 . 2010-07-02 02:52 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2011-02-14 00:17 . 2010-07-02 02:52 162304 ----a-w- c:\windows\system32\AESTAC64.dll

2011-02-14 00:17 . 2010-07-02 02:52 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2011-02-14 00:17 . 2010-07-02 02:52 12829184 ----a-w- c:\windows\system32\idtcpl64.cpl

2011-02-14 00:17 . 2010-07-02 02:51 209920 ----a-w- c:\windows\system32\staco64.dll

2011-02-07 06:34 . 2011-02-07 06:34 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll

2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll

2011-01-24 02:30 . 2011-01-24 02:30 834544 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-01-07 12:17 . 2011-02-22 23:22 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 12:17 . 2011-02-22 23:22 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 12:14 . 2011-02-11 18:57 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 09:51 . 2011-02-11 18:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-01-07 09:20 . 2011-02-11 18:57 366592 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 07:46 . 2011-02-22 23:22 870912 ------w- c:\windows\SysWow64\XpsPrint.dll

2011-01-07 07:46 . 2011-02-22 23:22 288256 ------w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45 . 2011-02-11 18:57 34304 ------w- c:\windows\SysWow64\atmlib.dll

2011-01-07 06:01 . 2011-02-11 18:57 1638912 ------w- c:\windows\SysWow64\mshtml.tlb

2011-01-07 05:43 . 2011-02-11 18:57 294400 ------w- c:\windows\SysWow64\atmfd.dll

2011-01-05 10:34 . 2011-02-11 18:56 612864 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 06:56 . 2011-02-11 18:57 3129344 ----a-w- c:\windows\system32\win32k.sys

2011-01-05 05:55 . 2011-02-11 18:56 428032 ------w- c:\windows\SysWow64\vbscript.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-03-28_15.40.09 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 02:36 . 2011-03-28 15:17 655932 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-03-28 18:07 655932 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-03-28 18:07 118846 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-03-28 15:17 118846 c:\windows\system32\perfc009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-03-23 3528504]

"C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 1004088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]

R1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]

R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 476792]

R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-02-23 00:23 146928]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-14 89600]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-03-28 6746280]

R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-11 132656]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000Core.job

- c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36]

.

2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000UA.job

- c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36]

.

2011-03-16 c:\windows\Tasks\HPCeeScheduleForEVANGELEON$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

2011-03-23 c:\windows\Tasks\HPCeeScheduleForMaryAnn.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-03-28 14:34:11

ComboFix-quarantined-files.txt 2011-03-28 18:34

ComboFix2.txt 2011-03-28 15:42

ComboFix3.txt 2011-03-11 13:26

.

Pre-Run: 280,758,288,384 bytes free

Post-Run: 280,460,681,216 bytes free

.

- - End Of File - - 5A65994F3145335F97382238856F43D8

Thanks again! I'll be looking for your response!

Link to post
Share on other sites

I see you ran ComboFix.exe back on March 11?

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Thanks once again for your prompt reply. I was once again unable to so much as open my Norton file in either normal or safe modes. But I ran the scanner anyway and this is the log file.

C:\Program Files (x86)\RegistryFix8\RegFix8.exe Win32/Adware.ErrorClean application

C:\Program Files (x86)\RegistryFix8\UninstlDll.dll Win32/Adware.ErrorClean application

Link to post
Share on other sites

Hi again,

Run CFScript

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::
Folder::
C:\Program Files (x86)\RegistryFix8\RegFix8.exe
C:\Program Files (x86)\RegistryFix8\UninstlDll.dll
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Okay, was able to do it, then it rebooted in normal mode while I was getting a coffee and I was afraid to restart in Safe Mode until it produced the log and well...here we are. I'm still not able to access the Norton to turn it off... Thanks for baring with me through this and here is the new log...

ComboFix 11-03-28.01 - MaryAnn 03/28/2011 19:32:29.6.3 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2650 [GMT -4:00]

Running from: c:\users\MaryAnn\Desktop\ComboFix.exe

Command switches used :: c:\users\MaryAnn\Desktop\CFScript.txt

AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))

.

.

2011-03-28 23:36 . 2011-03-28 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-28 20:26 . 2011-03-28 20:26 -------- d-----w- c:\program files (x86)\ESET

2011-03-28 18:50 . 2011-03-28 18:50 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll

2011-03-28 07:50 . 2011-03-28 07:52 -------- d-----w- c:\program files (x86)\RegistryFix8

2011-03-28 07:30 . 2011-03-28 07:30 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys

2011-03-28 07:30 . 2011-03-28 07:30 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys

2011-03-28 07:30 . 2011-03-28 07:32 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2011-03-28 07:30 . 2011-03-28 07:30 -------- d-----w- c:\program files\Prevx

2011-03-28 07:29 . 2011-03-28 07:32 -------- d-----w- c:\programdata\PrevxCSI

2011-03-28 00:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-28 00:36 . 2011-03-28 00:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com

2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\programdata\!SASCORE

2011-03-28 00:35 . 2011-03-28 00:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-03-28 00:26 . 2009-06-30 14:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys

2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\SPReview

2011-03-11 17:50 . 2011-03-11 17:50 -------- d-----w- c:\windows\system32\EventProviders

2011-03-11 17:47 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2011-03-11 17:47 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-03-11 17:45 . 2010-11-20 13:25 1975296 ----a-w- c:\windows\system32\CertEnroll.dll

2011-03-11 17:44 . 2010-11-20 13:27 183808 ----a-w- c:\windows\system32\prncache.dll

2011-03-11 17:43 . 2010-11-20 13:27 65536 ----a-w- c:\windows\system32\RpcRtRemote.dll

2011-03-11 17:42 . 2010-11-20 13:27 337920 ----a-w- c:\windows\system32\raschap.dll

2011-03-11 17:41 . 2010-11-20 12:18 323072 ------w- c:\windows\SysWow64\drvstore.dll

2011-03-11 17:41 . 2010-11-20 12:18 257024 ------w- c:\windows\SysWow64\dpx.dll

2011-03-11 17:41 . 2010-11-20 12:21 363008 ------w- c:\windows\SysWow64\wbemcomn.dll

2011-03-11 17:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-03-11 17:36 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-03-11 17:36 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-03-11 17:36 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-03-11 17:36 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-03-11 17:35 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-03-11 17:34 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-03-11 17:34 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

2011-03-11 17:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2011-03-11 17:11 . 2011-01-17 05:47 161792 ------w- c:\windows\SysWow64\d3d10_1.dll

2011-03-11 16:50 . 2011-03-16 05:52 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Media Player Classic

2011-03-11 13:09 . 2011-03-11 13:09 -------- d-----w- c:\users\MaryAnn\AppData\Local\Downloaded Installations

2011-03-11 07:46 . 2011-03-11 07:46 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Returnil

2011-03-11 07:44 . 2011-03-11 07:44 -------- d-----w- c:\programdata\Returnil

2011-03-11 07:34 . 2011-03-11 07:34 -------- d-----w- c:\program files\Sandboxie

2011-03-11 07:23 . 2011-03-28 08:00 -------- d-----w- C:\!KillBox

2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Malwarebytes

2011-03-11 07:23 . 2011-03-11 07:23 -------- d-----w- c:\programdata\Malwarebytes

2011-03-11 07:23 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-11 07:18 . 2011-03-11 07:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-03-10 18:29 . 2011-03-28 00:26 -------- d-----w- c:\program files (x86)\Panda Security

2011-03-10 17:00 . 2011-03-10 17:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-03-09 20:42 . 2011-03-09 20:42 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-03-09 20:39 . 2011-03-09 20:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-09 20:39 . 2011-03-09 20:39 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-08 21:57 . 2011-03-08 21:57 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Unity

2011-03-06 19:41 . 2011-03-06 19:41 -------- d-----w- c:\users\MaryAnn\AppData\Roaming\Rovio

2011-03-06 19:04 . 2011-03-28 04:12 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12

2011-03-06 18:59 . 2011-03-06 18:59 -------- d-----w- c:\users\MaryAnn\AppData\Local\Mozilla

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 17:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-03-10 17:01 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-14 00:17 . 2011-02-14 00:18 515584 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2011-02-14 00:17 . 2011-02-14 00:18 431616 ----a-w- c:\windows\system32\stcplx64.dll

2011-02-14 00:17 . 2011-02-14 00:18 1466880 ----a-w- c:\windows\system32\stapo64.dll

2011-02-14 00:17 . 2010-07-02 02:52 487424 ----a-w- c:\windows\sttray64.exe

2011-02-14 00:17 . 2010-07-02 02:52 1952256 ----a-w- c:\windows\system32\stlang64.dll

2011-02-14 00:17 . 2011-02-14 00:18 646656 ------w- c:\windows\system32\stapi64.dll

2011-02-14 00:17 . 2010-07-02 02:52 68608 ----a-w- c:\windows\system32\AESTAR64.dll

2011-02-14 00:17 . 2010-07-02 02:52 442368 ----a-w- c:\windows\system32\AESTEC64.dll

2011-02-14 00:17 . 2010-07-02 02:52 220672 ----a-w- c:\windows\system32\HPToneCtrls64.dll

2011-02-14 00:17 . 2010-07-02 02:52 162304 ----a-w- c:\windows\system32\AESTAC64.dll

2011-02-14 00:17 . 2010-07-02 02:52 90624 ----a-w- c:\windows\system32\AESTCo64.dll

2011-02-14 00:17 . 2010-07-02 02:52 12829184 ----a-w- c:\windows\system32\idtcpl64.cpl

2011-02-14 00:17 . 2010-07-02 02:51 209920 ----a-w- c:\windows\system32\staco64.dll

2011-02-07 06:34 . 2011-02-07 06:34 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-01-26 22:59 . 2011-01-26 22:59 708608 ----a-w- c:\windows\system32\aticfx64.dll

2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll

2011-01-24 02:30 . 2011-01-24 02:30 834544 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-01-07 12:17 . 2011-02-22 23:22 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-07 12:17 . 2011-02-22 23:22 1465344 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-07 12:14 . 2011-02-11 18:57 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 09:51 . 2011-02-11 18:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-01-07 09:20 . 2011-02-11 18:57 366592 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 07:46 . 2011-02-22 23:22 870912 ------w- c:\windows\SysWow64\XpsPrint.dll

2011-01-07 07:46 . 2011-02-22 23:22 288256 ------w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45 . 2011-02-11 18:57 34304 ------w- c:\windows\SysWow64\atmlib.dll

2011-01-07 06:01 . 2011-02-11 18:57 1638912 ------w- c:\windows\SysWow64\mshtml.tlb

2011-01-07 05:43 . 2011-02-11 18:57 294400 ------w- c:\windows\SysWow64\atmfd.dll

2011-01-05 10:34 . 2011-02-11 18:56 612864 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 06:56 . 2011-02-11 18:57 3129344 ----a-w- c:\windows\system32\win32k.sys

2011-01-05 05:55 . 2011-02-11 18:56 428032 ------w- c:\windows\SysWow64\vbscript.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-03-28_15.40.09 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-03-28 08:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-03-28 23:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-03-28 08:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-28 23:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-28 23:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-28 08:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-05 14:57 . 2011-03-25 09:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-01-05 14:57 . 2011-03-28 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-05 14:57 . 2011-03-25 09:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-05 14:57 . 2011-03-28 19:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-25 09:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-28 19:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-05 16:03 . 2011-03-28 18:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-05 16:03 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-03-28 19:00 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-01-05 16:03 . 2011-03-28 18:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-01-05 16:03 . 2011-03-28 08:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-01-05 16:03 . 2011-03-28 18:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-01-05 16:03 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-05 22:07 . 2011-03-28 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-01-05 22:07 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-07-02 23:20 . 2011-03-28 08:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-07-02 23:20 . 2011-03-28 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-28 15:11 . 2011-03-28 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-03-28 23:38 . 2011-03-28 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-28 15:11 . 2011-03-28 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-28 23:38 . 2011-03-28 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 02:36 . 2011-03-28 19:42 655932 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-03-28 15:17 655932 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-03-28 19:42 118846 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-03-28 15:17 118846 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-03-28 08:27 415888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-03-28 19:36 415888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:34 . 2011-03-28 19:34 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2011-03-12 01:29 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2011-03-23 3528504]

"C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="c:\users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 1004088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]

R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]

S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 1124472]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 476792]

S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-02-23 00:23 146928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-02-14 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-03-28 6746280]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-11 132656]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]

S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000Core.job

- c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36]

.

2011-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3604800606-611926856-1989045834-1000UA.job

- c:\users\MaryAnn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 16:36]

.

2011-03-16 c:\windows\Tasks\HPCeeScheduleForEVANGELEON$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

2011-03-23 c:\windows\Tasks\HPCeeScheduleForMaryAnn.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

.

**************************************************************************

.

Completion time: 2011-03-28 19:44:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-28 23:44

ComboFix2.txt 2011-03-28 19:54

ComboFix3.txt 2011-03-28 18:34

ComboFix4.txt 2011-03-28 15:42

ComboFix5.txt 2011-03-28 23:30

.

Pre-Run: 279,664,832,512 bytes free

Post-Run: 279,592,091,648 bytes free

.

- - End Of File - - CD7BCC50A355DC7946D9870B61F89252

Link to post
Share on other sites

Update Run Malwarebytes

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Okay and here's the log file.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6199

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 8.0.7601.17514

3/28/2011 10:57:18 PM

mbam-log-2011-03-28 (22-57-18).txt

Scan type: Quick scan

Objects scanned: 165783

Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\MaryAnn\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hey Kenny, thanks for your help. I tried to answer your question, but I was unable to add to the posting. I was

running everything in safe mode because I was totally unable to log into normal mode. Now, thanks to your

help, I am now able to log into normal mode and get at my Norton. I'm still having problems though. For one

thing, my screen saver has reverted to one that I'd used up until two weeks ago, my external mouse refuses

to be recognized. My wireless internet waits six minutes to be able to go online, when I tether it to my phone,

it recognizes everything very nicely...and still won't log online. Finally, I am able to go back online, reinstalled

malware bytes and did everything else. I also ran my Norton Antivirus and it's found five issues. Here are the

log files. I can't find anything with malware bytes. I hope we can fix this, I'd hate to put all this work on

everyone and still end up having to lose everything I've saved. Thanks once again, I am eternally in your debt.

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by MaryAnn at 23:58:09.62 on Mon 03/28/2011

Internet Explorer: 8.0.7601.17514

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1749 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Users\MaryAnn\Downloads\dds (2).scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=Z030&form=ZGAPHP

mStart Page = hxxp://www.yahoo.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital

Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {395610AE-C624-4f58-B89E-23733EA00F9A} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton

Security Suite\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files

(x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:

\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program

Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:

\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security

Suite\Engine\4.3.0.5\coIEPlg.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital

Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run] "C:\Users\MaryAnn\AppData

\Local\Google\Chrome\Application\chrome.exe" --type=service

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

/install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:

\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:

\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program

Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:

\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-

windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} -

hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-

windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-

windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo

Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:

\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files

\LightScribe\LSRunOnce.exe"

BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:

\Program Files\DigitalPersona\Bin\dpotspluginie8.dll

BHO-X64: HP SimplePass Identity Protection Extension - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files

\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:

\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\MaryAnn\AppData\Roaming\Mozilla\Firefox\Profiles\fk1k01f1.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll

FF - plugin: C:\Users\MaryAnn\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\MaryAnn\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-2

-9 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers

\N360x64\0403000.005\symefa64.sys [2011-2-9 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-10 1124472]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-2

-9 615040]

R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2009-11-11 20056]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSviA64.sys [2011-3-21 476792]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-

2-9 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers

\N360x64\0403000.005\symtdiv.sys [2011-2-9 451120]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/07/01 19:58:56];C:\Program Files

(x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-7-1 146928]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-13 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26

203264]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

[2011-1-26 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE

\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config

\DVMExportService.exe [2010-3-6 338168]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP

Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared

\HPDrvMntSvc.exe [2010-10-14 92216]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18

20480]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

[2011-2-9 126392]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin

\sprtsvc.exe [2010-9-29 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin

\tgsrvc.exe [2010-9-29 185640]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6

2184496]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-2-19 46136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-20 7767552]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-20 279040]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared

\EENGINE\EraserUtilRebootDrv.sys [2011-3-10 132656]

R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2011-2-26 17920]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-1 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-26 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

[2010-9-23 1493352]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program

Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]

S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

[2011-1-7 63304]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows

\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

[2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7

-1 239136]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-1 295424]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe

[2011-1-6 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers

\yk62x64.sys [2009-6-10 389120]

S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager

\CinemaNowSvc.exe [2010-2-26 127984]

S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB

\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh

\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-03-29 03:48:03 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-29 03:47:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-28 23:39:16 -------- d-----w- C:\$RECYCLE.BIN

2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming

\SUPERAntiSpyware.com

2011-03-28 00:35:14 -------- d-----w- C:\PROGRA~3\!SASCORE

2011-03-28 00:35:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-03-11 17:50:37 -------- d-----w- C:\Windows\System32\SPReview

2011-03-11 17:50:08 -------- d-----w- C:\Windows\System32\EventProviders

2011-03-11 17:47:05 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-03-11 17:47:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-03-11 17:45:59 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll

2011-03-11 17:44:59 288256 ----a-w- C:\Windows\System32\MSNP.ax

2011-03-11 17:43:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll

2011-03-11 17:42:59 71168 ----a-w- C:\Windows\bfsvc.exe

2011-03-11 17:41:46 323072 ------w- C:\Windows\SysWow64\drvstore.dll

2011-03-11 17:41:46 257024 ------w- C:\Windows\SysWow64\dpx.dll

2011-03-11 17:41:34 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-03-11 17:41:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll

2011-03-11 17:36:28 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-03-11 17:36:28 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-03-11 17:36:28 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-03-11 17:36:04 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-03-11 17:35:51 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-03-11 17:34:28 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-03-11 17:34:27 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-03-11 17:11:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-03-11 17:11:52 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll

2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations

2011-03-11 07:46:28 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil

2011-03-11 07:44:44 -------- d-----w- C:\PROGRA~3\Returnil

2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie

2011-03-11 07:23:50 -------- d-----w- C:\!KillBox

2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes

2011-03-11 07:23:12 -------- d-----w- C:\PROGRA~3\Malwarebytes

2011-03-11 07:23:09 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-03-11 07:18:09 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-03-10 18:29:20 -------- d-----w- C:\Program Files (x86)\Panda Security

2011-03-10 17:00:48 737072 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages

\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-03-09 20:42:09 4277016 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX

\UpdateableMarkup\markup.dll

2011-03-09 20:39:38 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX

\dSM\StartResources.dll

2011-03-09 20:39:35 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight

\MCESpotlight\SpotlightResources.dll

2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity

2011-03-06 19:41:58 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio

2011-03-06 19:04:30 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12

2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla

.

==================== Find3M ====================

.

2011-03-11 17:59:44 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:30:51 1076736 ------w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ------w- C:\Windows\SysWow64\d2d1.dll

2011-02-07 06:34:01 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll

2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-01-24 02:30:35 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys

2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 07:46:34 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 34304 ------w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 06:01:22 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb

2011-01-07 05:43:36 294400 ------w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys

2011-01-05 05:55:55 428032 ------w- C:\Windows\SysWow64\vbscript.dll

.

============= FINISH: 0:00:13.55 ===============

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6200

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

3/29/2011 12:01:40 AM

mbam-log-2011-03-29 (00-01-40).txt

Scan type: Quick scan

Objects scanned: 166393

Time elapsed: 12 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Okay.... Let's start over. We'll run Combofix in normal mode. We'll remove it and download a fresh copy.

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Next

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Okay, I'm not sure if you're even still up, but it finally completed. So here's the log. Thanks again. You are turning out to be my very best friend. :-)

ComboFix 11-03-28.03 - MaryAnn 03/29/2011 1:38:54.7.3 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1787 [GMT -4:00]

Running from: C:\Users\MaryAnn\Downloads\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))

2011-03-29 05:53:20 . 2011-03-29 05:53:20 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-03-29 03:48:03 . 2010-12-20 22:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-29 03:47:57 . 2011-03-29 03:48:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-28 00:35:20 . 2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com

2011-03-28 00:35:14 . 2011-03-28 00:35:14 -------- d-----w- C:\ProgramData\!SASCORE

2011-03-28 00:35:11 . 2011-03-29 03:27:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-03-11 17:50:37 . 2011-03-11 17:50:38 -------- d-----w- C:\Windows\system32\SPReview

2011-03-11 17:50:08 . 2011-03-11 17:50:09 -------- d-----w- C:\Windows\system32\EventProviders

2011-03-11 17:47:05 . 2010-11-05 01:57:12 48976 ----a-w- C:\Windows\system32\netfxperf.dll

2011-03-11 17:47:05 . 2010-11-05 01:57:10 1942856 ----a-w- C:\Windows\system32\dfshim.dll

2011-03-11 17:45:59 . 2010-11-20 13:25:48 1975296 ----a-w- C:\Windows\system32\CertEnroll.dll

2011-03-11 17:44:59 . 2010-11-20 13:27:23 183808 ----a-w- C:\Windows\system32\prncache.dll

2011-03-11 17:43:59 . 2010-11-20 13:27:24 65536 ----a-w- C:\Windows\system32\RpcRtRemote.dll

2011-03-11 17:42:59 . 2010-11-20 13:27:24 337920 ----a-w- C:\Windows\system32\raschap.dll

2011-03-11 17:41:46 . 2010-11-20 12:18:34 323072 ------w- C:\Windows\SysWow64\drvstore.dll

2011-03-11 17:41:46 . 2010-11-20 12:18:34 257024 ------w- C:\Windows\SysWow64\dpx.dll

2011-03-11 17:41:34 . 2010-11-20 12:21:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll

2011-03-11 17:41:34 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-03-11 17:36:28 . 2010-11-20 13:27:28 524288 ----a-w- C:\Windows\system32\wmicmiplugin.dll

2011-03-11 17:36:28 . 2010-11-20 13:27:27 529408 ----a-w- C:\Windows\system32\wbemcomn.dll

2011-03-11 17:36:28 . 2010-11-20 13:27:27 1225216 ----a-w- C:\Windows\system32\wbem\wbemcore.dll

2011-03-11 17:36:04 . 2010-11-20 13:27:25 933376 ----a-w- C:\Windows\system32\SmiEngine.dll

2011-03-11 17:35:51 . 2010-11-20 13:25:02 199168 ----a-w- C:\Windows\system32\PkgMgr.exe

2011-03-11 17:34:28 . 2010-11-20 13:26:07 422912 ----a-w- C:\Windows\system32\drvstore.dll

2011-03-11 17:34:27 . 2010-11-20 13:26:07 399872 ----a-w- C:\Windows\system32\dpx.dll

2011-03-11 17:11:52 . 2011-01-17 11:09:14 197120 ----a-w- C:\Windows\system32\d3d10_1.dll

2011-03-11 17:11:52 . 2011-01-17 05:47:13 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll

2011-03-11 16:50:28 . 2011-03-16 05:52:29 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Media Player Classic

2011-03-11 13:09:05 . 2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations

2011-03-11 07:46:28 . 2011-03-11 07:46:30 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil

2011-03-11 07:44:44 . 2011-03-11 07:44:44 -------- d-----w- C:\ProgramData\Returnil

2011-03-11 07:34:10 . 2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie

2011-03-11 07:23:50 . 2011-03-28 08:00:13 -------- d-----w- C:\!KillBox

2011-03-11 07:23:24 . 2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes

2011-03-11 07:23:12 . 2011-03-11 07:23:12 -------- d-----w- C:\ProgramData\Malwarebytes

2011-03-11 07:23:09 . 2010-12-20 22:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-03-11 07:18:09 . 2011-03-11 07:18:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-03-10 18:29:20 . 2011-03-29 03:26:33 -------- d-----w- C:\Program Files (x86)\Panda Security

2011-03-10 17:00:48 . 2011-03-10 17:00:48 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-03-09 20:42:09 . 2011-03-09 20:42:09 4277016 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-03-09 20:39:38 . 2011-03-09 20:39:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-09 20:39:35 . 2011-03-09 20:39:35 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-08 21:57:49 . 2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity

2011-03-06 19:41:58 . 2011-03-06 19:41:59 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio

2011-03-06 19:04:30 . 2011-03-28 04:12:21 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12

2011-03-06 18:59:18 . 2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-11 17:59:44 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll

2011-03-10 17:01:05 . 2010-06-24 16:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-14 00:17:48 . 2011-02-14 00:18:13 515584 ----a-w- C:\Windows\system32\drivers\stwrt64.sys

2011-02-14 00:17:48 . 2011-02-14 00:18:13 431616 ----a-w- C:\Windows\system32\stcplx64.dll

2011-02-14 00:17:48 . 2011-02-14 00:18:13 1466880 ----a-w- C:\Windows\system32\stapo64.dll

2011-02-14 00:17:48 . 2010-07-02 02:52:26 487424 ----a-w- C:\Windows\sttray64.exe

2011-02-14 00:17:48 . 2010-07-02 02:52:26 1952256 ----a-w- C:\Windows\system32\stlang64.dll

2011-02-14 00:17:47 . 2011-02-14 00:18:13 646656 ------w- C:\Windows\system32\stapi64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 68608 ----a-w- C:\Windows\system32\AESTAR64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 442368 ----a-w- C:\Windows\system32\AESTEC64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 220672 ----a-w- C:\Windows\system32\HPToneCtrls64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 162304 ----a-w- C:\Windows\system32\AESTAC64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:26 90624 ----a-w- C:\Windows\system32\AESTCo64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:26 12829184 ----a-w- C:\Windows\system32\idtcpl64.cpl

2011-02-14 00:17:47 . 2010-07-02 02:51:58 209920 ----a-w- C:\Windows\system32\staco64.dll

2011-02-07 06:34:01 . 2011-02-07 06:34:09 173104 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS

2011-01-26 22:59:10 . 2011-01-26 22:59:10 708608 ----a-w- C:\Windows\system32\aticfx64.dll

2011-01-26 22:32:46 . 2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\system32\atiumd6v.dll

2011-01-24 02:30:35 . 2011-01-24 02:30:35 834544 ----a-w- C:\Windows\system32\drivers\sptd.sys

2011-01-07 12:17:52 . 2011-02-22 23:22:04 475648 ----a-w- C:\Windows\system32\XpsGdiConverter.dll

2011-01-07 12:17:52 . 2011-02-22 23:22:04 1465344 ----a-w- C:\Windows\system32\XpsPrint.dll

2011-01-07 12:14:11 . 2011-02-11 18:57:00 46080 ----a-w- C:\Windows\system32\atmlib.dll

2011-01-07 09:51:01 . 2011-02-11 18:57:15 1638912 ----a-w- C:\Windows\system32\mshtml.tlb

2011-01-07 09:20:44 . 2011-02-11 18:57:00 366592 ----a-w- C:\Windows\system32\atmfd.dll

2011-01-07 07:46:34 . 2011-02-22 23:22:04 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 . 2011-02-22 23:22:04 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 . 2011-02-11 18:57:00 34304 ------w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 06:01:22 . 2011-02-11 18:57:15 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb

2011-01-07 05:43:36 . 2011-02-11 18:57:00 294400 ------w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 10:34:00 . 2011-02-11 18:56:43 612864 ----a-w- C:\Windows\system32\vbscript.dll

2011-01-05 06:56:24 . 2011-02-11 18:57:11 3129344 ----a-w- C:\Windows\system32\win32k.sys

2011-01-05 05:55:55 . 2011-02-11 18:56:43 428032 ------w- C:\Windows\SysWow64\vbscript.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 07:15:04 1004088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 23:13:58 51445112]

R3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 19:52:48 63304]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 01:20:56 174440]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x]

R4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 23:27:16 127984]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 08:18:54 360224]

R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]

S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 21:59:11 1124472]

S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]

S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys [x]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 01:12:56 476792]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 18:23:05 14920]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 18:23:05 12360]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 17:49:27 128752]

Link to post
Share on other sites

Thanks for getting back to me again. I noticed the file looked off too, so I re-ran Combofix at two and it got to fifty and apparently locked, providing no log or anything. I just at eleven gave it up and manually turned it back off and when I did, the only report generated looks like this again:

ComboFix 11-03-28.03 - MaryAnn 03/29/2011 1:38:54.7.3 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1787 [GMT -4:00]

Running from: C:\Users\MaryAnn\Downloads\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))

2011-03-29 05:53:20 . 2011-03-29 05:53:20 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-03-29 03:48:03 . 2010-12-20 22:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-29 03:47:57 . 2011-03-29 03:48:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-03-28 00:35:20 . 2011-03-28 00:35:20 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\SUPERAntiSpyware.com

2011-03-28 00:35:14 . 2011-03-28 00:35:14 -------- d-----w- C:\ProgramData\!SASCORE

2011-03-28 00:35:11 . 2011-03-29 03:27:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-03-11 17:50:37 . 2011-03-11 17:50:38 -------- d-----w- C:\Windows\system32\SPReview

2011-03-11 17:50:08 . 2011-03-11 17:50:09 -------- d-----w- C:\Windows\system32\EventProviders

2011-03-11 17:47:05 . 2010-11-05 01:57:12 48976 ----a-w- C:\Windows\system32\netfxperf.dll

2011-03-11 17:47:05 . 2010-11-05 01:57:10 1942856 ----a-w- C:\Windows\system32\dfshim.dll

2011-03-11 17:45:59 . 2010-11-20 13:25:48 1975296 ----a-w- C:\Windows\system32\CertEnroll.dll

2011-03-11 17:44:59 . 2010-11-20 13:27:23 183808 ----a-w- C:\Windows\system32\prncache.dll

2011-03-11 17:43:59 . 2010-11-20 13:27:24 65536 ----a-w- C:\Windows\system32\RpcRtRemote.dll

2011-03-11 17:42:59 . 2010-11-20 13:27:24 337920 ----a-w- C:\Windows\system32\raschap.dll

2011-03-11 17:41:46 . 2010-11-20 12:18:34 323072 ------w- C:\Windows\SysWow64\drvstore.dll

2011-03-11 17:41:46 . 2010-11-20 12:18:34 257024 ------w- C:\Windows\SysWow64\dpx.dll

2011-03-11 17:41:34 . 2010-11-20 12:21:34 363008 ------w- C:\Windows\SysWow64\wbemcomn.dll

2011-03-11 17:41:34 . 2010-11-20 12:19:02 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-03-11 17:36:28 . 2010-11-20 13:27:28 524288 ----a-w- C:\Windows\system32\wmicmiplugin.dll

2011-03-11 17:36:28 . 2010-11-20 13:27:27 529408 ----a-w- C:\Windows\system32\wbemcomn.dll

2011-03-11 17:36:28 . 2010-11-20 13:27:27 1225216 ----a-w- C:\Windows\system32\wbem\wbemcore.dll

2011-03-11 17:36:04 . 2010-11-20 13:27:25 933376 ----a-w- C:\Windows\system32\SmiEngine.dll

2011-03-11 17:35:51 . 2010-11-20 13:25:02 199168 ----a-w- C:\Windows\system32\PkgMgr.exe

2011-03-11 17:34:28 . 2010-11-20 13:26:07 422912 ----a-w- C:\Windows\system32\drvstore.dll

2011-03-11 17:34:27 . 2010-11-20 13:26:07 399872 ----a-w- C:\Windows\system32\dpx.dll

2011-03-11 17:11:52 . 2011-01-17 11:09:14 197120 ----a-w- C:\Windows\system32\d3d10_1.dll

2011-03-11 17:11:52 . 2011-01-17 05:47:13 161792 ------w- C:\Windows\SysWow64\d3d10_1.dll

2011-03-11 16:50:28 . 2011-03-16 05:52:29 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Media Player Classic

2011-03-11 13:09:05 . 2011-03-11 13:09:05 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Downloaded Installations

2011-03-11 07:46:28 . 2011-03-11 07:46:30 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Returnil

2011-03-11 07:44:44 . 2011-03-11 07:44:44 -------- d-----w- C:\ProgramData\Returnil

2011-03-11 07:34:10 . 2011-03-11 07:34:10 -------- d-----w- C:\Program Files\Sandboxie

2011-03-11 07:23:50 . 2011-03-28 08:00:13 -------- d-----w- C:\!KillBox

2011-03-11 07:23:24 . 2011-03-11 07:23:24 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Malwarebytes

2011-03-11 07:23:12 . 2011-03-11 07:23:12 -------- d-----w- C:\ProgramData\Malwarebytes

2011-03-11 07:23:09 . 2010-12-20 22:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-03-11 07:18:09 . 2011-03-11 07:18:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-03-10 18:29:20 . 2011-03-29 03:26:33 -------- d-----w- C:\Program Files (x86)\Panda Security

2011-03-10 17:00:48 . 2011-03-10 17:00:48 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-03-09 20:42:09 . 2011-03-09 20:42:09 4277016 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-03-09 20:39:38 . 2011-03-09 20:39:38 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-09 20:39:35 . 2011-03-09 20:39:35 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-08 21:57:49 . 2011-03-08 21:57:49 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Unity

2011-03-06 19:41:58 . 2011-03-06 19:41:59 -------- d-----w- C:\Users\MaryAnn\AppData\Roaming\Rovio

2011-03-06 19:04:30 . 2011-03-28 04:12:21 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12

2011-03-06 18:59:18 . 2011-03-06 18:59:18 -------- d-----w- C:\Users\MaryAnn\AppData\Local\Mozilla

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-11 17:59:44 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll

2011-03-10 17:01:05 . 2010-06-24 16:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-14 00:17:48 . 2011-02-14 00:18:13 515584 ----a-w- C:\Windows\system32\drivers\stwrt64.sys

2011-02-14 00:17:48 . 2011-02-14 00:18:13 431616 ----a-w- C:\Windows\system32\stcplx64.dll

2011-02-14 00:17:48 . 2011-02-14 00:18:13 1466880 ----a-w- C:\Windows\system32\stapo64.dll

2011-02-14 00:17:48 . 2010-07-02 02:52:26 487424 ----a-w- C:\Windows\sttray64.exe

2011-02-14 00:17:48 . 2010-07-02 02:52:26 1952256 ----a-w- C:\Windows\system32\stlang64.dll

2011-02-14 00:17:47 . 2011-02-14 00:18:13 646656 ------w- C:\Windows\system32\stapi64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 68608 ----a-w- C:\Windows\system32\AESTAR64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 442368 ----a-w- C:\Windows\system32\AESTEC64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 220672 ----a-w- C:\Windows\system32\HPToneCtrls64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:27 162304 ----a-w- C:\Windows\system32\AESTAC64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:26 90624 ----a-w- C:\Windows\system32\AESTCo64.dll

2011-02-14 00:17:47 . 2010-07-02 02:52:26 12829184 ----a-w- C:\Windows\system32\idtcpl64.cpl

2011-02-14 00:17:47 . 2010-07-02 02:51:58 209920 ----a-w- C:\Windows\system32\staco64.dll

2011-02-07 06:34:01 . 2011-02-07 06:34:09 173104 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS

2011-01-26 22:59:10 . 2011-01-26 22:59:10 708608 ----a-w- C:\Windows\system32\aticfx64.dll

2011-01-26 22:32:46 . 2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\system32\atiumd6v.dll

2011-01-24 02:30:35 . 2011-01-24 02:30:35 834544 ----a-w- C:\Windows\system32\drivers\sptd.sys

2011-01-07 12:17:52 . 2011-02-22 23:22:04 475648 ----a-w- C:\Windows\system32\XpsGdiConverter.dll

2011-01-07 12:17:52 . 2011-02-22 23:22:04 1465344 ----a-w- C:\Windows\system32\XpsPrint.dll

2011-01-07 12:14:11 . 2011-02-11 18:57:00 46080 ----a-w- C:\Windows\system32\atmlib.dll

2011-01-07 09:51:01 . 2011-02-11 18:57:15 1638912 ----a-w- C:\Windows\system32\mshtml.tlb

2011-01-07 09:20:44 . 2011-02-11 18:57:00 366592 ----a-w- C:\Windows\system32\atmfd.dll

2011-01-07 07:46:34 . 2011-02-22 23:22:04 870912 ------w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 . 2011-02-22 23:22:04 288256 ------w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 . 2011-02-11 18:57:00 34304 ------w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 06:01:22 . 2011-02-11 18:57:15 1638912 ------w- C:\Windows\SysWow64\mshtml.tlb

2011-01-07 05:43:36 . 2011-02-11 18:57:00 294400 ------w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 10:34:00 . 2011-02-11 18:56:43 612864 ----a-w- C:\Windows\system32\vbscript.dll

2011-01-05 06:56:24 . 2011-02-11 18:57:11 3129344 ----a-w- C:\Windows\system32\win32k.sys

2011-01-05 05:55:55 . 2011-02-11 18:56:43 428032 ------w- C:\Windows\SysWow64\vbscript.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ----a-w- C:\Users\MaryAnn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C:!Users!MaryAnn!AppData!Local!Google!Chrome!User Data_service_run"="C:\Users\MaryAnn\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-03-17 07:15:04 1004088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 23:13:58 51445112]

R3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 19:52:48 63304]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 01:20:56 174440]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x]

R4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 23:27:16 127984]

R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 08:18:54 360224]

R4 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]

S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-02-25 21:59:11 1124472]

S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]

S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys [x]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110317.005\IDSvia64.sys [2011-02-01 01:12:56 476792]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 18:23:05 14920]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 18:23:05 12360]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 17:49:27 128752]

I'm no expert, but it looks like the same as last nights. Thanks for looking at this for me!

Link to post
Share on other sites

Let's run this scan again in normal mode:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Okay, I've tried to run it through a few times. Here's the problem. It froze after two and half hours and shut down my computer and then I ran it again just now and it repeated. So, I'm guessing I'm still infected right :-) Now though, new development, my Norton won't re engage and it pops up with a message saying I need to reinstall some GEAR drivers. I don't think I have any.

Link to post
Share on other sites

Now though, new development, my Norton won't re engage and it pops up with a message saying I need to reinstall some GEAR drivers. I don't think I have any.

That's odd?

Please run the MGA Diagnostic Tool and post back the report it creates:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Next

Run CKScanner

  • Please download CKScanner by from Here
  • Important: - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Link to post
Share on other sites

Okay, here we go.

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9

Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=

Windows Product ID: 00359-OEM-8992687-00010

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010300.1.0.003

ID: {43826155-10D9-4D04-8DB1-D38637091301}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Home Premium

Architecture: 0x00000009

Build lab: 7601.win7sp1_rtm.101119-1850

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{43826155-10D9-4D04-8DB1-D38637091301}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3604800606-611926856-1989045834</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="6"/><Date>20101111000000.000000+000</Date></BIOS><HWID>ADAD3707018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition

Description: Windows Operating System - Windows® 7, OEM_SLP channel

Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00359-00178-926-800010-02-1033-7600.0000-1822010

Installation ID: 008220305760819716744902876204378384223600654262610290

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

Partial Product Key: 3Q6C9

License Status: Licensed

Remaining Windows rearm count: 2

Trusted time: 3/29/2011 4:54:58 PM

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 1:6:2011 07:28

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: LgAAAAEAAgABAAEAAAACAAAAAQABAAEA6GHgUeAhVPlcOwxLcGbqRQz2Uoiesw==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC HP 1442

FACP HP 1442

HPET HP 1442

BOOT HP 1442

MCFG HP 1442

SLIC HPQOEM SLIC-MPC

SSDT AMD POWERNOW

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg

c:\program files (x86)\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml

c:\program files (x86)\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg

c:\program files (x86)\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg

c:\users\maryann\desktop\stuff from desktop\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ beyond the sword.iso

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ warlords.iso

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ.iso

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4beyondsword.exe

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4warlords.exe

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civilization4.exe

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\readme.txt

c:\users\maryann\downloads\sid meiers civilization v-skidrow\civilization v crack skydrow.rar

c:\users\maryann\dropbox\ebooks fictional\romance novels k - l\kate hill\kate hill - blood and soul 05 - nutcracker.pdf

c:\users\maryann\music\01 - the eye of the world\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg

scanner sequence 3.FI.11

----- EOF -----

Link to post
Share on other sites

Whoa! Weird! How did my Windows become un-validated? This is a semi-new, pre loaded, HP machine with Windows 7 64 bit. What the deuce happened? I went to the link and it said "Passed". How to I post the page displaying that?

Link to post
Share on other sites

Hey Kenny, sorry for the freak out. I ran the scans again and the online Genuine advantage thing and here are the logs. If the evilness that has pulled my computer down has corrupted my validation, then I'm screwed right? Here's hoping...

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0x0

Windows Product Key: *****-*****-73CQT-WMF7J-3Q6C9

Windows Product Key Hash: KaFG+RmurcM3ZxzWyfEP9WtPUJw=

Windows Product ID: 00359-OEM-8992687-00010

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010300.1.0.003

ID: {43826155-10D9-4D04-8DB1-D38637091301}(3)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Home Premium

Architecture: 0x00000009

Build lab: 7601.win7sp1_rtm.101119-1850

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{43826155-10D9-4D04-8DB1-D38637091301}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-3Q6C9</PKey><PID>00359-OEM-8992687-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-3604800606-611926856-1989045834</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv7 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="6"/><Date>20101111000000.000000+000</Date></BIOS><HWID>ADAD3707018400F2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition

Description: Windows Operating System - Windows® 7, OEM_SLP channel

Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64

Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f

Extended PID: 00359-00178-926-800010-02-1033-7600.0000-1822010

Installation ID: 008220305760819716744902876204378384223600654262610290

Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338

Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339

Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341

Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340

Partial Product Key: 3Q6C9

License Status: Licensed

Remaining Windows rearm count: 2

Trusted time: 3/30/2011 12:09:14 AM

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0x00000000

HealthStatus: 0x0000000000000000

Event Time Stamp: 1:6:2011 07:28

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Registered, Version: 7.1.7600.16395

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: LgAAAAEAAgABAAEAAAACAAAAAQABAAEA6GHgUeAhVPlcOwxLcGbqRQz2Uoiesw==

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC HP 1442

FACP HP 1442

HPET HP 1442

BOOT HP 1442

MCFG HP 1442

SLIC HPQOEM SLIC-MPC

SSDT AMD POWERNOW

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files (x86)\gamehouse games collection\bejeweled 2\sounds\firecrackle.ogg

c:\program files (x86)\gamehouse games collection\cubis gold 2\games\tutorial\tutorial\crack and crumble.xml

c:\program files (x86)\gamehouse games collection\cubis gold 2\resources\sounds\cubecrack.ogg

c:\program files (x86)\gamehouse games collection\jewel quest\audio\st_win3_crackle.ogg

c:\users\maryann\desktop\stuff from desktop\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ beyond the sword.iso

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ warlords.iso

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\civ.iso

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4beyondsword.exe

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civ4warlords.exe

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\civilization4.exe

c:\users\maryann\downloads\civilization 4 + all expansions + all patches + latest cracks (as of 28th june 2008)\latest civ4 cracks\readme.txt

c:\users\maryann\downloads\sid meiers civilization v-skidrow\civilization v crack skydrow.rar

c:\users\maryann\dropbox\ebooks fictional\romance novels k - l\kate hill\kate hill - blood and soul 05 - nutcracker.pdf

c:\users\maryann\music\01 - the eye of the world\plants vs zombies\bookworm 2\popcap games\pop cap games\bejeweled2\bejeweled 2 deluxe\bejeweled 2 deluxe\sounds\firecrackle.ogg

scanner sequence 3.FI.11

----- EOF -----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.