TechSpot

Redirect virus; Staples remote help couldn't get rid of it; restore not working

Inactive
By laladawn
Jan 4, 2012
  1. Obtained a virus (sorry - don't know what - Staples labeled as 'malware' in general) about three weeks ago when I switched from Norton to McAfee; I think it left my computer vulnerable for a while; at that time, I lost all icons and it appeared that all of my data was gone; took laptop to Staples where I bought it and they fixed it...next day, I notice the redirect is happening with all search engines, not just Google...I go back to Norton and run Malware Bytes...nothing found...work around the redirects, but I am a professional, so I need a clean computer; called Staples over the weekend and they worked remotely for over three hours, but couldn't remove...they said it was a rootkit and I would need to reinstall back to factory; I have tried every way to do that also, but it seems every attempt is blocked - Dell Inspiron - F8 Repair Computer option gives me a "Windows loading files" message that freezes computer; Dell DataSafe backup gives error message when trying to create recovery disc on USB; system restore gives me an error; at this point, I am buying a new work laptop, but would still like this one to be clean for home use...

    I followed your steps and am posting the logs. GMER scan stopped working after a few seconds. I did try in safe mode, too, and it didn't work.

    Thank you so much for your help!

    Malware log:

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.03.05

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dawn :: WORKLAPTOP [administrator]

    Protection: Disabled

    1/3/2012 11:55:12 PM
    mbam-log-2012-01-03 (23-55-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 183103
    Time elapsed: 6 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS Log #1:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Dawn at 0:57:43 on 2012-01-04
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2135 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Workspace\offSyncService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Workspace\workspaceupdate.exe
    C:\Program Files (x86)\FileVault\FileVault.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\UltraVNC\WinVNC.exe
    C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\UltraVNC\WinVNC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyOverride = *.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe"
    uRun: [FileVault.exe] C:\Program Files (x86)\FileVault\FileVault.exe
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\Dawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\Users\Dawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: live.com\mail
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T27L/webex/ieatgpc1.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{88870896-2C2C-4095-8743-75A6CF3F1DA3} : DhcpNameServer = 192.168.1.6 192.168.1.27
    TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB} : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}\56279636 : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}\7445B49405143535 : DhcpNameServer = 192.168.111.1
    TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}\E4544574541425 : DhcpNameServer = 192.168.1.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-29 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-19 98208]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2010-7-16 1185008]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-12-14 130008]
    R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-19 1692480]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-19 2320920]
    R2 uvnc_service;uvnc_service;C:\Program Files (x86)\UltraVNC\winvnc.exe [2010-10-20 1590216]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-15 138360]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]
    S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 ssmirrdr;ssmirrdr;C:\Windows\system32\DRIVERS\ssmirrdr.sys --> C:\Windows\system32\DRIVERS\ssmirrdr.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-01-03 02:26:22 -------- d-----w- C:\1 AICPA PCPS Flash Drive
    2012-01-02 02:50:02 -------- d--h--w- C:\$RECYCLE.BIN
    2012-01-02 02:07:32 98816 ----a-w- C:\Windows\sed.exe
    2012-01-02 02:07:32 518144 ----a-w- C:\Windows\SWREG.exe
    2012-01-02 02:07:32 256000 ----a-w- C:\Windows\PEV.exe
    2012-01-02 02:07:32 208896 ----a-w- C:\Windows\MBR.exe
    2012-01-01 04:49:14 -------- d-----w- C:\Users\Dawn\AppData\Roaming\Malwarebytes
    2012-01-01 04:48:49 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-01 04:48:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-26 20:48:40 -------- d-----w- C:\Users\Dawn\AppData\Local\{6FDDD61B-D685-4441-8C4E-CE1EBBACE07E}
    2011-12-26 20:48:27 -------- d-----w- C:\Users\Dawn\AppData\Local\{B55956D2-E02F-4674-AA15-143F0E05ADCE}
    2011-12-15 19:26:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 19:26:46 3141632 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 19:26:42 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 19:26:42 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 19:26:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 19:26:38 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-15 18:19:06 -------- d-----w- C:\ProgramData\Nuance
    2011-12-15 18:19:06 -------- d-----w- C:\ProgramData\Intuit
    2011-12-15 18:19:06 -------- d-----w- C:\Program Files (x86)\Intuit
    2011-12-15 18:19:06 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
    2011-12-15 15:26:21 -------- d--h--w- C:\Windows\msdownld.tmp
    2011-12-15 15:22:40 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-12-15 15:22:40 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-12-15 15:22:40 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-12-15 07:15:46 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
    2011-12-15 03:02:57 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
    2011-12-15 03:02:57 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
    2011-12-15 03:02:56 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
    2011-12-15 03:02:56 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
    2011-12-15 03:02:56 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
    2011-12-15 03:02:56 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
    2011-12-15 03:02:33 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
    2011-12-15 02:20:17 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-12-15 02:20:17 -------- d-----w- C:\Program Files\Symantec
    2011-12-15 02:20:17 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-12-15 02:19:33 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2011-12-15 02:19:32 -------- d-----w- C:\Program Files (x86)\Norton 360
    2011-12-15 02:17:41 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-12-14 15:39:44 -------- d-----w- C:\Program Files (x86)\smartmontools
    2011-12-14 15:28:36 -------- d-----w- C:\Users\Dawn\AppData\Roaming\supportdotcom
    2011-12-14 15:28:20 -------- d-----w- C:\Program Files (x86)\supportdotcom
    2011-12-14 15:28:20 -------- d-----w- C:\Program Files (x86)\Common Files\supportdotcom
    2011-12-12 02:05:09 -------- d-----w- C:\Users\Dawn\AppData\Local\{BF574E78-DC61-48DE-A5F6-F2659A30E10A}
    2011-12-10 03:23:09 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BC41F6F-22AC-4967-9998-36BDCAE56962}\mpengine.dll
    2011-12-10 03:23:02 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-12-08 16:38:44 -------- d-----w- C:\Users\Dawn\AppData\Local\McAfee Anti-Theft
    .
    ==================== Find3M ====================
    .
    2011-11-17 02:04:34 69632 ----a-w- C:\Windows\SysWow64\Clifford Uninstall.exe
    .
    ============= FINISH: 1:08:43.66 ===============


    Will post DDS log #2 in next message.

    Again, thank you.
     
  2. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    Second DDS log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/2/2010 3:44:30 PM
    System Uptime: 1/4/2012 12:50:16 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 08VFX1
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 2255/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 376.854 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0022
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0022
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0023
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0023
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0024
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0024
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0025
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0025
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0026
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0026
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0007
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0007
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0027
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0027
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0008
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0008
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0028
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0028
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0009
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0009
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0010
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0010
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0011
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0011
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0012
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0012
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0013
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0013
    Service:
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet J4680 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet J4680 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0014
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0014
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0015
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0015
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0016
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0016
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0017
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0017
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0018
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0018
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0019
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0019
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0020
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0020
    Service:
    .
    Class GUID:
    Description: Officejet J4680 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer:
    Name: Officejet J4680 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID:
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0021
    Manufacturer:
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0021
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet J4680 series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: HP
    Name: Officejet J4680 series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    ==== System Restore Points ===================
    .
    RP142: 12/26/2011 12:54:59 PM - Scheduled Checkpoint
    RP143: 12/31/2011 11:28:12 PM - Norton 360 Registry Clean
    RP144: 1/1/2012 10:44:49 PM - EasyTech Service Complete
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    4660_4680_Help
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 8.0
    Adobe Reader X (10.1.1)
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    Atari Arcade Hits 1
    Becker's CPA Exam Review and PassMaster - 2011 Edition
    Big Fish Games: Game Manager
    Bing Bar
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Clifford Reading
    Clifford Thinking Adventures
    Coupon Printer for Windows
    Cozi
    CPS FirstClass Client v9.012f
    Crazy Chicken Pinball
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Webcam Central
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    Fax
    FileVault
    Frogger v3.0e
    Google Chrome
    GoToAssist 8.0.0.514
    GoToMeeting 4.5.0.457
    GPBaseService2
    HP Product Detection
    HP Update
    HPDiagnosticAlert
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    J4680
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Live! Cam Avatar Creator
    Mall Tycoon 2
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    Mesh Runtime
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2005 Tools for Office Runtime
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyScribe
    NOOK Study
    Norton 360
    OverDrive Media Console
    Plants vs. Zombies
    ProductContext
    QuickBooks
    QuickBooks Premier: Accountant Edition 2012
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrinting
    SolutionCenter
    Status
    SupportSoft Assisted Service
    System Requirements Lab
    Tarzan Action Game
    TestGen
    Toolbox
    TrayApp
    UltraVNC 1.0.8.2
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update Installer for WildTangent Games App
    VO Scan client for Citrix
    WebEx
    WebReg
    WildTangent Games
    WildTangent Games App
    WildTangent Games App (Dell Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Workspace Desktop
    Zoo Tycoon: Complete Collection
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2011 9:27:01 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    12/31/2011 9:26:55 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
    12/31/2011 11:47:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    12/31/2011 11:47:20 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/31/2011 11:45:22 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/30/2011 6:39:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}. The master browser is stopping or an election is being forced.
    12/29/2011 11:18:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    12/28/2011 1:27:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    1/4/2012 12:58:10 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/4/2012 12:55:14 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    1/4/2012 12:55:14 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    1/4/2012 12:53:40 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    1/4/2012 12:53:01 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
    1/4/2012 12:49:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:49:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    1/4/2012 12:49:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    1/4/2012 12:48:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/4/2012 12:48:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/4/2012 12:48:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/4/2012 12:48:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/4/2012 12:48:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/4/2012 12:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ctxusbm DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    1/4/2012 12:19:47 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/3/2012 5:24:42 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
    1/3/2012 4:45:53 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/3/2012 4:45:53 PM, Error: Service Control Manager [7038] - The HPSLPSVC service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/3/2012 4:45:53 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    1/3/2012 4:45:53 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not start due to a logon failure.
    1/3/2012 4:45:53 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    1/3/2012 4:45:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
    1/3/2012 4:45:49 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/3/2012 4:45:49 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    1/3/2012 4:45:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/3/2012 4:43:58 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
    1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
    1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
    1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
    1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
    1/3/2012 4:43:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
    1/3/2012 4:43:57 PM, Error: Service Control Manager [7038] - The FontCache service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/3/2012 4:43:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/3/2012 4:43:57 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/3/2012 4:43:57 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not start due to a logon failure.
    1/3/2012 4:43:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/3/2012 4:42:18 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The media is write protected.
    1/3/2012 4:11:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
    1/3/2012 2:35:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    1/3/2012 2:23:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    1/3/2012 11:49:36 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The pipe has been ended.
    1/3/2012 11:49:36 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
    1/2/2012 9:42:30 PM, Error: volsnap [35] - The shadow copies of volume \\?\Volume{24be6217-ab6a-11df-a61b-806e6f6e6963} were aborted because the shadow copy storage failed to grow.
    1/2/2012 9:27:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    1/2/2012 4:53:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/2/2012 4:53:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}
    1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The Symantec Real Time Storage Protection x64 service failed to start due to the following error: The media is write protected.
    1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The system cannot find the path specified.
    1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The system cannot find the path specified.
    1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
    1/2/2012 3:29:07 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/2/2012 3:29:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    1/2/2012 2:38:05 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
    1/2/2012 2:38:04 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
    1/2/2012 12:40:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
    1/2/2012 10:23:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    1/2/2012 10:23:08 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/2/2012 10:23:08 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/2/2012 10:01:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    1/1/2012 9:47:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2012 9:47:23 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/1/2012 9:43:55 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/1/2012 9:08:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    1/1/2012 8:52:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2012 8:51:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    1/1/2012 8:51:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ctxusbm discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    1/1/2012 8:42:26 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll
    1/1/2012 7:38:28 PM, Error: Application Popup [1060] - \??\C:\Users\Dawn\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/1/2012 7:12:12 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/1/2012 7:12:11 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:09 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The uvnc_service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The QBIDPService service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The File Backup Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/1/2012 7:12:06 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 5:58:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/1/2012 5:58:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    1/1/2012 5:57:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/1/2012 11:45:44 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
    1/1/2012 1:19:08 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/1/2012 1:19:08 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    1/1/2012 1:19:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    Message from Combofix that Norton 360 realtime scan still running

    although I did disable the anti-virus for 5 hours as the link directed...I disabled the Norton 360 firewall thinking that might be it and the combofix box said it would run but at my own risk...I didn't go any further...I don't know whether it is really combofix or not...don't know what to trust

    Here was the first log.

    aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-04 12:41:44
    -----------------------------
    12:41:44.665 OS Version: Windows x64 6.1.7600
    12:41:44.665 Number of processors: 4 586 0x2505
    12:41:44.666 ComputerName: WORKLAPTOP UserName: Dawn
    12:41:47.157 Initialize success
    12:44:29.365 AVAST engine defs: 12010400
    12:44:36.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    12:44:36.245 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    12:44:36.260 Disk 0 MBR read successfully
    12:44:36.264 Disk 0 MBR scan
    12:44:36.271 Disk 0 Windows 7 default MBR code
    12:44:36.276 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
    12:44:36.296 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
    12:44:36.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
    12:44:36.321 Service scanning
    12:44:38.154 Modules scanning
    12:44:38.161 Disk 0 trace - called modules:
    12:44:38.214 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004c23334]<<
    12:44:38.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0c790]
    12:44:38.231 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048fd050]
    12:44:38.240 \Driver\iaStor[0xfffffa80048f0750] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004c23334
    12:44:40.122 AVAST engine scan C:\Windows
    12:44:44.310 AVAST engine scan C:\Windows\system32
    12:46:24.598 AVAST engine scan C:\Windows\system32\drivers
    12:46:39.165 AVAST engine scan C:\Users\Dawn
    12:57:45.036 AVAST engine scan C:\ProgramData
    13:04:38.192 Scan finished successfully
    13:12:08.724 Disk 0 MBR has been saved successfully to "C:\Users\Dawn\Desktop\MBR.dat"
    13:12:08.728 The log file has been saved successfully to "C:\Users\Dawn\Desktop\aswMBR.txt"


    thanks! Just let me know if I should still run the combofix or what to do next
     
  5. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    also got strange message when downloading aswmbr and combofix

    forgot in my last post: When downloading both to my desktop, I got a "this file is safe" message from Norton, but then at the middle bottom of the screen a message popped up both times saying "aswMBR.exe/combofix.exe is not commonly downloaded and could harm your computer". Then it had three choices: Delete, Actions, View Downloads as buttons. The messages *appeared* to be from McAfee, but I thought I got rid of that a couple of weeks ago. I didn't click on the message at all, but rather closed my internet explorer.

    thanks
     
  6. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Both downloads are obviously safe so go ahead.
     
  7. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    Combofix log part 1

    ComboFix 12-01-04.02 - Dawn 01/04/2012 15:54:14.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2021 [GMT -5:00]
    Running from: c:\users\Dawn\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-04 22:36 . 2012-01-04 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-03 02:26 . 2012-01-03 02:26 -------- d-----w- C:\1 AICPA PCPS Flash Drive
    2012-01-01 04:49 . 2012-01-01 04:49 -------- d-----w- c:\users\Dawn\AppData\Roaming\Malwarebytes
    2012-01-01 04:48 . 2012-01-01 04:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-01 04:48 . 2012-01-02 00:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-12-15 19:26 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 19:26 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 19:26 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 19:26 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 19:26 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 19:26 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-12-15 19:25 . 2011-12-15 19:25 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-12-15 18:19 . 2012-01-01 03:18 -------- d-----w- c:\program files (x86)\Common Files\Intuit
    2011-12-15 18:19 . 2011-12-22 15:54 -------- d-----w- c:\programdata\Intuit
    2011-12-15 18:19 . 2011-12-15 18:21 -------- d-----w- c:\program files (x86)\Intuit
    2011-12-15 18:19 . 2011-12-15 18:19 -------- d-----w- c:\programdata\Nuance
    2011-12-15 15:26 . 2011-12-15 15:26 -------- d--h--w- c:\windows\msdownld.tmp
    2011-12-15 15:22 . 2011-12-15 15:22 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-12-15 15:22 . 2011-12-15 15:22 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-12-15 15:22 . 2011-12-15 15:22 144384 ----a-w- c:\windows\system32\cdd.dll
    2011-12-15 07:15 . 2011-12-15 07:15 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
    2011-12-15 02:20 . 2011-12-15 03:03 -------- d-----w- c:\program files\Symantec
    2011-12-15 02:20 . 2011-12-15 03:02 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-12-15 02:20 . 2011-12-15 02:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-12-15 02:19 . 2011-12-15 05:23 -------- d-----w- c:\windows\system32\drivers\N360x64
    2011-12-15 02:19 . 2011-12-15 02:19 -------- d-----w- c:\program files (x86)\Norton 360
    2011-12-15 02:17 . 2011-12-15 02:17 -------- d-----w- c:\program files (x86)\NortonInstaller
    2011-12-14 15:39 . 2012-01-02 03:44 -------- d-----w- c:\program files (x86)\smartmontools
    2011-12-14 15:35 . 2012-01-02 03:45 -------- d-----w- c:\programdata\support.com
    2011-12-14 15:28 . 2011-12-14 15:28 -------- d-----w- c:\users\Dawn\AppData\Roaming\supportdotcom
    2011-12-14 15:28 . 2012-01-02 15:23 -------- d-----w- c:\program files (x86)\supportdotcom
    2011-12-14 15:28 . 2012-01-02 15:23 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
    2011-12-10 03:23 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BC41F6F-22AC-4967-9998-36BDCAE56962}\mpengine.dll
    2011-12-10 03:23 . 2011-11-15 19:29 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-08 16:38 . 2011-12-08 16:38 -------- d-----w- c:\users\Dawn\AppData\Local\McAfee Anti-Theft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-17 02:04 . 2011-11-16 20:22 69632 ----a-w- c:\windows\SysWow64\Clifford Uninstall.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-02_02.51.21 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-01-01 06:19 . 2012-01-01 06:19 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-01-04 22:38 . 2012-01-04 22:38 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2012-01-02 02:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-01-04 16:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-12-14 19:51 . 2012-01-02 02:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-01-04 18:48 . 2012-01-04 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-04 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-02 02:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-19 07:09 . 2012-01-04 16:12 81206 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-01-04 22:41 39780 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-10-02 22:56 . 2012-01-04 05:54 19348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1119411891-2864457860-3248121356-1000_UserData.bin
    - 2010-10-02 19:41 . 2012-01-02 00:12 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-10-02 19:41 . 2012-01-04 05:04 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-10-02 19:41 . 2012-01-02 00:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-10-02 19:41 . 2012-01-04 05:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-01-02 00:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-01-04 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-12-15 18:23 . 2012-01-01 03:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMSMShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMSMShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMDTShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMDTShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 45056 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 45056 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 86016 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 86016 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
    + 2011-08-20 02:31 . 2011-08-20 02:31 29528 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\syncmanagerclientlib.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 45416 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\svcxutil.dll
    + 2011-08-20 06:34 . 2011-08-20 06:34 56680 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbuchannel.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 15208 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbserverutilityhelper.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 85864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBSDKCOMUtil.dll
    + 2011-08-20 06:32 . 2011-08-20 06:32 77160 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbrequestadaptor.exe
    + 2011-08-20 06:33 . 2011-08-20 06:33 26472 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBObjProxy.dll
    + 2011-08-20 06:34 . 2011-08-20 06:34 14696 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBMsgMgrps.dll
    + 2011-08-20 02:34 . 2011-08-20 02:34 45928 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexceladaptor_64bit.exe
    + 2011-08-20 06:32 . 2011-08-20 06:32 38760 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexceladaptor.exe
    + 2011-08-20 06:33 . 2011-08-20 06:33 30568 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbdbportfinder.dll
    + 2011-08-20 04:49 . 2011-08-20 04:49 45056 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbcfmonitorservice.exe
    + 2011-08-20 06:33 . 2011-08-20 06:33 60264 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\permissionmgr.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 16728 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\oauthwebbrowser.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 26968 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\oauthhelper.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 18280 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\interop.netfwtypelib.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 55640 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibuenghost.exe
    + 2011-08-20 02:31 . 2011-08-20 02:31 36184 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x86w2k3.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 36184 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x86vista.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 43864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x64w2k3.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 43864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x64vista.dll
    + 2011-08-20 02:31 . 2011-08-20 02:31 36184 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng.dll
    + 2011-08-20 05:58 . 2011-08-20 05:58 36864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\cfscan.dll
    - 2011-12-15 18:21 . 2011-12-15 18:21 12120 c:\windows\assembly\GAC_32\QfmInterop\1.0.0.0__5b3f47ba29970ccb\QfmInterop.dll
    + 2012-01-02 18:21 . 2012-01-02 18:21 12120 c:\windows\assembly\GAC_32\QfmInterop\1.0.0.0__5b3f47ba29970ccb\QfmInterop.dll
    + 2012-01-02 18:20 . 2012-01-02 18:20 24576 c:\windows\assembly\GAC_32\QBWCCommon\2.1.0.27__82cc56431f1a971d\QBWCCommon.dll
    + 2012-01-02 18:21 . 2012-01-02 18:21 91480 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmModel\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmModel.dll
    - 2011-12-15 18:21 . 2011-12-15 18:21 91480 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmModel\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmModel.dll
    - 2011-12-15 18:21 . 2011-12-15 18:21 39256 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmExternal\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmExternal.dll
    + 2012-01-02 18:21 . 2012-01-02 18:21 39256 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmExternal\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmExternal.dll
    - 2011-12-15 18:21 . 2011-12-15 18:21 52056 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmCommon\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmCommon.dll
    + 2012-01-02 18:21 . 2012-01-02 18:21 52056 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmCommon\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmCommon.dll
    + 2012-01-02 18:20 . 2012-01-02 18:20 16384 c:\windows\assembly\GAC\QBWCInterfaces\2.1.0.27__82cc56431f1a971d\QBWCInterfaces.dll
    + 2012-01-02 18:20 . 2012-01-02 18:20 77824 c:\windows\assembly\GAC\IEProtocol\2.1.0.27__82cc56431f1a971d\IEProtocol.dll
    - 2010-10-21 21:58 . 2011-12-28 23:13 6044 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2010-10-21 21:58 . 2012-01-02 19:45 6044 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-01-04 22:38 . 2012-01-04 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-02 02:48 . 2012-01-02 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-01-02 02:48 . 2012-01-02 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-01-04 22:38 . 2012-01-04 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-20 06:33 . 2011-08-20 06:33 8040 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\quickbooksmsgs.dll
    + 2011-08-20 03:02 . 2011-08-20 03:02 5120 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\managedutilities.dll
    + 2010-10-03 01:53 . 2012-01-04 22:23 219198 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 02:36 . 2012-01-01 02:42 663894 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-01-04 22:26 663894 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-01-01 02:42 122472 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-01-04 22:26 122472 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2012-01-04 22:38 403192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-01-02 01:42 403192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut92_995982DA6F5147D0B263EACCBFB80EEC.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut92_995982DA6F5147D0B263EACCBFB80EEC.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut911_52BC2593A7AD474C89760DD3095F858D.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut911_52BC2593A7AD474C89760DD3095F858D.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut82_C55036898DFD4AC78FAF03E64357D1C5.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut82_C55036898DFD4AC78FAF03E64357D1C5.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut811_35DFAD5C171D44088EAA810BD0A23520.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut811_35DFAD5C171D44088EAA810BD0A23520.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut72_CAD273ADB04649A6BD8728786328AA87.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut72_CAD273ADB04649A6BD8728786328AA87.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut711_017ECA06492B42F79CDC1E5C8EA0D4DB.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut711_017ECA06492B42F79CDC1E5C8EA0D4DB.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut52_0BE5792C876246FC9ABE69B6DDA308A3.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut52_0BE5792C876246FC9ABE69B6DDA308A3.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut511_C00D6FDD7F0C4313938DD0B302929D40.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut511_C00D6FDD7F0C4313938DD0B302929D40.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut42_3242FA92AA814582BF8F363E375E2617.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut42_3242FA92AA814582BF8F363E375E2617.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut411_D7FFEBDC368A4660B7F21BA64BFCD866.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut411_D7FFEBDC368A4660B7F21BA64BFCD866.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut32_F9B129D0055B4A3694BB83B45342EB06.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut32_F9B129D0055B4A3694BB83B45342EB06.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut311_4604B4259921471B96EC624AFEA12F1B.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut311_4604B4259921471B96EC624AFEA12F1B.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut29_64E38A90B85F447EA9D42C14DFF7B399.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut29_64E38A90B85F447EA9D42C14DFF7B399.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut211_8C085A93DB0043388676173D40A360A3.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut211_8C085A93DB0043388676173D40A360A3.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut102_5644560183D14A7B8DC5AA115758DEAA.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut102_5644560183D14A7B8DC5AA115758DEAA.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1011_5774C111B8F246B0AFB1F71F20FF4E67.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1011_5774C111B8F246B0AFB1F71F20FF4E67.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
    - 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1_5DDC3DFBB658402487936E98D3651BFD.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1_5DDC3DFBB658402487936E98D3651BFD.exe
    - 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\IntuitDataProtect__04F38842ABCB4C6DB4AA98780DA65B97.exe
    + 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\IntuitDataProtect__04F38842ABCB4C6DB4AA98780DA65B97.exe
     
  8. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    Combofix log part 2

    + 2011-08-20 06:33 . 2011-08-20 06:33 479080 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\StopQBServer.dll
    + 2011-08-20 05:58 . 2011-08-20 05:58 155648 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\SSCE5232.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 745320 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBXMLRP2.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 121192 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBVersionTool.dll
    + 2011-08-20 06:34 . 2011-08-20 06:34 740712 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBUServiceMgr.dll
    + 2011-08-20 06:32 . 2011-08-20 06:32 268136 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbserverutilitymgr.exe
    + 2011-08-20 06:34 . 2011-08-20 06:34 567144 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBMsgRequestMgr.dll
    + 2011-08-20 06:34 . 2011-08-20 06:34 186728 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBMsgMgr.exe
    + 2011-08-20 06:33 . 2011-08-20 06:33 588648 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbmas32.dll
    + 2011-08-20 06:32 . 2011-08-20 06:32 784744 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBLaunch.exe
    + 2011-08-20 06:33 . 2011-08-20 06:33 786792 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBInstanceFinder.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 196968 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexcel2007reportupdater.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 190824 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexcel2003reportupdater.dll
    + 2011-08-20 05:58 . 2011-08-20 05:58 143360 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\OLBService.dll
    + 2011-08-20 06:32 . 2011-08-20 06:32 263016 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\CoLocator2.dll
    + 2011-08-20 06:32 . 2011-08-20 06:32 268136 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\addinmgr2.dll
    + 2012-01-02 18:21 . 2012-01-02 18:21 143704 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmController\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmController.dll
    - 2011-12-15 18:21 . 2011-12-15 18:21 143704 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmController\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmController.dll
    + 2011-08-20 05:58 . 2011-08-20 05:58 1916928 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\xerces_c_2_5_0_qb.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 1165672 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\sdksubscription.dll
    + 2011-08-20 06:33 . 2011-08-20 06:33 7032168 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbwps.dll
    + 2011-08-20 06:34 . 2011-08-20 06:34 1175912 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbupdate.exe
    + 2011-08-20 02:31 . 2011-08-20 02:31 1874264 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\intuitsyncmanager.exe
    + 2011-08-20 02:31 . 2011-08-20 02:31 5828952 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\intuitdataprotect.exe
    - 2009-07-14 02:34 . 2012-01-02 00:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-01-04 19:43 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2010-11-06 00:38 . 2012-01-04 22:38 16878027 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1119411891-2864457860-3248121356-1000-12288.dat
    + 2011-12-15 18:39 . 2011-12-15 18:39 76823552 c:\windows\Installer\a2c79c.msp
    + 2011-12-15 18:39 . 2011-12-15 18:39 36010496 c:\windows\Installer\a2c79b.msp
    + 2011-12-15 18:39 . 2011-12-15 18:39 49972224 c:\windows\Installer\a2c79a.msp
    + 2011-08-20 06:33 . 2011-08-20 06:33 22429544 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\sdkparse.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2011-12-14 34496]
    "FileVault.exe"="c:\program files (x86)\FileVault\FileVault.exe" [2008-10-01 108032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
    .
    c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
    R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-10 1156216]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111228.001\IDSvia64.sys [2011-12-14 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2011-09-20 1185008]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2009-12-07 1590216]
    S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-15 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000Core.job
    - c:\users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 23:30]
    .
    2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000UA.job
    - c:\users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 23:30]
    .
    2012-01-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-01-02 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: live.com\mail
    Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
    DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Clifford Adventure - c:\windows\system32\Clifford Uninstall.exe
    AddRemove-Clifford Reading - c:\windows\system32\Clifford Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1119411891-2864457860-3248121356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1119411891-2864457860-3248121356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-04 18:02:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-04 23:02
    .
    Pre-Run: 404,729,798,656 bytes free
    Post-Run: 404,306,739,200 bytes free
    .
    - - End Of File - - 05E96B9EF5A09A7638BFF2E3B7C03EA6
     
  9. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Which browser is getting redirected?
     
  10. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    IE and Google Chrome

    msn search, bing search, norton search
     
  11. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
     
  12. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    bootkit screen

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`afd00000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  13. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    OK...

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  14. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    FRST log part 1

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Dawn at 2012-01-04 22:23:13
    Running from C:\Users\Dawn\Desktop
    (X64) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit]
    HKLM-x32\...\Winlogon: [Userinit]
    HKLM\...\Winlogon: [Shell]
    HKLM-x32\...\Winlogon: [Shell] [x x] ()

    ==================== Services (Whitelisted) ======


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-04 22:22 - 2012-01-04 22:23 - 0000000 ____D C:\FRST
    2012-01-04 22:21 - 2012-01-04 22:21 - 1378579 ____A C:\Users\Dawn\Desktop\FRST64.exe
    2012-01-04 22:09 - 2012-01-04 22:09 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{a5d48fbf-3536-11e0-9aba-f04da24400aa}.TxR.blf
    2012-01-04 20:38 - 2012-01-04 20:38 - 0000000 ____D C:\Users\Dawn\Desktop\bootkit_remover
    2012-01-04 20:36 - 2012-01-04 20:36 - 0044607 ____A C:\Users\Dawn\Desktop\bootkit_remover.zip
    2012-01-04 20:22 - 2012-01-04 20:22 - 0019233 ____A C:\Windows\System32\hs_err_pid1636.log
    2012-01-04 18:39 - 2012-01-04 18:39 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-01-04 18:02 - 2012-01-04 18:02 - 0055739 ____A C:\ComboFix.txt
    2012-01-04 15:44 - 2012-01-04 18:03 - 0000000 ____D C:\ComboFix
    2012-01-04 13:13 - 2012-01-04 13:13 - 4369970 ____R (Swearware) C:\Users\Dawn\Desktop\ComboFix.exe
    2012-01-04 13:12 - 2012-01-04 13:12 - 0001946 ____A C:\Users\Dawn\Desktop\aswMBR.txt
    2012-01-04 13:12 - 2012-01-04 13:12 - 0000512 ____A C:\Users\Dawn\Desktop\MBR.dat
    2012-01-04 12:39 - 2012-01-04 12:39 - 4704768 ____A (AVAST Software) C:\Users\Dawn\Desktop\aswMBR.exe
    2012-01-04 00:56 - 2012-01-04 00:56 - 0607260 ____R (Swearware) C:\Users\Dawn\Downloads\dds.scr
    2012-01-04 00:45 - 2012-01-04 00:45 - 0294216 ____A C:\Users\Dawn\Desktop\gmer.zip
    2012-01-03 23:49 - 2012-01-03 23:49 - 0000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-01-02 21:26 - 2012-01-02 21:26 - 0000000 ____D C:\1 AICPA PCPS Flash Drive
    2012-01-01 22:29 - 2012-01-01 22:29 - 0000512 ____A C:\original.mbr
    2012-01-01 21:07 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
    2012-01-01 21:07 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
    2012-01-01 21:07 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-01-01 21:07 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-01-01 21:07 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-01-01 21:07 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
    2012-01-01 21:07 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
    2012-01-01 21:07 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
    2012-01-01 21:01 - 2012-01-01 21:58 - 0000000 ____D C:\Windows\ERDNT
    2012-01-01 20:59 - 2012-01-04 18:03 - 0000000 ____D C:\Qoobox
    2011-12-31 23:49 - 2011-12-31 23:49 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\Malwarebytes
    2011-12-31 23:48 - 2012-01-01 19:23 - 0001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2011-12-31 23:48 - 2012-01-01 19:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-12-31 23:44 - 2011-12-31 23:44 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Dawn\Downloads\mbam-clean.exe
    2011-12-31 22:22 - 2011-12-31 22:22 - 0002001 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    2011-12-31 20:44 - 2011-12-31 20:44 - 0019182 ____A C:\Windows\System32\hs_err_pid1340.log
    2011-12-27 16:50 - 2011-12-30 10:29 - 0049664 ____A C:\Users\Dawn\Desktop\Becker Schedule 2012.xls
    2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{B55956D2-E02F-4674-AA15-143F0E05ADCE}
    2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{6FDDD61B-D685-4441-8C4E-CE1EBBACE07E}
    2011-12-22 15:01 - 2011-12-22 15:01 - 0019145 ____A C:\Windows\System32\hs_err_pid1396.log
    2011-12-22 11:44 - 2011-12-22 11:44 - 0296448 ____A C:\Users\Dawn\Downloads\Plan Designs- HRAs.doc
    2011-12-19 07:52 - 2011-12-19 07:52 - 0019356 ____A C:\Windows\System32\hs_err_pid1580.log
    2011-12-18 13:27 - 2011-12-18 13:27 - 0019188 ____A C:\Windows\System32\hs_err_pid1164.log
    2011-12-17 09:15 - 2012-01-01 20:43 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2011-12-17 09:15 - 2012-01-01 20:43 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
    2011-12-16 06:49 - 2011-12-16 06:49 - 0019187 ____A C:\Windows\System32\hs_err_pid4156.log
    2011-12-15 14:26 - 2011-11-24 00:00 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-15 14:26 - 2011-11-05 00:17 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-15 14:26 - 2011-11-04 23:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-12-15 14:26 - 2011-10-26 00:19 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-15 14:26 - 2011-10-15 01:25 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-15 14:26 - 2011-10-15 00:48 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-12-15 14:24 - 2011-10-03 05:06 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2011-12-15 14:24 - 2011-10-03 05:06 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2011-12-15 14:24 - 2011-10-03 05:06 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2011-12-15 14:22 - 2011-12-15 14:24 - 0004416 ____A C:\Windows\SysWOW64\jupdate-1.6.0_29-b11.log
    2011-12-15 13:23 - 2011-12-31 22:22 - 0002405 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    2011-12-15 13:23 - 2011-12-31 22:22 - 0002192 ____A C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    2011-12-15 13:23 - 2011-12-31 22:22 - 0002152 ____A C:\Users\Public\Desktop\QuickBooks Premier - Accountant Edition 2012.lnk
    2011-12-15 13:23 - 2011-12-31 22:22 - 0002126 ____A C:\Users\Public\Desktop\QuickBooks File Manager 2012.lnk
    2011-12-15 13:19 - 2011-12-22 10:54 - 0000000 ____D C:\Users\All Users\Intuit
    2011-12-15 13:19 - 2011-12-22 10:54 - 0000000 ____D C:\ProgramData\Intuit
    2011-12-15 13:19 - 2011-12-15 13:21 - 0000000 ____D C:\Program Files (x86)\Intuit
    2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\Public\Documents\Intuit
    2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\All Users\Nuance
    2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\ProgramData\Nuance
    2011-12-15 10:26 - 2011-12-15 10:26 - 0000000 ___HD C:\Windows\msdownld.tmp
    2011-12-15 10:25 - 2011-12-15 10:25 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-15 10:25 - 2011-12-15 10:25 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-12-15 10:25 - 2011-12-15 10:25 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2011-12-15 10:25 - 2011-12-15 10:25 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2011-12-15 10:25 - 2011-12-15 10:25 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2011-12-15 10:25 - 2011-12-15 10:25 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
    2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\System32\ieuinit.inf
    2011-12-15 10:25 - 2011-12-15 10:25 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2011-12-15 10:25 - 2011-12-15 10:25 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2011-12-15 10:22 - 2011-12-15 10:22 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2011-12-15 10:22 - 2011-12-15 10:22 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2011-12-15 10:22 - 2011-12-15 10:22 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2011-12-15 10:19 - 2011-12-15 10:27 - 0008918 ____A C:\Windows\IE9_main.log
    2011-12-15 02:15 - 2011-12-15 02:15 - 0000000 ____D C:\Windows\SysWOW64\N360_BACKUP
    2011-12-14 21:20 - 2011-12-15 00:22 - 0002359 ____A C:\Users\Public\Desktop\Norton 360.lnk
    2011-12-14 21:20 - 2011-12-14 22:03 - 0000000 ____D C:\Program Files\Symantec
    2011-12-14 21:20 - 2011-12-14 22:02 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2011-12-14 21:20 - 2011-12-14 22:02 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2011-12-14 21:20 - 2011-12-14 22:02 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
    2011-12-14 21:20 - 2011-12-14 21:20 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
    2011-12-14 21:19 - 2011-12-15 00:23 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
    2011-12-14 21:19 - 2011-12-14 21:19 - 0000000 ____D C:\Program Files (x86)\Norton 360
    2011-12-14 21:17 - 2011-12-14 21:17 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
    2011-12-14 19:45 - 2011-12-14 19:45 - 0001633 ____A C:\Users\Dawn\Desktop\EXCEL - Shortcut.lnk
    2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\WINWORD - Shortcut.lnk
    2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\ONENOTE - Shortcut.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001664 ____A C:\Users\Dawn\Desktop\POWERPNT - Shortcut.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001653 ____A C:\Users\Dawn\Desktop\OUTLOOK - Shortcut.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0000000 ____D C:\Users\Dawn\Documents\OneNote Notebooks
    2011-12-14 14:52 - 2011-12-14 14:52 - 0180745 ____A C:\Users\Dawn\Desktop\EasyTech Work Order 2013458972 Ticket 12742220 Receipt.mht
    2011-12-14 14:48 - 2011-12-14 14:48 - 0002061 ____A C:\Users\Dawn\Desktop\EasyTech Solutions Toolkit Report Wednesday, December 14, 2011 2_47_59 PM.lnk
    2011-12-14 14:47 - 2011-12-14 14:47 - 0000000 ____D C:\Users\Dawn\Documents\STK
    2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\Start Menu\Programs\Startup\AutorunsDisabled
    2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    2011-12-14 10:39 - 2012-01-01 22:44 - 0000000 ____D C:\Program Files (x86)\smartmontools
    2011-12-14 10:35 - 2012-01-01 22:45 - 0000000 ____D C:\Users\All Users\support.com
    2011-12-14 10:35 - 2012-01-01 22:45 - 0000000 ____D C:\ProgramData\support.com
    2011-12-14 10:28 - 2012-01-02 10:23 - 0000000 ____D C:\Program Files (x86)\supportdotcom
    2011-12-14 10:28 - 2011-12-14 10:28 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\supportdotcom
     
  15. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    FRST log part 2

    2011-12-11 21:05 - 2011-12-11 21:05 - 0000000 ____D C:\Users\Dawn\AppData\Local\{BF574E78-DC61-48DE-A5F6-F2659A30E10A}
    2011-12-09 22:23 - 2011-11-15 14:29 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2011-12-08 11:38 - 2011-12-08 11:38 - 0000000 ____D C:\Users\Dawn\AppData\Local\McAfee Anti-Theft
    2011-12-08 11:21 - 2011-12-08 11:25 - 202496592 ____A (McAfee, Inc.) C:\Users\Dawn\Documents\2012_US_MTP_3U_1YEAR_PAID_312_OG_2242_User.exe
    2011-12-05 19:58 - 2011-12-05 19:58 - 0016084 ____A C:\Users\Dawn\Downloads\gameloader.dcr

    ============ 3 Months Modified Files and Folders =============

    2012-01-04 22:23 - 2012-01-04 22:22 - 0000000 ____D C:\FRST
    2012-01-04 22:21 - 2012-01-04 22:21 - 1378579 ____A C:\Users\Dawn\Desktop\FRST64.exe
    2012-01-04 22:19 - 2009-07-14 00:13 - 0784304 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-04 22:09 - 2012-01-04 22:09 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{a5d48fbf-3536-11e0-9aba-f04da24400aa}.TxR.blf
    2012-01-04 21:35 - 2011-12-02 18:30 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000UA.job
    2012-01-04 20:55 - 2009-07-14 00:10 - 1302008 ____A C:\Windows\WindowsUpdate.log
    2012-01-04 20:39 - 2009-07-13 23:45 - 0014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-04 20:39 - 2009-07-13 23:45 - 0014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-04 20:38 - 2012-01-04 20:38 - 0000000 ____D C:\Users\Dawn\Desktop\bootkit_remover
    2012-01-04 20:36 - 2012-01-04 20:36 - 0044607 ____A C:\Users\Dawn\Desktop\bootkit_remover.zip
    2012-01-04 20:30 - 2010-10-02 14:50 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-01-04 20:30 - 2010-10-02 14:50 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-01-04 20:30 - 2010-08-19 01:50 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-01-04 20:29 - 2011-02-25 10:24 - 0182583 ____A C:\Users\Dawn\Documents\WorkspaceUpdate.log
    2012-01-04 20:29 - 2010-10-29 14:48 - 0345438 ____A C:\Windows\offSyncService.log
    2012-01-04 20:29 - 2010-08-19 03:17 - 3061186560 __ASH C:\hiberfil.sys
    2012-01-04 20:29 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-04 20:29 - 2009-07-13 23:51 - 0076444 ____A C:\Windows\setupact.log
    2012-01-04 20:27 - 2011-09-08 12:25 - 5855232 ____A C:\Windows\ntbtlog.txt
    2012-01-04 20:22 - 2012-01-04 20:22 - 0019233 ____A C:\Windows\System32\hs_err_pid1636.log
    2012-01-04 18:39 - 2012-01-04 18:39 - 0000000 __SHD C:\$RECYCLE.BIN
    2012-01-04 18:03 - 2012-01-04 15:44 - 0000000 ____D C:\ComboFix
    2012-01-04 18:03 - 2012-01-01 20:59 - 0000000 ____D C:\Qoobox
    2012-01-04 18:02 - 2012-01-04 18:02 - 0055739 ____A C:\ComboFix.txt
    2012-01-04 17:40 - 2009-07-13 21:34 - 0000215 ____A C:\Windows\system.ini
    2012-01-04 17:39 - 2009-07-13 21:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-01-04 17:38 - 2010-08-19 03:17 - 1402352 ____A C:\Windows\PFRO.log
    2012-01-04 15:03 - 2011-02-25 10:24 - 1046874 ____A C:\Users\Dawn\Documents\WorkspaceInstall.log
    2012-01-04 13:13 - 2012-01-04 13:13 - 4369970 ____R (Swearware) C:\Users\Dawn\Desktop\ComboFix.exe
    2012-01-04 13:12 - 2012-01-04 13:12 - 0001946 ____A C:\Users\Dawn\Desktop\aswMBR.txt
    2012-01-04 13:12 - 2012-01-04 13:12 - 0000512 ____A C:\Users\Dawn\Desktop\MBR.dat
    2012-01-04 12:39 - 2012-01-04 12:39 - 4704768 ____A (AVAST Software) C:\Users\Dawn\Desktop\aswMBR.exe
    2012-01-04 00:56 - 2012-01-04 00:56 - 0607260 ____R (Swearware) C:\Users\Dawn\Downloads\dds.scr
    2012-01-04 00:45 - 2012-01-04 00:45 - 0294216 ____A C:\Users\Dawn\Desktop\gmer.zip
    2012-01-04 00:21 - 2010-10-02 14:44 - 0000000 ____D C:\users\Dawn
    2012-01-03 23:49 - 2012-01-03 23:49 - 0000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
    2012-01-02 21:26 - 2012-01-02 21:26 - 0000000 ____D C:\1 AICPA PCPS Flash Drive
    2012-01-02 16:56 - 2010-10-12 12:59 - 0000000 ____D C:\Users\Dawn\AppData\Local\ElevatedDiagnostics
    2012-01-02 14:06 - 2011-01-14 12:45 - 36114432 ___RA C:\Users\Dawn\Documents\Hill Family.QBW
    2012-01-02 14:06 - 2010-12-28 09:51 - 0327680 ___RA C:\Users\Dawn\Documents\Hill Family.QBW.TLG
    2012-01-02 14:06 - 2010-10-03 15:52 - 0000341 ____A C:\Users\Dawn\Documents\Hill Family.QBW.ND
    2012-01-02 14:01 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
    2012-01-02 13:22 - 2011-01-14 12:36 - 0000090 ____A C:\Windows\QBChanUtil_Trigger.ini
    2012-01-02 10:23 - 2011-12-14 10:28 - 0000000 ____D C:\Program Files (x86)\supportdotcom
    2012-01-01 23:41 - 2010-10-28 00:48 - 0000000 ____D C:\Keller
    2012-01-01 22:45 - 2011-12-14 10:35 - 0000000 ____D C:\Users\All Users\support.com
    2012-01-01 22:45 - 2011-12-14 10:35 - 0000000 ____D C:\ProgramData\support.com
    2012-01-01 22:44 - 2011-12-14 10:39 - 0000000 ____D C:\Program Files (x86)\smartmontools
    2012-01-01 22:29 - 2012-01-01 22:29 - 0000512 ____A C:\original.mbr
    2012-01-01 22:15 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Default
    2012-01-01 22:14 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
    2012-01-01 21:58 - 2012-01-01 21:01 - 0000000 ____D C:\Windows\ERDNT
    2012-01-01 20:43 - 2011-12-17 09:15 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    2012-01-01 20:43 - 2011-12-17 09:15 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
    2012-01-01 19:23 - 2011-12-31 23:48 - 0001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-01 19:23 - 2011-12-31 23:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-01-01 18:35 - 2011-12-02 18:30 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000Core.job
    2012-01-01 17:56 - 2009-07-14 00:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2011-12-31 23:49 - 2011-12-31 23:49 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\Malwarebytes
    2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
    2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\ProgramData\Malwarebytes
    2011-12-31 23:47 - 2010-10-02 14:44 - 0114784 ____A C:\Users\Dawn\AppData\Local\GDIPFONTCACHEV1.DAT
    2011-12-31 23:46 - 2009-07-13 23:45 - 0434744 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-31 23:44 - 2011-12-31 23:44 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Dawn\Downloads\mbam-clean.exe
    2011-12-31 22:22 - 2011-12-31 22:22 - 0002001 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    2011-12-31 22:22 - 2011-12-15 13:23 - 0002405 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    2011-12-31 22:22 - 2011-12-15 13:23 - 0002192 ____A C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    2011-12-31 22:22 - 2011-12-15 13:23 - 0002152 ____A C:\Users\Public\Desktop\QuickBooks Premier - Accountant Edition 2012.lnk
    2011-12-31 22:22 - 2011-12-15 13:23 - 0002126 ____A C:\Users\Public\Desktop\QuickBooks File Manager 2012.lnk
    2011-12-31 20:44 - 2011-12-31 20:44 - 0019182 ____A C:\Windows\System32\hs_err_pid1340.log
    2011-12-30 14:08 - 2011-07-02 10:03 - 0000000 ____D C:\Program Files (x86)\Plants vs Zombies
    2011-12-30 10:29 - 2011-12-27 16:50 - 0049664 ____A C:\Users\Dawn\Desktop\Becker Schedule 2012.xls
    2011-12-28 18:12 - 2010-10-02 15:12 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\SoftGrid Client
    2011-12-27 19:09 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
    2011-12-27 16:50 - 2010-12-27 15:47 - 0049664 ____A C:\Users\Dawn\Desktop\Becker Schedule 2011.xls
    2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{B55956D2-E02F-4674-AA15-143F0E05ADCE}
    2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{6FDDD61B-D685-4441-8C4E-CE1EBBACE07E}
    2011-12-22 15:01 - 2011-12-22 15:01 - 0019145 ____A C:\Windows\System32\hs_err_pid1396.log
    2011-12-22 11:44 - 2011-12-22 11:44 - 0296448 ____A C:\Users\Dawn\Downloads\Plan Designs- HRAs.doc
    2011-12-22 10:54 - 2011-12-15 13:19 - 0000000 ____D C:\Users\All Users\Intuit
    2011-12-22 10:54 - 2011-12-15 13:19 - 0000000 ____D C:\ProgramData\Intuit
    2011-12-22 09:52 - 2011-05-05 09:09 - 0000000 ____D C:\Users\Dawn\AppData\Local\CrashDumps
    2011-12-22 09:46 - 2010-10-27 09:33 - 0000000 ____D C:\Users\Dawn\AppData\Local\Windows Live
    2011-12-21 12:23 - 2010-11-16 09:18 - 0000000 ____D C:\Users\Dawn\Documents\My Scans
    2011-12-19 07:52 - 2011-12-19 07:52 - 0019356 ____A C:\Windows\System32\hs_err_pid1580.log
    2011-12-18 13:27 - 2011-12-18 13:27 - 0019188 ____A C:\Windows\System32\hs_err_pid1164.log
    2011-12-17 09:15 - 2011-05-25 09:35 - 0000000 ____D C:\Program Files\Dell Support Center
    2011-12-17 09:15 - 2010-08-19 01:26 - 0000000 ____D C:\Users\All Users\Dell
    2011-12-17 09:15 - 2010-08-19 01:26 - 0000000 ____D C:\ProgramData\Dell
    2011-12-16 16:18 - 2011-08-30 12:55 - 0000000 ____D C:\Users\Dawn\Desktop\Jaydon's Items
    2011-12-16 08:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
    2011-12-16 06:49 - 2011-12-16 06:49 - 0019187 ____A C:\Windows\System32\hs_err_pid4156.log
    2011-12-15 16:28 - 2010-11-05 19:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-15 16:28 - 2010-11-05 19:19 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-15 16:26 - 2010-10-12 13:26 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2011-12-15 14:24 - 2011-12-15 14:22 - 0004416 ____A C:\Windows\SysWOW64\jupdate-1.6.0_29-b11.log
    2011-12-15 14:24 - 2010-08-19 01:24 - 0000000 ____D C:\Program Files (x86)\Java
    2011-12-15 13:21 - 2011-12-15 13:19 - 0000000 ____D C:\Program Files (x86)\Intuit
    2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\Public\Documents\Intuit
    2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\All Users\Nuance
    2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\ProgramData\Nuance
    2011-12-15 13:03 - 2010-10-03 15:14 - 0000000 ____D C:\Program Files (x86)\Intuit (Old)
    2011-12-15 12:18 - 2011-09-01 12:05 - 0000000 ____D C:\Program Files (x86)\Workspace
    2011-12-15 10:36 - 2011-12-02 18:36 - 0002369 ____A C:\Users\Dawn\Desktop\Google Chrome.lnk
    2011-12-15 10:27 - 2011-12-15 10:19 - 0008918 ____A C:\Windows\IE9_main.log
    2011-12-15 10:27 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PolicyDefinitions
    2011-12-15 10:26 - 2011-12-15 10:26 - 0000000 ___HD C:\Windows\msdownld.tmp
    2011-12-15 10:25 - 2011-12-15 10:25 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-15 10:25 - 2011-12-15 10:25 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-12-15 10:25 - 2011-12-15 10:25 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2011-12-15 10:25 - 2011-12-15 10:25 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2011-12-15 10:25 - 2011-12-15 10:25 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2011-12-15 10:25 - 2011-12-15 10:25 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
    2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\System32\ieuinit.inf
    2011-12-15 10:25 - 2011-12-15 10:25 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2011-12-15 10:25 - 2011-12-15 10:25 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2011-12-15 10:25 - 2011-12-15 10:25 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2011-12-15 10:22 - 2011-12-15 10:22 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2011-12-15 10:22 - 2011-12-15 10:22 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2011-12-15 10:22 - 2011-12-15 10:22 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2011-12-15 02:15 - 2011-12-15 02:15 - 0000000 ____D C:\Windows\SysWOW64\N360_BACKUP
    2011-12-15 00:23 - 2011-12-14 21:19 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
    2011-12-15 00:22 - 2011-12-14 21:20 - 0002359 ____A C:\Users\Public\Desktop\Norton 360.lnk
    2011-12-14 22:03 - 2011-12-14 21:20 - 0000000 ____D C:\Program Files\Symantec
    2011-12-14 22:02 - 2011-12-14 21:20 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2011-12-14 22:02 - 2011-12-14 21:20 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2011-12-14 22:02 - 2011-12-14 21:20 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
    2011-12-14 21:20 - 2011-12-14 21:20 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
    2011-12-14 21:19 - 2011-12-14 21:19 - 0000000 ____D C:\Program Files (x86)\Norton 360
    2011-12-14 21:17 - 2011-12-14 21:17 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
    2011-12-14 21:12 - 2010-08-19 02:00 - 0000000 ____D C:\Users\All Users\McAfee
    2011-12-14 21:12 - 2010-08-19 02:00 - 0000000 ____D C:\ProgramData\McAfee
    2011-12-14 21:12 - 2010-08-19 02:00 - 0000000 ____D C:\Program Files (x86)\McAfee
    2011-12-14 19:47 - 2010-10-03 15:14 - 0000000 ____D C:\Users\All Users\Intuit (Old)
    2011-12-14 19:47 - 2010-10-03 15:14 - 0000000 ____D C:\ProgramData\Intuit (Old)
    2011-12-14 19:45 - 2011-12-14 19:45 - 0001633 ____A C:\Users\Dawn\Desktop\EXCEL - Shortcut.lnk
    2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\WINWORD - Shortcut.lnk
    2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\ONENOTE - Shortcut.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001664 ____A C:\Users\Dawn\Desktop\POWERPNT - Shortcut.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001653 ____A C:\Users\Dawn\Desktop\OUTLOOK - Shortcut.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    2011-12-14 19:43 - 2011-12-14 19:43 - 0000000 ____D C:\Users\Dawn\Documents\OneNote Notebooks
    2011-12-14 14:52 - 2011-12-14 14:52 - 0180745 ____A C:\Users\Dawn\Desktop\EasyTech Work Order 2013458972 Ticket 12742220 Receipt.mht
    2011-12-14 14:48 - 2011-12-14 14:48 - 0002061 ____A C:\Users\Dawn\Desktop\EasyTech Solutions Toolkit Report Wednesday, December 14, 2011 2_47_59 PM.lnk
    2011-12-14 14:47 - 2011-12-14 14:47 - 0000000 ____D C:\Users\Dawn\Documents\STK
    2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\Start Menu\Programs\Startup\AutorunsDisabled
    2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    2011-12-14 10:28 - 2011-12-14 10:28 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\supportdotcom
    2011-12-11 21:05 - 2011-12-11 21:05 - 0000000 ____D C:\Users\Dawn\AppData\Local\{BF574E78-DC61-48DE-A5F6-F2659A30E10A}
    2011-12-09 22:39 - 2009-07-13 21:34 - 0000545 ____A C:\Windows\win.ini
    2011-12-08 11:38 - 2011-12-08 11:38 - 0000000 ____D C:\Users\Dawn\AppData\Local\McAfee Anti-Theft
    2011-12-08 11:25 - 2011-12-08 11:21 - 202496592 ____A (McAfee, Inc.) C:\Users\Dawn\Documents\2012_US_MTP_3U_1YEAR_PAID_312_OG_2242_User.exe
    2011-12-08 11:13 - 2011-04-11 07:07 - 0000000 ____D C:\Users\All Users\Norton
    2011-12-08 11:13 - 2011-04-11 07:07 - 0000000 ____D C:\ProgramData\Norton
    2011-12-08 02:25 - 2011-09-15 07:22 - 0000854 ____A C:\Users\Dawn\Desktop\TestGen Tests.lnk
    2011-12-05 20:24 - 2011-11-21 19:01 - 0020411 ____A C:\Users\Dawn\Documents\Jaydon Short Story.docx
    2011-12-05 19:58 - 2011-12-05 19:58 - 0016084 ____A C:\Users\Dawn\Downloads\gameloader.dcr
    2011-12-04 22:13 - 2011-12-04 22:13 - 0016287 ____A C:\Users\Dawn\Documents\Student Leaders.docx
    2011-12-04 22:07 - 2011-12-04 22:07 - 0400098 ____A C:\Users\Dawn\Desktop\activities.pdf
    2011-12-02 19:17 - 2011-12-02 19:17 - 0606552 ____A (Google Inc.) C:\Users\Dawn\Downloads\GoogleEarthPluginSetup.exe
    2011-12-02 18:36 - 2011-12-02 18:30 - 0000000 ____D C:\Users\Dawn\AppData\Local\Google
    2011-12-02 18:30 - 2011-01-21 09:39 - 0000000 ____D C:\Users\Dawn\AppData\Local\Deployment
    2011-12-01 12:10 - 2011-12-01 12:10 - 0000000 ___SD C:\Users\Dawn\Documents\My Data Sources
    2011-12-01 11:35 - 2010-10-29 14:49 - 0001096 ____A C:\Users\Dawn\Desktop\desktoptools.lnk
    2011-11-29 12:25 - 2011-11-29 12:21 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\iYogi
    2011-11-29 12:25 - 2011-11-29 12:20 - 0000000 ____D C:\Program Files (x86)\iYogi Support Dock
    2011-11-29 12:21 - 2011-11-29 12:21 - 0000000 ____D C:\Users\Dawn\Desktop\SPC_Report
    2011-11-28 11:40 - 2010-11-17 11:41 - 0327680 ___RA C:\DB Hill, CPA, LLC.QBW.TLG
    2011-11-28 11:40 - 2010-10-21 11:12 - 13160448 ___RA C:\DB Hill, CPA, LLC.QBW
    2011-11-28 11:40 - 2010-10-21 11:12 - 0000326 ____A C:\DB Hill, CPA, LLC.QBW.nd
    2011-11-24 10:57 - 2010-08-19 01:37 - 0000000 ____D C:\Users\All Users\PCDr
    2011-11-24 10:57 - 2010-08-19 01:37 - 0000000 ____D C:\ProgramData\PCDr
    2011-11-24 10:55 - 2011-11-24 10:55 - 0000000 ____D C:\NVIDIA
    2011-11-24 00:00 - 2011-12-15 14:26 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-18 12:14 - 2011-11-18 12:14 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
    2011-11-18 12:14 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\Downloaded Program Files
    2011-11-16 21:04 - 2011-11-16 21:04 - 0001218 ____A C:\Users\Dawn\Desktop\Clifford Reading.lnk
    2011-11-16 21:04 - 2011-11-16 21:04 - 0000097 ____A C:\Windows\CR.ini
    2011-11-16 21:04 - 2011-11-16 15:22 - 0069632 ____A C:\Windows\SysWOW64\Clifford Uninstall.exe
    2011-11-16 21:04 - 2011-11-16 15:22 - 0000000 ____D C:\Program Files\Scholastic's Clifford
    2011-11-16 15:23 - 2011-11-16 15:23 - 0001240 ____A C:\Users\Dawn\Desktop\Clifford Thinking Adventures.lnk
    2011-11-16 15:23 - 2011-11-16 15:22 - 0000091 ____A C:\Windows\CBP.INI
    2011-11-15 14:29 - 2011-12-09 22:23 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2011-11-10 03:21 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-05 00:17 - 2011-12-15 14:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-04 23:30 - 2011-12-15 14:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2011-11-01 17:41 - 2011-11-01 17:41 - 0199348 ____A C:\Windows\SysWOW64\mlfcache.dat
    2011-10-26 00:19 - 2011-12-15 14:26 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-18 14:23 - 2011-09-17 11:05 - 0013286 ____A C:\Users\Dawn\Desktop\Menu.docx
    2011-10-15 01:25 - 2011-12-15 14:26 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-15 00:48 - 2011-12-15 14:26 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2011-10-13 12:15 - 2010-08-19 01:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2011-10-12 15:44 - 2011-10-12 15:44 - 0000000 ____D C:\Users\Dawn\AppData\Local\{E928A2DF-7A16-46A8-B266-11E3386E1397}
    2011-10-12 15:44 - 2011-10-12 15:44 - 0000000 ____D C:\Users\Dawn\AppData\Local\{B844F1B2-DCDC-444A-B712-9DCFEB78DD2A}
    2011-10-12 06:24 - 2010-10-02 14:50 - 0000000 ____D C:\Users\Dawn\AppData\Local\SoftThinks
    2011-10-10 11:10 - 2011-10-10 11:10 - 0000000 ____D C:\Users\Dawn\AppData\Local\{147D7180-B519-4F65-8864-F67B668E8FF3}
    2011-10-10 02:04 - 2010-10-02 15:11 - 0778520 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 42%
    Total physical RAM: 3892.5 MB
    Available physical RAM: 2249.98 MB
    Total Pagefile: 7783.15 MB
    Available Pagefile: 6046.35 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB

    ======================= Partitions =========================

    1 Drive c: (DB Hill CPA) (Fixed) (Total:451.01 GB) (Free:375.53 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 100 MB 1024 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 451 GB 14 GB
    Partition 4 Primary 1016 KB 465 GB

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 RECOVERY NTFS Partition 14 GB Healthy System

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C DB Hill CPA NTFS Partition 451 GB Healthy Boot

    Disk: 0
    Partition 4
    Type : 17
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ==========================================================

    Last Boot: 2011-12-31 14:38

    ======================= End Of Log ==========================
     
  16. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    You're infected with the newest version of TDL rootkit.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ===========================================================================================

    Download gparted-live-0.10.0-3.iso (115.1 MB)

    Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    Boot off of the newly created Gparted CD.

    You should be here:
    [​IMG]
    Press Enter.

    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
    [​IMG]

    Choose your language and press ENTER. English is default [33]:
    [​IMG]

    Once again, at this prompt, press ENTER:
    [​IMG]

    You will now be taken to the main GUI screen below:
    [​IMG]
    According to your logs, the partition that you want to delete is the small partition of 1016 KB.
    Click on it to highlight it.
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    [​IMG]

    Now you should be here:
    [​IMG]

    Is "boot" next to your OS drive?
    [​IMG]

    If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

    In the menu that pops up, place a checkmark in boot like the picture below:
    [​IMG]

    Now double-click the [​IMG] button.

    You should receive a small pop up like this:
    [​IMG]

    Choose reboot and then press OK.

    Post new Bootkit Remover log.
     
  17. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    don't see that exact file - version 2, not 3

    I see gparted-live-0.10.0-2.iso which is next to "Looking for the latest version?"

    Is that the file I should download?

    Thanks!
     
  18. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Yes................
     
  19. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    Stuck after deleting partition

    I deleted the smallest partition that was the 1016 KB. When it rebooted, it goes through the Dell screen, then I get a black screen that says

    BOOTMGR is missing
    Press Ctrl + Alt + Del to restart

    This just keeps looping

    I did change my OS to boot like in the instructions also.

    Thanks!
     
  20. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    More information on partitions left

    This is what I see now in the Gparted after I deleted the small partition.

    Partition : /dev/sda1
    File System: fat16
    Label: DellUtility
    Size: 100.00 MiB
    Used: 9.21 MiB
    Unused: 90.79 MiB
    Flags: diag

    Partition : /dev/sda2
    File System: ntfs
    Label: Recovery
    Size: 14.65 GiB
    Used: 11.66 GiB
    Unused: 2.99 GiB
    Flags:

    Partition : /dev/sda3 (yellow triangle with exclamation point here)
    File System: ntfs
    Label: DBHillCPA
    Size: 451.01 GiB
    Used: ------
    Unused: ---------
    Flags: boot

    Partition: unallocated
    File System: unallocated
    (this is the one I deleted)

    Looks strange - did I pick the wrong partition to boot from?

    I still get the message from before: "BOOTMGR is missing"

    Thanks again!
     
  21. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixboot (<--- there is a "space" after "bootrec")

    exit

    Restart computer.
     
  22. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    trouble following exactly

    okay, I don't have a windows disk, and I cannot get to the system recovery menu from where I am. F8 does not work at all...I have tried so many times that I have probably broken the key.

    But, if I go in and change the boot to the recovery label partition in gparted, then I can get to the system recovery menu (aha! by pressing F8!)...the only thing is that once I get to the command prompt, the path is X:\windows\system32> instead of what you have listed above.

    I don't know if I am where I need to be or not, but I cannot get to that menu any other way...I can go back to where I was if I just went in the wrong direction...

    thanks again for your help!!
     
  23. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Try the command from X:\windows\system32> prompt
     
  24. laladawn

    laladawn TS Rookie Topic Starter Posts: 22

    after the command, it says it was completed successfully (after only a few seconds), but when it reboots, it will not load windows and it goes into this startup repair which runs, but then says it cannot repair the startup after running for about an hour...
     
  25. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Try Startup Repair.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.