TechSpot

Need help with Google redirect virus

By mmcleod
May 18, 2011
  1. I need help with the removal of the Google Redirect virus or possibly just confirmation it's removed. I've tried many of the items I've found on the web and the redirect seems to be fixed but I don't trust the results since it didn't seem to stop right after my last action. I just ran the 7 steps suggested here and it didn't appear to find any problems but I'll attach the logs.

    Malwarebytes - from full scan
    *****************************************************************************************************
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6603

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    5/18/2011 12:47:19 AM
    mbam-log-2011-05-18 (00-47-19).txt

    Scan type: Full scan (C:\|D:\|E:\|L:\|)
    Objects scanned: 439766
    Time elapsed: 1 hour(s), 11 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    *************************************************************************************************
    GMERmessage : GMER hasn't found any system modifications
    The note log is empty

    ************************************************************************************************

    DDS file
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Mark at 19:06:53.14 on Wed 05/18/2011
    Internet Explorer: 9.0.8112.16421
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4092 [GMT -4:00]
    .
    AV: Norton 360 Premier Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 Premier Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 Premier Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\sppsvc.exe
    C:\ProgramData\Norton\NUA.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Mark\Downloads\zgr0v7on.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\notepad.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mark\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\dagru97e.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-5-18 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-5-18 221232]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-5-18 1127032]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-5-18 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110514.001\IDSviA64.sys [2011-5-17 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-5-18 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-5-18 451120]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [2011-5-18 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-17 136824]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-18 1255736]
    .
    =============== Created Last 30 ================
    .
    2011-05-18 21:22:00 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-05-18 21:21:59 -------- d-----w- C:\Windows\System32\Wat
    2011-05-18 11:54:02 311808 ----a-w- C:\Windows\System32\msv1_0.dll
    2011-05-18 11:54:02 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2011-05-18 11:52:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2011-05-18 11:46:21 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys
    2011-05-18 11:46:21 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys
    2011-05-18 11:46:20 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys
    2011-05-18 11:46:20 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys
    2011-05-18 11:46:20 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys
    2011-05-18 11:46:20 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys
    2011-05-18 11:46:20 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys
    2011-05-18 11:45:59 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005
    2011-05-18 11:43:10 139264 ----a-w- C:\Windows\System32\cabview.dll
    2011-05-18 11:43:10 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2011-05-18 11:43:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2011-05-18 11:43:00 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2011-05-18 11:36:25 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-18 04:52:26 98816 ----a-w- C:\Windows\sed.exe
    2011-05-18 04:52:26 89088 ----a-w- C:\Windows\MBR.exe
    2011-05-18 04:52:26 256512 ----a-w- C:\Windows\PEV.exe
    2011-05-18 04:52:26 161792 ----a-w- C:\Windows\SWREG.exe
    2011-05-18 04:40:16 -------- d-----w- C:\Windows\Panther
    2011-05-18 04:32:37 -------- d-----w- C:\$WINDOWS.~Q
    2011-05-18 04:30:04 -------- d-----w- C:\$INPLACE.~TR
    2011-05-18 03:31:53 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
    2011-05-18 03:31:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-18 03:31:47 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-05-18 03:31:44 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-18 03:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-18 03:18:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2011-05-18 03:15:52 20040 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-05-18 03:15:51 -------- d-----w- C:\Program Files\Hitman Pro 3.5
    2011-05-18 03:14:41 -------- d-----w- C:\PROGRA~3\Hitman Pro
    2011-05-18 02:13:16 -------- d-----w- C:\Program Files\Common Files\Canon
    2011-05-18 01:54:04 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2011-05-18 01:52:53 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-05-18 01:36:29 -------- d-----w- C:\Recovery
    2011-05-17 23:52:46 -------- d-----w- C:\i386
    2011-05-17 23:50:21 -------- d-----w- C:\blocks
    2011-05-17 23:49:29 -------- d-----w- C:\$HPW7UA$
    2011-05-17 23:46:00 -------- d-----w- C:\Windows\SysWow64\AGEIA
    2011-05-17 23:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2011-05-17 23:45:13 410656 ----a-w- C:\Windows\System32\nvcpl.cpl
    2011-05-17 23:45:13 2112544 ----a-w- C:\Windows\System32\nvcplui.exe
    2011-05-17 23:45:13 1097248 ----a-w- C:\Windows\System32\nvcpluir.dll
    2011-05-17 23:42:43 501280 ----a-w- C:\Windows\System32\NVUNINST.EXE
    2011-05-17 22:58:27 131584 ------w- C:\Windows\System32\PDMSetup.exe
    2011-05-17 22:58:27 125440 ------w- C:\Windows\System32\SetDepNx.exe
    2011-05-17 22:58:25 109568 ------w- C:\Windows\SysWow64\PDMSetup.exe
    2011-05-17 22:58:25 103936 ------w- C:\Windows\SysWow64\SetDepNx.exe
    2011-05-17 22:14:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-05-17 19:23:56 -------- d-----w- C:\Users\Mark\AppData\Local\CrashDumps
    2011-05-17 19:12:32 -------- d-----w- C:\Users\Mark\AppData\Local\Microsoft Games
    2011-05-17 18:32:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-05-17 18:26:44 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-05-17 18:26:44 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-05-17 18:26:44 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
    2011-05-17 18:26:44 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
    2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Symantec
    2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-05-17 18:25:43 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2011-05-17 18:25:34 -------- d-----w- C:\Program Files (x86)\Norton 360 Premier Edition
    2011-05-17 18:22:12 -------- d-----w- C:\PROGRA~3\PCSettings
    2011-05-17 17:41:35 -------- d-----w- C:\Users\Mark\AppData\Local\Hewlett-Packard
    2011-05-17 17:40:46 -------- d-----w- C:\Users\Mark\AppData\Local\VirtualStore
    2011-05-17 17:37:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\HP TCS
    .
    ==================== Find3M ====================
    .
    2011-05-18 01:52:53 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    .
    ============= FINISH: 19:07:15.88 ===============


    **************************************************************************************************
    Attach file
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/17/2011 9:36:30 PM
    System Uptime: 5/18/2011 5:22:56 PM (2 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 531.904 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.92 GiB free.
    E: is FIXED (NTFS) - 112 GiB total, 12.716 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: AVSTREAM\CIR\5&2525B28F&0&0
    Manufacturer:
    Name:
    PNP Device ID: AVSTREAM\CIR\5&2525B28F&0&0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 5/17/2011 9:52:08 PM - Windows Modules Installer
    RP2: 5/17/2011 10:44:05 PM - Installed Microsoft Fix it 50267
    RP3: 5/18/2011 7:52:30 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    Default Manager
    DirectX for Managed Code Update (Summer 2004)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    LabelPrint
    LightScribe System Software
    Malwarebytes' Anti-Malware
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360 Premier Edition
    NVIDIA PhysX v8.09.04
    Power2Go
    PowerDirector
    Python 2.6 pywin32-212
    Python 2.6.1
    Realtek High Definition Audio Driver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/18/2011 7:06:55 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    5/18/2011 5:21:43 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    5/18/2011 12:57:23 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    5/17/2011 9:06:23 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.116. The computer with the IP address 192.168.1.120 did not allow the name to be claimed by this computer.
    5/17/2011 8:54:06 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
    5/17/2011 8:12:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    5/17/2011 8:12:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/17/2011 8:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/17/2011 8:01:54 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    5/17/2011 7:41:42 PM, Error: Service Control Manager [7000] - The SetupNTGLM7X service failed to start due to the following error: This driver has been blocked from loading
    5/17/2011 7:41:42 PM, Error: Application Popup [1060] - \??\F:\NTGLM7X.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/17/2011 7:41:16 PM, Error: Service Control Manager [7000] - The GMSIPCI service failed to start due to the following error: This driver has been blocked from loading
    5/17/2011 7:41:16 PM, Error: Application Popup [1060] - \??\F:\INSTALL\GMSIPCI.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/17/2011 7:39:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    5/17/2011 6:14:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 for x64-based Systems (KB2418240).
    5/17/2011 5:11:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    5/17/2011 5:11:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    5/17/2011 2:26:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
    5/17/2011 11:16:06 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    5/17/2011 1:37:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. mmcleod

    mmcleod TS Rookie Topic Starter

    Broni. Here are the files Bootkit remover has an error



    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    main(): CreateFile() ERROR 5
    ERROR: Can't open volume device \\.\C:

    Done;
    Press any key to quit...

    *************************************************************************************


    ComboFix 11-05-17.03 - Mark 05/18/2011 21:04:23.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4193 [GMT -4:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    AV: Norton 360 Premier Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 Premier Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 Premier Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-19 01:08 . 2011-05-19 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-19 00:51 . 2011-05-19 00:51 -------- d-----w- c:\program files\7-Zip
    2011-05-18 21:22 . 2011-05-18 21:22 -------- d-----w- c:\windows\SysWow64\Wat
    2011-05-18 21:21 . 2011-05-18 21:22 -------- d-----w- c:\windows\system32\Wat
    2011-05-18 11:54 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
    2011-05-18 11:54 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2011-05-18 11:52 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-05-18 11:43 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
    2011-05-18 11:43 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
    2011-05-18 11:43 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
    2011-05-18 11:43 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
    2011-05-18 11:35 . 2011-05-18 11:36 -------- d-----w- c:\users\Jill
    2011-05-18 04:40 . 2011-05-18 01:36 -------- d-----w- c:\windows\Panther
    2011-05-18 04:32 . 2011-05-18 00:58 -------- d-----w- C:\$WINDOWS.~Q
    2011-05-18 04:30 . 2011-05-18 04:31 -------- d-----w- C:\$INPLACE.~TR
    2011-05-18 03:31 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-18 03:31 . 2011-05-18 03:31 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-18 03:31 . 2011-05-18 03:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-05-18 03:31 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-18 03:18 . 2011-05-18 03:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2011-05-18 03:15 . 2011-05-18 03:23 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-05-18 03:15 . 2011-05-18 03:15 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-05-18 03:14 . 2011-05-18 03:18 -------- d-----w- c:\programdata\Hitman Pro
    2011-05-18 02:13 . 2011-05-18 02:13 -------- d-----w- c:\program files\Common Files\Canon
    2011-05-18 01:52 . 2011-05-18 01:52 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-05-18 01:36 . 2011-05-18 01:36 -------- d-----w- C:\Recovery
    2011-05-18 00:44 . 2011-05-18 01:36 -------- d-----w- c:\users\Mark
    2011-05-18 00:44 . 2011-05-18 00:44 -------- d-----w- c:\program files\LSI SoftModem
    2011-05-18 00:44 . 2011-05-18 00:44 -------- d-----w- c:\windows\SysWow64\RTCOM
    2011-05-18 00:44 . 2011-05-18 00:44 -------- d-----w- c:\program files\Realtek
    2011-05-18 00:01 . 2011-05-18 00:50 -------- d-----w- c:\programdata\NVIDIA
    2011-05-17 23:52 . 2011-05-17 23:52 -------- d-----w- C:\i386
    2011-05-17 23:50 . 2011-05-17 23:50 -------- d-----w- C:\blocks
    2011-05-17 23:49 . 2011-05-17 23:50 -------- d-----w- C:\$HPW7UA$
    2011-05-17 23:46 . 2011-05-18 00:51 -------- d-----w- c:\windows\SysWow64\AGEIA
    2011-05-17 23:46 . 2011-05-18 00:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2011-05-17 23:45 . 2011-05-18 00:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-05-17 23:45 . 2008-10-07 05:33 410656 ----a-w- c:\windows\system32\nvcpl.cpl
    2011-05-17 23:45 . 2008-10-07 05:33 2112544 ----a-w- c:\windows\system32\nvcplui.exe
    2011-05-17 23:45 . 2008-10-07 05:33 1097248 ----a-w- c:\windows\system32\nvcpluir.dll
    2011-05-17 23:42 . 2008-10-02 14:08 501280 ----a-w- c:\windows\system32\NVUNINST.EXE
    2011-05-17 22:58 . 2009-03-08 11:40 131584 ------w- c:\windows\system32\PDMSetup.exe
    2011-05-17 22:58 . 2009-03-08 11:40 125440 ------w- c:\windows\system32\SetDepNx.exe
    2011-05-17 22:58 . 2009-03-08 11:33 109568 ------w- c:\windows\SysWow64\PDMSetup.exe
    2011-05-17 22:58 . 2009-03-08 11:33 103936 ------w- c:\windows\SysWow64\SetDepNx.exe
    2011-05-17 22:14 . 2011-05-17 22:14 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-05-17 18:32 . 2011-05-18 00:47 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2011-05-17 18:26 . 2011-05-18 00:51 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-05-17 18:26 . 2011-05-17 18:26 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-05-17 18:26 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-05-17 18:26 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
    2011-05-17 18:26 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
    2011-05-17 18:26 . 2011-05-18 00:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-05-17 18:26 . 2011-05-17 18:26 -------- d-----w- c:\program files\Symantec
    2011-05-17 18:25 . 2011-05-18 21:22 -------- d-----w- c:\windows\system32\drivers\N360x64
    2011-05-17 18:25 . 2011-05-18 00:49 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
    2011-05-17 18:22 . 2011-05-17 18:22 -------- d-----w- c:\programdata\PCSettings
    2011-05-17 17:37 . 2011-05-18 00:49 -------- d-----w- c:\program files (x86)\Microsoft Works
    2011-05-17 17:35 . 2011-05-18 00:49 -------- d-----w- c:\program files (x86)\Intel
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-18_04.57.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2011-05-18 21:26 15230 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:30 . 2011-05-18 21:21 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2011-05-18 01:05 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-01-26 06:43 . 2011-01-26 06:43 26496 c:\windows\system32\DriverStore\FileRepository\atmirw76.inf_amd64_neutral_c84ac35adfdae911\aticir.sys
    + 2008-12-04 20:51 . 2008-12-04 20:51 24576 c:\windows\system32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_8a31ae59260f89a5\NcRemotePci.SYS
    + 2011-01-26 06:43 . 2011-01-26 06:43 26496 c:\windows\system32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_8a31ae59260f89a5\aticir.sys
    + 2008-12-04 20:51 . 2008-12-04 20:51 24576 c:\windows\system32\drivers\NcRemotePci.SYS
    + 2011-05-18 11:46 . 2010-04-22 02:29 32304 c:\windows\system32\drivers\N360x64\0403000.005\srtspx64.sys
    + 2009-07-14 00:06 . 2009-07-14 00:06 16000 c:\windows\system32\drivers\BdaSup.sys
    + 2011-01-26 06:43 . 2011-01-26 06:43 26496 c:\windows\system32\drivers\aticir.sys
    - 2011-05-18 00:44 . 2011-05-18 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-05-18 00:44 . 2011-05-18 11:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-05-18 00:44 . 2011-05-18 03:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-05-18 00:44 . 2011-05-18 11:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-05-18 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-05-18 11:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2011-05-18 21:57 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2009-07-14 04:46 . 2011-05-18 03:55 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-05-19 00:41 . 2011-05-19 00:41 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2011-05-18 11:37 . 2011-05-18 21:26 4266 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2011-05-18 03:23 . 2011-05-18 21:26 1734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2964803090-290193872-658021651-1000_UserData.bin
    + 2011-05-18 21:23 . 2011-05-18 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-05-18 03:21 . 2011-05-18 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-05-18 21:23 . 2011-05-18 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-05-18 03:21 . 2011-05-18 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-05-18 21:22 . 2011-05-18 11:53 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
    + 2011-05-18 21:22 . 2011-05-18 11:53 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
    + 2011-05-18 21:22 . 2011-05-18 11:53 152888 c:\windows\system32\Wat\WatWeb.dll
    + 2011-05-18 21:22 . 2011-05-18 11:53 249656 c:\windows\system32\Wat\WatUX.exe
    + 2011-05-18 21:22 . 2011-05-18 11:53 138664 c:\windows\system32\Wat\npWatWeb.dll
    - 2009-07-27 05:19 . 2011-05-18 03:26 662402 c:\windows\system32\prfh0416.dat
    + 2009-07-27 05:19 . 2011-05-19 00:33 662402 c:\windows\system32\prfh0416.dat
    - 2009-07-27 05:19 . 2011-05-18 03:26 124850 c:\windows\system32\prfc0416.dat
    + 2009-07-27 05:19 . 2011-05-19 00:33 124850 c:\windows\system32\prfc0416.dat
    + 2009-07-27 05:09 . 2011-05-19 00:33 692886 c:\windows\system32\perfh00C.dat
    - 2009-07-27 05:09 . 2011-05-18 03:26 692886 c:\windows\system32\perfh00C.dat
    - 2009-07-27 04:58 . 2011-05-18 03:26 691932 c:\windows\system32\perfh00A.dat
    + 2009-07-27 04:58 . 2011-05-19 00:33 691932 c:\windows\system32\perfh00A.dat
    + 2009-07-14 02:36 . 2011-05-19 00:33 615122 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-05-18 03:26 615122 c:\windows\system32\perfh009.dat
    - 2009-07-27 05:09 . 2011-05-18 03:26 126998 c:\windows\system32\perfc00C.dat
    + 2009-07-27 05:09 . 2011-05-19 00:33 126998 c:\windows\system32\perfc00C.dat
    + 2009-07-27 04:58 . 2011-05-19 00:33 133632 c:\windows\system32\perfc00A.dat
    - 2009-07-27 04:58 . 2011-05-18 03:26 133632 c:\windows\system32\perfc00A.dat
    + 2009-07-14 02:36 . 2011-05-19 00:33 103496 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-05-18 03:26 103496 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:30 . 2011-05-18 21:21 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-05-18 01:05 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-05-18 04:39 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2011-05-18 21:21 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-05-18 11:52 . 2010-03-04 04:40 184832 c:\windows\system32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_23bfbf6f668380d6\usbvideo.sys
    - 2009-07-14 05:31 . 2009-07-14 07:43 399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2009-07-14 05:31 . 2011-05-18 21:21 399360 c:\windows\system32\DriverStore\drvindex.dat
    + 2011-05-18 11:46 . 2010-05-06 04:01 451120 c:\windows\system32\drivers\N360x64\0403000.005\symtdiv.sys
    + 2011-05-18 11:46 . 2010-04-22 03:02 221232 c:\windows\system32\drivers\N360x64\0403000.005\symefa64.sys
    + 2011-05-18 11:46 . 2009-10-15 03:50 433200 c:\windows\system32\drivers\N360x64\0403000.005\symds64.sys
    + 2011-05-18 11:46 . 2010-04-22 02:29 505392 c:\windows\system32\drivers\N360x64\0403000.005\srtsp64.sys
    + 2011-05-18 11:46 . 2010-04-29 05:03 150064 c:\windows\system32\drivers\N360x64\0403000.005\ironx64.sys
    + 2011-05-18 11:46 . 2010-02-26 00:22 615040 c:\windows\system32\drivers\N360x64\0403000.005\cchpx64.sys
    - 2009-04-22 11:21 . 2011-05-18 03:19 571792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-04-22 11:21 . 2011-05-18 11:54 571792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2009-07-14 05:01 . 2011-05-18 11:54 290352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-05-18 11:54 . 2011-05-18 11:54 743444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964803090-290193872-658021651-1003-4096.dat
    + 2011-05-18 03:19 . 2011-05-18 11:54 291120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964803090-290193872-658021651-1000-8192.dat
    + 2011-05-18 21:21 . 2011-05-18 11:53 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
    + 2009-07-14 02:34 . 2011-05-18 21:34 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-05-18 03:32 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-01-26 06:42 . 2011-01-26 06:42 1559936 c:\windows\system32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_8a31ae59260f89a5\atinavrr.sys
    + 2011-01-26 06:42 . 2011-01-26 06:42 1559936 c:\windows\system32\drivers\atinavrr.sys
    - 2009-07-14 04:45 . 2011-05-18 03:25 3798208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-05-18 21:26 3798208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-05-18 05:15 . 2011-05-18 11:54 1844564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964803090-290193872-658021651-1000-4096.dat
    + 2011-05-19 00:50 . 2011-05-19 00:50 1376768 c:\windows\Installer\b556b6.msi
    + 2011-05-19 00:40 . 2011-05-19 00:40 20314624 c:\windows\Installer\b556b2.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
    "NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2011-04-05 2692024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-04-30 1127032]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110514.001\IDSvia64.sys [2011-04-26 476792]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-17 136824]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-17 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
    "SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\dagru97e.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    @SACL=
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @SACL=
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @SACL=
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @SACL=
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @SACL=
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @SACL=
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @SACL=
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @SACL=
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @SACL=
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @SACL=
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @SACL=
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @SACL=
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @SACL=
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
    @Denied: (C D) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
    @Denied: (C D) (Everyone)
    "ccSvcHst_UserSession_2984"="{28C880C4-09B9-463F-B953-672CDC974298}"
    "ccSvcHst_N360"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "IPS_COMMAND_CHANNEL"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ncw_performance_IPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_NCWSvcComm_NortonCommunityWatchConfiguration"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_ProcessDetection_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccGenericEvent_Global_EM"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccGenericEvent_Global_LM"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_AvProdSvcComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "SNDServiceRequestChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "SNDLocationChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccSettingsService"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "g_coVistaProxyChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_isDataPrComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ipcChannel_ShastaServer"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_HSPlayerCommand_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "SymRedirSvcRequestChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "FWAlert"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "NortonNetServiceIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "NetMapServiceIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "BashIPCChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccGenericLog_Manager"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "isError_Service_IPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "Tuneup_Context_Switch_Channel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_buSvcComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_buVssComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "_ReputationSvcComm_ReputationPublisher"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
    "ccSvcHst_UserSession_2680"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "AvProdSession_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "AvProdSession_Options_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "AvProdSession_Scanless_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "_buUIComm_"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "clt::AlertChannel2_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "AccountServices_1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "FormHandler_1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "TRUSTCHANNEL"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "SDKCHANNEL1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    "ToasterNotify\\SessionID_1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
    @Denied: (C D) (Everyone)
    "{28C880C4-09B9-463F-B953-672CDC974298}"=""
    "{4082F4D0-2734-4944-A44C-467A2D7D92A8}"=""
    "{8E498CE5-FA81-4B42-A30B-6D2629FC9953}"=""
    "{AA13BCA9-326E-4D17-B78F-BA6F85B5AA8B}"=""
    "{7F6CF72B-676B-440E-AFFD-9ADD85E6DEE7}"=""
    "{21821FDF-E8BF-487B-A8E6-5459ACDB23A5}"=""
    "{0D0D3305-57DC-42B1-8B7E-E8E68C76FA82}"=""
    "{B6E40AED-AD33-41B4-B530-AC3E6B6DD14D}"=""
    "{33F36640-23DA-454F-98C8-CE1C963913BA}"=""
    "{699F700F-2AE5-404E-ADFA-54DB5F2F05E7}"=""
    "{8B1687A9-567F-4C21-A2B7-B61A6D93A4A4}"=""
    "{B8A432E8-5F76-47F6-83FD-2DB60CE16DE9}"=""
    "{8812F7FE-1A2C-4E20-B460-9B63473503C6}"=""
    "{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-18 21:10:24
    ComboFix-quarantined-files.txt 2011-05-19 01:10
    ComboFix2.txt 2011-05-18 04:59
    .
    Pre-Run: 568,240,635,904 bytes free
    Post-Run: 568,199,106,560 bytes free
    .
    - - End Of File - - 1E579AF5F61B5212404FED00B095866D
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. mmcleod

    mmcleod TS Rookie Topic Starter

    Broni, I've run the TDSSKiller with no issues found. The file is pasted below. I hope I'm not wasting your time since these things don't look like they're finding a problem and I'm not currently experiencing the redirect problem. Besides redirect I was also getting lots spam sent out to my contacts and I'm sure a few other things.

    At one point in the last few days I ran a program to modify my "Hosts" fine in Windows\system32\drivers\ect. It renamed the file to "OLD File" under file type. Here is that file:
    **********************************************************************
    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost
    ::1 localhost


    *******************************************************************************************
    TDSSKiller

    2011/05/18 22:07:07.0908 2556 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
    2011/05/18 22:07:08.0365 2556 ================================================================================
    2011/05/18 22:07:08.0365 2556 SystemInfo:
    2011/05/18 22:07:08.0365 2556
    2011/05/18 22:07:08.0366 2556 OS Version: 6.1.7600 ServicePack: 0.0
    2011/05/18 22:07:08.0366 2556 Product type: Workstation
    2011/05/18 22:07:08.0366 2556 ComputerName: MARK-PC
    2011/05/18 22:07:08.0366 2556 UserName: Mark
    2011/05/18 22:07:08.0366 2556 Windows directory: C:\Windows
    2011/05/18 22:07:08.0366 2556 System windows directory: C:\Windows
    2011/05/18 22:07:08.0366 2556 Running under WOW64
    2011/05/18 22:07:08.0366 2556 Processor architecture: Intel x64
    2011/05/18 22:07:08.0366 2556 Number of processors: 2
    2011/05/18 22:07:08.0366 2556 Page size: 0x1000
    2011/05/18 22:07:08.0366 2556 Boot type: Normal boot
    2011/05/18 22:07:08.0366 2556 ================================================================================
    2011/05/18 22:07:08.0812 2556 Initialize success
    2011/05/18 22:07:13.0234 4920 ================================================================================
    2011/05/18 22:07:13.0234 4920 Scan started
    2011/05/18 22:07:13.0234 4920 Mode: Manual;
    2011/05/18 22:07:13.0234 4920 ================================================================================
    2011/05/18 22:07:13.0798 4920 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/05/18 22:07:13.0862 4920 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/05/18 22:07:13.0928 4920 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/05/18 22:07:14.0074 4920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/05/18 22:07:14.0115 4920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/05/18 22:07:14.0157 4920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/05/18 22:07:14.0215 4920 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/05/18 22:07:14.0305 4920 AgereSoftModem (1cd4b03012d62962274e1c9eb8670a10) C:\Windows\system32\DRIVERS\agrsm64.sys
    2011/05/18 22:07:14.0385 4920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/05/18 22:07:14.0421 4920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/05/18 22:07:14.0440 4920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/05/18 22:07:14.0460 4920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/05/18 22:07:14.0480 4920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/05/18 22:07:14.0523 4920 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/05/18 22:07:14.0559 4920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/05/18 22:07:14.0601 4920 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/05/18 22:07:14.0618 4920 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/05/18 22:07:14.0651 4920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/05/18 22:07:14.0683 4920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/05/18 22:07:14.0717 4920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/05/18 22:07:14.0734 4920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/05/18 22:07:14.0792 4920 ATIAVPCI (c7e9e60fa4fd57c5d75de6ef5af72853) C:\Windows\system32\DRIVERS\atinavrr.sys
    2011/05/18 22:07:14.0857 4920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/05/18 22:07:14.0901 4920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/05/18 22:07:14.0958 4920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/05/18 22:07:15.0160 4920 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys
    2011/05/18 22:07:15.0227 4920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/05/18 22:07:15.0286 4920 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/05/18 22:07:15.0313 4920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/05/18 22:07:15.0329 4920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/05/18 22:07:15.0360 4920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/05/18 22:07:15.0400 4920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/05/18 22:07:15.0414 4920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/05/18 22:07:15.0431 4920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/05/18 22:07:15.0450 4920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/05/18 22:07:15.0560 4920 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
    2011/05/18 22:07:15.0620 4920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/05/18 22:07:15.0659 4920 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/05/18 22:07:15.0714 4920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/05/18 22:07:15.0751 4920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/05/18 22:07:15.0781 4920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/05/18 22:07:15.0799 4920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/05/18 22:07:15.0837 4920 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/05/18 22:07:15.0869 4920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/05/18 22:07:15.0906 4920 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/05/18 22:07:15.0927 4920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/05/18 22:07:15.0976 4920 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/05/18 22:07:16.0023 4920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/05/18 22:07:16.0037 4920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/05/18 22:07:16.0107 4920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/05/18 22:07:16.0178 4920 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/05/18 22:07:16.0261 4920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/05/18 22:07:16.0395 4920 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    2011/05/18 22:07:16.0444 4920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/05/18 22:07:16.0520 4920 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/05/18 22:07:16.0568 4920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/05/18 22:07:16.0629 4920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/05/18 22:07:16.0657 4920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/05/18 22:07:16.0717 4920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/05/18 22:07:16.0747 4920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/05/18 22:07:16.0764 4920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/05/18 22:07:16.0780 4920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/05/18 22:07:16.0807 4920 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/05/18 22:07:16.0850 4920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/05/18 22:07:16.0875 4920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/05/18 22:07:16.0914 4920 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/05/18 22:07:16.0950 4920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/05/18 22:07:16.0992 4920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/18 22:07:17.0044 4920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/05/18 22:07:17.0123 4920 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/05/18 22:07:17.0151 4920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/05/18 22:07:17.0168 4920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/05/18 22:07:17.0202 4920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/05/18 22:07:17.0251 4920 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/05/18 22:07:17.0288 4920 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/05/18 22:07:17.0332 4920 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/05/18 22:07:17.0370 4920 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/05/18 22:07:17.0384 4920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/05/18 22:07:17.0439 4920 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/05/18 22:07:17.0469 4920 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/05/18 22:07:17.0632 4920 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSvia64.sys
    2011/05/18 22:07:17.0706 4920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/05/18 22:07:17.0796 4920 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/05/18 22:07:17.0841 4920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/05/18 22:07:17.0870 4920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/05/18 22:07:17.0893 4920 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/05/18 22:07:17.0914 4920 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/05/18 22:07:17.0960 4920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/05/18 22:07:17.0990 4920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/05/18 22:07:18.0009 4920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/05/18 22:07:18.0062 4920 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/05/18 22:07:18.0098 4920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/05/18 22:07:18.0115 4920 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/05/18 22:07:18.0161 4920 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/05/18 22:07:18.0178 4920 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/05/18 22:07:18.0195 4920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/05/18 22:07:18.0258 4920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/05/18 22:07:18.0298 4920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/05/18 22:07:18.0336 4920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/05/18 22:07:18.0351 4920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/05/18 22:07:18.0383 4920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/05/18 22:07:18.0417 4920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/05/18 22:07:18.0437 4920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/05/18 22:07:18.0475 4920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/05/18 22:07:18.0523 4920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/05/18 22:07:18.0538 4920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/05/18 22:07:18.0555 4920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/05/18 22:07:18.0574 4920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/05/18 22:07:18.0595 4920 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/05/18 22:07:18.0611 4920 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/05/18 22:07:18.0627 4920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/05/18 22:07:18.0651 4920 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/05/18 22:07:18.0668 4920 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/05/18 22:07:18.0703 4920 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/05/18 22:07:18.0720 4920 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/05/18 22:07:18.0737 4920 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/05/18 22:07:18.0778 4920 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/05/18 22:07:18.0803 4920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/05/18 22:07:18.0831 4920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/05/18 22:07:18.0848 4920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/05/18 22:07:18.0897 4920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/05/18 22:07:18.0916 4920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/05/18 22:07:18.0933 4920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/05/18 22:07:18.0964 4920 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/05/18 22:07:19.0008 4920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/05/18 22:07:19.0031 4920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/05/18 22:07:19.0048 4920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/05/18 22:07:19.0065 4920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/05/18 22:07:19.0129 4920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/05/18 22:07:19.0283 4920 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\ENG64.SYS
    2011/05/18 22:07:19.0367 4920 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\EX64.SYS
    2011/05/18 22:07:19.0442 4920 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/05/18 22:07:19.0493 4920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/05/18 22:07:19.0535 4920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/05/18 22:07:19.0552 4920 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/05/18 22:07:19.0590 4920 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/05/18 22:07:19.0606 4920 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/05/18 22:07:19.0638 4920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/05/18 22:07:19.0662 4920 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/05/18 22:07:19.0704 4920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/05/18 22:07:19.0734 4920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/05/18 22:07:19.0770 4920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/05/18 22:07:19.0828 4920 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/05/18 22:07:19.0880 4920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/05/18 22:07:20.0100 4920 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/05/18 22:07:20.0323 4920 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/05/18 22:07:20.0384 4920 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/05/18 22:07:20.0418 4920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/05/18 22:07:20.0457 4920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/05/18 22:07:20.0486 4920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/05/18 22:07:20.0506 4920 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/05/18 22:07:20.0610 4920 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
    2011/05/18 22:07:20.0658 4920 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/05/18 22:07:20.0675 4920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/05/18 22:07:20.0698 4920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/05/18 22:07:20.0715 4920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/05/18 22:07:20.0758 4920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/05/18 22:07:20.0872 4920 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/05/18 22:07:20.0896 4920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/05/18 22:07:20.0944 4920 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/05/18 22:07:20.0995 4920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/05/18 22:07:21.0055 4920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/05/18 22:07:21.0078 4920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/05/18 22:07:21.0099 4920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/05/18 22:07:21.0151 4920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/05/18 22:07:21.0170 4920 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/05/18 22:07:21.0192 4920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/05/18 22:07:21.0226 4920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/05/18 22:07:21.0254 4920 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/05/18 22:07:21.0293 4920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/05/18 22:07:21.0308 4920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/05/18 22:07:21.0346 4920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/05/18 22:07:21.0365 4920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/05/18 22:07:21.0384 4920 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/05/18 22:07:21.0424 4920 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/05/18 22:07:21.0475 4920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/05/18 22:07:21.0542 4920 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
    2011/05/18 22:07:21.0594 4920 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/05/18 22:07:21.0620 4920 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/05/18 22:07:21.0674 4920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/05/18 22:07:21.0712 4920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/05/18 22:07:21.0753 4920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/05/18 22:07:21.0769 4920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/05/18 22:07:21.0805 4920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/05/18 22:07:21.0822 4920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/05/18 22:07:21.0840 4920 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/05/18 22:07:21.0857 4920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/05/18 22:07:21.0902 4920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/05/18 22:07:21.0955 4920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/05/18 22:07:21.0985 4920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/05/18 22:07:22.0014 4920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/05/18 22:07:22.0120 4920 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
    2011/05/18 22:07:22.0177 4920 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
    2011/05/18 22:07:22.0224 4920 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
    2011/05/18 22:07:22.0253 4920 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    2011/05/18 22:07:22.0293 4920 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/05/18 22:07:22.0318 4920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/05/18 22:07:22.0341 4920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/05/18 22:07:22.0386 4920 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
    2011/05/18 22:07:22.0439 4920 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
    2011/05/18 22:07:22.0497 4920 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2011/05/18 22:07:22.0530 4920 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
    2011/05/18 22:07:22.0579 4920 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
    2011/05/18 22:07:22.0677 4920 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    2011/05/18 22:07:22.0753 4920 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/05/18 22:07:22.0800 4920 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/05/18 22:07:22.0819 4920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/05/18 22:07:22.0837 4920 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/05/18 22:07:22.0875 4920 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/05/18 22:07:22.0891 4920 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/05/18 22:07:22.0954 4920 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/05/18 22:07:22.0991 4920 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/05/18 22:07:23.0009 4920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/05/18 22:07:23.0043 4920 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/05/18 22:07:23.0099 4920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/05/18 22:07:23.0123 4920 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/05/18 22:07:23.0140 4920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/05/18 22:07:23.0167 4920 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/05/18 22:07:23.0220 4920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/05/18 22:07:23.0236 4920 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/05/18 22:07:23.0278 4920 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/05/18 22:07:23.0320 4920 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/05/18 22:07:23.0377 4920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/05/18 22:07:23.0405 4920 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/05/18 22:07:23.0421 4920 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/05/18 22:07:23.0459 4920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/05/18 22:07:23.0497 4920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/05/18 22:07:23.0513 4920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/05/18 22:07:23.0537 4920 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/05/18 22:07:23.0553 4920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/05/18 22:07:23.0572 4920 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/05/18 22:07:23.0624 4920 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/05/18 22:07:23.0651 4920 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/05/18 22:07:23.0690 4920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/05/18 22:07:23.0711 4920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/05/18 22:07:23.0738 4920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/05/18 22:07:23.0759 4920 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/18 22:07:23.0774 4920 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/05/18 22:07:23.0813 4920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/05/18 22:07:23.0849 4920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/05/18 22:07:23.0925 4920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/05/18 22:07:23.0940 4920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/05/18 22:07:23.0996 4920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/05/18 22:07:24.0053 4920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/05/18 22:07:24.0091 4920 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/05/18 22:07:24.0120 4920 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/05/18 22:07:24.0310 4920 ================================================================================
    2011/05/18 22:07:24.0310 4920 Scan finished
    2011/05/18 22:07:24.0310 4920 ================================================================================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I didn't know that.

    Let's go forward then...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. mmcleod

    mmcleod TS Rookie Topic Starter

    Broni, Sorry about the confusion. I mentioned that in my opening post. I've spent the last 3 days trying to rid myself of this virus following different instructions and the redirect suddenly quit earlier tonight but I'm not comfortable that it's gone.


    Here's the log Part 1

    OTL logfile created on: 5/18/2011 10:35:57 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mark\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.50 Gb Total Space | 529.08 Gb Free Space | 90.83% Space Free | Partition Type: NTFS
    Drive D: | 13.67 Gb Total Space | 1.92 Gb Free Space | 14.04% Space Free | Partition Type: NTFS
    Drive E: | 111.78 Gb Total Space | 12.72 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
    Drive L: | 931.51 Gb Total Space | 494.07 Gb Free Space | 53.04% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/18 22:35:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
    PRC - [2011/05/17 22:48:49 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Downloads\tdsskiller\TDSSKiller.exe
    PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
    PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
    PRC - [2009/04/10 02:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2009/04/10 02:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/03/19 13:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/18 22:35:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
    MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/08 22:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/05/17 14:26:41 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/01/26 02:42:06 | 001,559,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
    DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
    DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
    DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/02 14:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
    DRV:64bit: - [2009/01/20 12:49:30 | 001,254,400 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/01/20 10:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV - [2011/05/17 23:18:55 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\EX64.SYS -- (NAVEX15)
    DRV - [2011/05/17 23:18:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\ENG64.SYS -- (NAVENG)
    DRV - [2011/05/17 14:29:58 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/05/17 14:29:58 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/04/30 01:44:12 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/04/26 16:27:36 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/05/17 20:50:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/05/18 07:45:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/17 22:05:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/05/17 22:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
    [2011/05/17 22:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) --
    [2011/05/18 07:45:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
    [2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

    Hosts file not found
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/11/23 05:45:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/18 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\ElevatedDiagnostics
    [2011/05/18 21:27:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
    [2011/05/18 21:10:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/18 21:03:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/18 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/05/18 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/05/18 20:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/05/18 17:22:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2011/05/18 17:21:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2011/05/18 07:46:21 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys
    [2011/05/18 07:46:21 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys
    [2011/05/18 07:46:20 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys
    [2011/05/18 07:46:20 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys
    [2011/05/18 07:46:20 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys
    [2011/05/18 07:46:20 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys
    [2011/05/18 07:46:20 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys
    [2011/05/18 07:45:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0403000.005
    [2011/05/18 00:52:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/18 00:52:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/18 00:52:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/18 00:52:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/18 00:40:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2011/05/18 00:32:37 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
    [2011/05/18 00:30:04 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
    [2011/05/17 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
    [2011/05/17 23:31:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/05/17 23:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/17 23:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/17 23:31:44 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/05/17 23:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/05/17 23:18:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2011/05/17 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
    [2011/05/17 23:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/05/17 23:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/05/17 22:51:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/17 22:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
    [2011/05/17 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mozilla
    [2011/05/17 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla
    [2011/05/17 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2011/05/17 21:44:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Macromedia
    [2011/05/17 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe
    [2011/05/17 21:37:20 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/05/17 21:36:29 | 000,000,000 | ---D | C] -- C:\Recovery
    [2011/05/17 20:44:57 | 000,000,000 | --SD | C] -- C:\Users\Mark\AppData\Roaming\Microsoft
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Videos
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Saved Games
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Pictures
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Music
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Links
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Favorites
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Downloads
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\My Documents
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Desktop
    [2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Temporary Internet Files
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Templates
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Start Menu
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\SendTo
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Recent
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\PrintHood
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\NetHood
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Videos
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Pictures
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Music
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\My Documents
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Local Settings
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\History
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Cookies
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Application Data
    [2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Application Data
    [2011/05/17 20:44:57 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData
    [2011/05/17 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
    [2011/05/17 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft
    [2011/05/17 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Media Center Programs
    [2011/05/17 20:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
    [2011/05/17 20:44:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2011/05/17 20:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2011/05/17 20:42:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2011/05/17 20:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2011/05/17 19:52:46 | 000,000,000 | ---D | C] -- C:\i386
    [2011/05/17 19:50:21 | 000,000,000 | ---D | C] -- C:\blocks
    [2011/05/17 19:49:29 | 000,000,000 | ---D | C] -- C:\$HPW7UA$
    [2011/05/17 19:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2011/05/17 19:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
    [2011/05/17 19:46:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
    [2011/05/17 19:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2011/05/17 18:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2011/05/17 16:27:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2011/05/17 15:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\CrashDumps
    [2011/05/17 15:12:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft Games
    [2011/05/17 14:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
    [2011/05/17 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Symantec
    [2011/05/17 14:26:44 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/05/17 14:26:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2011/05/17 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011/05/17 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/05/17 14:25:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
    [2011/05/17 14:25:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
    [2011/05/17 14:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
    [2011/05/17 14:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2011/05/17 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Hewlett-Packard
    [2011/05/17 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Hewlett-Packard
    [2011/05/17 13:41:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/05/17 13:41:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\Searches
    [2011/05/17 13:41:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/05/17 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Identities
    [2011/05/17 13:41:17 | 000,000,000 | R--D | C] -- C:\Users\Mark\Contacts
    [2011/05/17 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VirtualStore
    [2011/05/17 13:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2011/05/17 13:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
    [2011/05/17 13:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2011/05/17 13:37:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\HP TCS
    [2011/05/17 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
    [2011/05/17 13:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days
    [2011/05/17 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
    [2011/05/17 13:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
    [2011/05/17 13:35:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\InstallShield
    [2011/05/17 13:28:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

    ========== Files - Modified Within 30 Days ==========

    [2011/05/18 22:36:43 | 002,057,028 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
    [2011/05/18 21:26:40 | 000,009,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/18 21:26:40 | 000,009,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/18 21:02:54 | 004,351,251 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe
    [2011/05/18 20:33:06 | 003,118,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/05/18 20:33:06 | 000,692,886 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2011/05/18 20:33:06 | 000,691,932 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2011/05/18 20:33:06 | 000,662,402 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
    [2011/05/18 20:33:06 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/05/18 20:33:06 | 000,133,632 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2011/05/18 20:33:06 | 000,126,998 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2011/05/18 20:33:06 | 000,124,850 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
    [2011/05/18 20:33:06 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/05/18 17:39:14 | 000,001,940 | ---- | M] () -- C:\Users\Mark\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/18 17:23:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/18 17:23:09 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/18 17:21:49 | 000,002,555 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2011/05/18 00:40:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/05/17 23:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/17 23:23:24 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2011/05/17 23:22:32 | 000,001,439 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/17 23:18:10 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2011/05/17 23:15:52 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
    [2011/05/17 22:05:41 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/05/17 21:54:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/05/17 21:54:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/05/17 21:03:07 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2011/05/17 21:03:07 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2011/05/17 20:58:01 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
    [2011/05/17 20:56:20 | 000,331,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/05/17 20:43:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/05/17 20:27:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/17 20:27:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/17 20:05:53 | 000,003,040 | ---- | M] () -- C:\Users\Mark\Desktop\Windows Compatibility Report.htm
    [2011/05/17 20:03:21 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2011/05/17 20:03:21 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
    [2011/05/17 19:56:51 | 000,000,340 | -HS- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/05/17 19:54:25 | 000,000,554 | ---- | M] () -- C:\Users\Mark\Desktop\HP Upgrade Assistant.lnk
    [2011/05/17 15:59:21 | 000,001,896 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeCell.lnk
    [2011/05/17 15:22:49 | 000,001,537 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
    [2011/05/17 14:26:41 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2011/05/17 14:26:41 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/05/17 14:26:41 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/05/17 14:24:33 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2011/05/17 13:35:25 | 000,001,916 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
    [2011/05/17 13:35:25 | 000,001,916 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
    [2011/05/17 13:35:14 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 30 Prints.lnk

    ========== Files Created - No Company Name ==========

    [2011/05/18 21:01:00 | 004,351,251 | R--- | C] () -- C:\Users\Mark\Desktop\ComboFix.exe
    [2011/05/18 17:39:14 | 000,001,940 | ---- | C] () -- C:\Users\Mark\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/18 17:21:08 | 002,057,028 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
    [2011/05/18 07:46:21 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.cat
    [2011/05/18 07:46:21 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv64.cat
    [2011/05/18 07:46:21 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet64.cat
    [2011/05/18 07:46:21 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa.inf
    [2011/05/18 07:46:21 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv.inf
    [2011/05/18 07:46:21 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet.inf
    [2011/05/18 07:46:20 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.cat
    [2011/05/18 07:46:20 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.cat
    [2011/05/18 07:46:20 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.cat
    [2011/05/18 07:46:20 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.cat
    [2011/05/18 07:46:20 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.cat
    [2011/05/18 07:46:20 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds.inf
    [2011/05/18 07:46:20 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.inf
    [2011/05/18 07:46:20 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.inf
    [2011/05/18 07:46:20 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.inf
    [2011/05/18 07:46:20 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.inf
    [2011/05/18 07:45:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\isolate.ini
    [2011/05/18 00:52:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/18 00:52:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/18 00:52:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/18 00:52:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/18 00:52:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/17 23:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/17 23:15:52 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2011/05/17 23:15:52 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
    [2011/05/17 22:05:41 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/05/17 22:05:41 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/05/17 21:54:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/05/17 21:54:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/05/17 21:37:28 | 000,001,411 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011/05/17 21:37:22 | 000,001,445 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/05/17 21:04:44 | 536,260,607 | -HS- | C] () -- C:\hiberfil.sys
    [2011/05/17 20:58:01 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
    [2011/05/17 20:44:57 | 000,000,290 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/05/17 20:44:57 | 000,000,272 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/05/17 20:44:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011/05/17 20:44:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011/05/17 20:44:08 | 000,009,872 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/17 20:44:08 | 000,009,872 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/17 20:43:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/05/17 19:56:52 | 000,003,040 | ---- | C] () -- C:\Users\Mark\Desktop\Windows Compatibility Report.htm
    [2011/05/17 19:56:51 | 000,001,439 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/17 19:54:20 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2011/05/17 19:54:20 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
    [2011/05/17 19:52:55 | 000,000,554 | ---- | C] () -- C:\Users\Mark\Desktop\HP Upgrade Assistant.lnk
    [2011/05/17 15:59:21 | 000,001,896 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeCell.lnk
    [2011/05/17 15:22:49 | 000,001,537 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
    [2011/05/17 14:26:44 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2011/05/17 14:26:44 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2011/05/17 14:26:40 | 000,002,555 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2011/05/17 13:44:42 | 000,000,552 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2011/05/17 13:38:07 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    [2011/05/17 13:37:50 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    [2011/05/17 13:35:18 | 000,001,916 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
    [2011/05/17 13:35:18 | 000,001,916 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
    [2011/05/17 13:35:14 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 30 Prints.lnk
    [2011/05/17 13:34:58 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
    [2011/05/17 13:34:58 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
    [2011/05/17 13:34:57 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    [2011/05/17 13:34:57 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
    [2011/05/17 13:34:57 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
    [2011/05/17 13:34:29 | 000,001,928 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
    [2011/05/17 13:34:29 | 000,001,350 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
    [2011/05/17 13:34:29 | 000,000,340 | -HS- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/22 06:18:42 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
    [2009/04/22 06:18:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

    ========== LOP Check ==========

    [2011/05/17 14:24:33 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2009/07/14 01:08:49 | 000,001,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
     
  8. mmcleod

    mmcleod TS Rookie Topic Starter

    Here is part 2 of the log

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/05/18 00:40:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/05/18 21:10:24 | 000,029,498 | ---- | M] () -- C:\ComboFix.txt
    [2011/05/17 19:52:49 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
    [2011/05/18 17:23:09 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/05/18 17:23:28 | 2146,672,639 | -HS- | M] () -- C:\pagefile.sys
    [2011/05/17 22:50:27 | 000,064,096 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_17.05.2011_22.48.59_log.txt
    [2011/05/18 22:07:25 | 000,064,238 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_18.05.2011_22.07.07_log.txt
    [2009/04/22 06:54:38 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/17 19:56:51 | 000,000,340 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/05/17 23:22:32 | 000,000,221 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/18 21:02:54 | 004,351,251 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/05/17 21:37:27 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OTL log looks clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. mmcleod

    mmcleod TS Rookie Topic Starter

    Broni, Here are the results of SecurityCheck. ESET has been running for over 12 hours and it was still going. I had left it running ovenight and it's been at 99% of step 3 of 4 for at least 5 of those hours since I've been up. It was on my back-up drive which I shut down so the scan would complete. I'll be gone for the weekend and will look at any response on Sunday. I really appreciate your help here.
    I should note that when I powered up my system yesterday after all of the programs you had me run the night before it said it was making registry changes during the power up sequence. 42783 changes. Does that sound right?


    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Adobe Flash Player
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````


    *********************************************************************************************
    ESET results

    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan
    C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
    C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Possible.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe 
      C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe 
      C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  12. mmcleod

    mmcleod TS Rookie Topic Starter

    My computer is somehow still infected after all this. I just tried a Google search and and it wouldn't return anything. I tried a Yahoo search and got a redirect. I had completed most of you instructions in the last email. The logs are below. I'm going back to the very beginning and will start those instructions all over again and will post those results in my next reply.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully.
    C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe moved successfully.
    File\Folder C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jill
    ->Temp folder emptied: 1625 bytes
    ->Temporary Internet Files folder emptied: 4743934 bytes
    ->Flash cache emptied: 727 bytes

    User: Junior
    ->Temp folder emptied: 3788 bytes
    ->Temporary Internet Files folder emptied: 59454181 bytes
    ->Flash cache emptied: 1203 bytes

    User: Mark
    ->Temp folder emptied: 967 bytes
    ->Temporary Internet Files folder emptied: 9072777 bytes
    ->FireFox cache emptied: 73566348 bytes
    ->Flash cache emptied: 1074 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 58640 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 140.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jill
    ->Flash cache emptied: 0 bytes

    User: Junior
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05222011_191614

    Files\Folders moved on Reboot...
    C:\Users\Mark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    ********************************************************************************

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jill
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Junior
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 15281281 bytes
    ->Flash cache emptied: 640 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jill
    ->Flash cache emptied: 0 bytes

    User: Junior
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.22.3 log created on 05222011_192409

    Files\Folders moved on Reboot...
    C:\Users\Mark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  13. mmcleod

    mmcleod TS Rookie Topic Starter

    I'm starting over. Here are the Malwarebytes log along with the DDS and Attach logs. GMER found nothing and had an empty log.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6603

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    5/22/2011 8:48:34 PM
    mbam-log-2011-05-22 (20-48-34).txt

    Scan type: Quick scan
    Objects scanned: 181449
    Time elapsed: 1 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    ***********************************************************************

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/17/2011 9:36:30 PM
    System Uptime: 5/22/2011 7:49:51 PM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 582 GiB total, 506.916 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.92 GiB free.
    E: is FIXED (NTFS) - 112 GiB total, 12.716 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: AVSTREAM\CIR\5&2525B28F&0&0
    Manufacturer:
    Name:
    PNP Device ID: AVSTREAM\CIR\5&2525B28F&0&0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 5/17/2011 9:52:08 PM - Windows Modules Installer
    RP2: 5/17/2011 10:44:05 PM - Installed Microsoft Fix it 50267
    RP3: 5/18/2011 7:52:30 AM - Windows Update
    RP4: 5/18/2011 8:50:44 PM - Installed 7-Zip 9.20 (x64 edition)
    RP5: 5/18/2011 10:36:28 PM - OTL Restore Point
    RP6: 5/18/2011 11:18:55 PM - Windows Update
    RP7: 5/19/2011 6:27:22 AM - Windows Update
    RP8: 5/19/2011 7:23:23 AM - Windows Update
    RP9: 5/19/2011 5:06:10 PM - Windows Update
    RP10: 5/21/2011 7:11:25 PM - Language Pack Removal
    RP11: 5/22/2011 7:24:26 PM - OTL Restore Point
    .
    ==== Installed Programs ======================
    .
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    Default Manager
    DirectX for Managed Code Update (Summer 2004)
    ESET Online Scanner v3
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    LabelPrint
    LightScribe System Software
    Malwarebytes' Anti-Malware
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360 Premier Edition
    NVIDIA PhysX v8.09.04
    Power2Go
    PowerDirector
    Python 2.6 pywin32-212
    Python 2.6.1
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/22/2011 8:54:24 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    5/22/2011 7:24:09 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    5/22/2011 7:06:37 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    5/20/2011 7:17:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
    5/20/2011 7:17:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    5/19/2011 6:23:50 AM, Error: Service Control Manager [7023] -
    5/19/2011 6:23:23 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.116. The computer with the IP address 192.168.1.120 did not allow the name to be claimed by this computer.
    5/18/2011 9:08:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    5/17/2011 8:54:06 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
    5/17/2011 8:12:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    5/17/2011 8:12:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/17/2011 8:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/17/2011 8:01:54 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    5/17/2011 7:41:42 PM, Error: Service Control Manager [7000] - The SetupNTGLM7X service failed to start due to the following error: This driver has been blocked from loading
    5/17/2011 7:41:42 PM, Error: Application Popup [1060] - \??\F:\NTGLM7X.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/17/2011 7:41:16 PM, Error: Service Control Manager [7000] - The GMSIPCI service failed to start due to the following error: This driver has been blocked from loading
    5/17/2011 7:41:16 PM, Error: Application Popup [1060] - \??\F:\INSTALL\GMSIPCI.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/17/2011 7:39:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    5/17/2011 6:14:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 for x64-based Systems (KB2418240).
    5/17/2011 5:11:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    5/17/2011 5:11:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    5/17/2011 2:26:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
    5/17/2011 11:16:06 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    5/17/2011 1:37:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
    5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
    .
    ==== End Of File ===========================



    **************************************************************************************8

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Mark at 20:54:41 on 2011-05-22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4632 [GMT -4:00]
    .
    AV: Norton 360 Premier Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 Premier Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 Premier Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\ProgramData\Norton\NUA.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Mark\Downloads\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\dagru97e.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.iwon.com/|http://us.mg6.mail.yahoo.com/neo/la...WeatherLocalUndeclared&from=searchbox_localwx
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-5-18 1127032]
    R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSviA64.sys [2011-5-18 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [2011-5-18 126392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-17 136824]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-20 02:01:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-20 01:33:35 -------- d-----w- C:\Program Files (x86)\ESET
    2011-05-19 03:32:13 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-05-19 03:32:13 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-05-19 03:23:37 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-05-19 03:23:37 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-05-19 03:23:37 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-05-19 03:23:37 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-05-19 03:23:37 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-05-19 03:23:37 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-05-19 03:23:37 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-05-19 03:23:37 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-05-19 03:23:37 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-05-19 03:23:37 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-05-19 03:10:44 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-19 01:27:17 -------- d-----w- C:\Users\Mark\AppData\Local\ElevatedDiagnostics
    2011-05-19 01:27:05 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP3.DLL
    2011-05-18 21:32:59 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-05-18 21:31:38 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2011-05-18 21:30:52 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-05-18 21:29:52 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2011-05-18 21:28:06 1739176 ----a-w- C:\Windows\System32\ntdll.dll
    2011-05-18 21:28:06 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-05-18 21:28:03 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-18 21:28:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2011-05-18 21:28:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-05-18 21:28:00 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-05-18 21:28:00 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-05-18 21:27:59 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-05-18 21:27:59 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-05-18 21:27:59 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-05-18 21:27:58 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-05-18 21:27:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-05-18 21:27:58 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-05-18 21:27:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-05-18 21:27:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-05-18 21:27:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-05-18 21:27:58 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-05-18 21:27:54 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2011-05-18 21:27:54 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2011-05-18 21:22:00 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-05-18 21:21:59 -------- d-----w- C:\Windows\System32\Wat
    2011-05-18 11:52:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2011-05-18 11:46:21 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys
    2011-05-18 11:46:21 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys
    2011-05-18 11:46:20 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys
    2011-05-18 11:46:20 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys
    2011-05-18 11:46:20 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys
    2011-05-18 11:46:20 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys
    2011-05-18 11:46:20 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys
    2011-05-18 11:45:59 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005
    2011-05-18 11:43:10 139264 ----a-w- C:\Windows\System32\cabview.dll
    2011-05-18 11:43:10 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
    2011-05-18 11:43:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2011-05-18 11:43:00 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2011-05-18 04:40:16 -------- d-----w- C:\Windows\Panther
    2011-05-18 04:32:37 -------- d-----w- C:\$WINDOWS.~Q
    2011-05-18 04:30:04 -------- d-----w- C:\$INPLACE.~TR
    2011-05-18 03:31:53 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
    2011-05-18 03:31:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-18 03:31:47 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-05-18 03:31:44 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-18 03:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-18 03:18:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2011-05-18 03:15:52 20040 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2011-05-18 03:15:51 -------- d-----w- C:\Program Files\Hitman Pro 3.5
    2011-05-18 03:14:41 -------- d-----w- C:\ProgramData\Hitman Pro
    2011-05-18 02:13:16 -------- d-----w- C:\Program Files\Common Files\Canon
    2011-05-18 01:54:04 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2011-05-18 01:52:53 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-05-18 01:36:29 -------- d-----w- C:\Recovery
    2011-05-17 23:52:46 -------- d-----w- C:\i386
    2011-05-17 23:50:21 -------- d-----w- C:\blocks
    2011-05-17 23:49:29 -------- d-----w- C:\$HPW7UA$
    2011-05-17 23:46:00 -------- d-----w- C:\Windows\SysWow64\AGEIA
    2011-05-17 23:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2011-05-17 23:45:13 410656 ----a-w- C:\Windows\System32\nvcpl.cpl
    2011-05-17 23:45:13 2112544 ----a-w- C:\Windows\System32\nvcplui.exe
    2011-05-17 23:45:13 1097248 ----a-w- C:\Windows\System32\nvcpluir.dll
    2011-05-17 23:42:43 501280 ----a-w- C:\Windows\System32\NVUNINST.EXE
    2011-05-17 22:58:27 131584 ------w- C:\Windows\System32\PDMSetup.exe
    2011-05-17 22:58:27 125440 ------w- C:\Windows\System32\SetDepNx.exe
    2011-05-17 22:58:25 109568 ------w- C:\Windows\SysWow64\PDMSetup.exe
    2011-05-17 22:58:25 103936 ------w- C:\Windows\SysWow64\SetDepNx.exe
    2011-05-17 22:14:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-05-17 19:23:56 -------- d-----w- C:\Users\Mark\AppData\Local\CrashDumps
    2011-05-17 19:12:32 -------- d-----w- C:\Users\Mark\AppData\Local\Microsoft Games
    2011-05-17 18:32:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-05-17 18:26:44 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-05-17 18:26:44 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-05-17 18:26:44 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
    2011-05-17 18:26:44 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
    2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Symantec
    2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-05-17 18:25:43 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2011-05-17 18:25:34 -------- d-----w- C:\Program Files (x86)\Norton 360 Premier Edition
    2011-05-17 18:22:12 -------- d-----w- C:\ProgramData\PCSettings
    2011-05-17 17:41:35 -------- d-----w- C:\Users\Mark\AppData\Local\Hewlett-Packard
    2011-05-17 17:40:46 -------- d-----w- C:\Users\Mark\AppData\Local\VirtualStore
    2011-05-17 17:37:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\HP TCS
    .
    ==================== Find3M ====================
    .
    2011-05-18 01:52:53 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
    2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    .
    ============= FINISH: 20:55:18.06 ===============
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Your computer seems to be clean, but we may need to reset your router.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  15. mmcleod

    mmcleod TS Rookie Topic Starter

    Broni, I can not get my router to work anymore. I went through the steps you had me do and now I can't get anything through my router. I've tried resetting it numerous times and powered it on and off numerous times also. It's a Linksys WRT160N router. The one thing that seems to be out of the ordinary is the yellow light above the "Wi-Fi Protected Setup Button is constantly on.


    The LED lights up amber if there is an error
    during the Wi‑Fi Protected Setup process. Make
    sure the client device supports Wi‑Fi Protected
    Setup​
    . Wait until the LED is off, and then try again.


    I can't say if this related to the virus problem I had?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I don't think, this is malware related.
    Try to disconnect router from the power source for 1 minute.
     
  17. mmcleod

    mmcleod TS Rookie Topic Starter

    Broni, I had to get a new router. That's up and running now and I don't appear to have the Google redirect issue anymore. However, another spam was sent out from my email earlier today with the PC was hooked directly to the cable modem. Do I still have a problem?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    What type of email program is it?
    Is the spam mail listed in your "Sent" folder?
     
  19. mmcleod

    mmcleod TS Rookie Topic Starter

    I use Yahoo mail and the spam is shown in my sent folder
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Any web based email can be hacked without accessing your computer.
    Your computer is clean, so I assume, your Yahoo account has been simply hacked.

    You can try to change your password there, but to be totally safe, I'd abandon that account and I'd create new one.

    If that's the only issue, I'll mark this thread as resolved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...