Solved Need help with Google redirect virus

Status
Not open for further replies.
M

mmcleod

Posts: 11   +0
I need help with the removal of the Google Redirect virus or possibly just confirmation it's removed. I've tried many of the items I've found on the web and the redirect seems to be fixed but I don't trust the results since it didn't seem to stop right after my last action. I just ran the 7 steps suggested here and it didn't appear to find any problems but I'll attach the logs.

Malwarebytes - from full scan
*****************************************************************************************************
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6603

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/18/2011 12:47:19 AM
mbam-log-2011-05-18 (00-47-19).txt

Scan type: Full scan (C:\|D:\|E:\|L:\|)
Objects scanned: 439766
Time elapsed: 1 hour(s), 11 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
*************************************************************************************************
GMERmessage : GMER hasn't found any system modifications
The note log is empty

************************************************************************************************

DDS file
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Mark at 19:06:53.14 on Wed 05/18/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4092 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 Premier Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\ProgramData\Norton\NUA.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Mark\Downloads\zgr0v7on.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\dagru97e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-5-18 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-5-18 221232]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-5-18 1127032]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-5-18 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110514.001\IDSviA64.sys [2011-5-17 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-5-18 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-5-18 451120]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [2011-5-18 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-17 136824]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-18 1255736]
.
=============== Created Last 30 ================
.
2011-05-18 21:22:00 -------- d-----w- C:\Windows\SysWow64\Wat
2011-05-18 21:21:59 -------- d-----w- C:\Windows\System32\Wat
2011-05-18 11:54:02 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2011-05-18 11:54:02 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2011-05-18 11:52:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-05-18 11:46:21 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys
2011-05-18 11:46:21 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys
2011-05-18 11:46:20 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys
2011-05-18 11:46:20 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys
2011-05-18 11:46:20 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys
2011-05-18 11:46:20 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys
2011-05-18 11:46:20 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys
2011-05-18 11:45:59 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005
2011-05-18 11:43:10 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-05-18 11:43:10 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-05-18 11:43:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-05-18 11:43:00 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-05-18 11:36:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-18 04:52:26 98816 ----a-w- C:\Windows\sed.exe
2011-05-18 04:52:26 89088 ----a-w- C:\Windows\MBR.exe
2011-05-18 04:52:26 256512 ----a-w- C:\Windows\PEV.exe
2011-05-18 04:52:26 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-18 04:40:16 -------- d-----w- C:\Windows\Panther
2011-05-18 04:32:37 -------- d-----w- C:\$WINDOWS.~Q
2011-05-18 04:30:04 -------- d-----w- C:\$INPLACE.~TR
2011-05-18 03:31:53 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
2011-05-18 03:31:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-18 03:31:47 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-18 03:31:44 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-18 03:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-18 03:18:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-05-18 03:15:52 20040 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-05-18 03:15:51 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-05-18 03:14:41 -------- d-----w- C:\PROGRA~3\Hitman Pro
2011-05-18 02:13:16 -------- d-----w- C:\Program Files\Common Files\Canon
2011-05-18 01:54:04 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2011-05-18 01:52:53 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-18 01:36:29 -------- d-----w- C:\Recovery
2011-05-17 23:52:46 -------- d-----w- C:\i386
2011-05-17 23:50:21 -------- d-----w- C:\blocks
2011-05-17 23:49:29 -------- d-----w- C:\$HPW7UA$
2011-05-17 23:46:00 -------- d-----w- C:\Windows\SysWow64\AGEIA
2011-05-17 23:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-05-17 23:45:13 410656 ----a-w- C:\Windows\System32\nvcpl.cpl
2011-05-17 23:45:13 2112544 ----a-w- C:\Windows\System32\nvcplui.exe
2011-05-17 23:45:13 1097248 ----a-w- C:\Windows\System32\nvcpluir.dll
2011-05-17 23:42:43 501280 ----a-w- C:\Windows\System32\NVUNINST.EXE
2011-05-17 22:58:27 131584 ------w- C:\Windows\System32\PDMSetup.exe
2011-05-17 22:58:27 125440 ------w- C:\Windows\System32\SetDepNx.exe
2011-05-17 22:58:25 109568 ------w- C:\Windows\SysWow64\PDMSetup.exe
2011-05-17 22:58:25 103936 ------w- C:\Windows\SysWow64\SetDepNx.exe
2011-05-17 22:14:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-05-17 19:23:56 -------- d-----w- C:\Users\Mark\AppData\Local\CrashDumps
2011-05-17 19:12:32 -------- d-----w- C:\Users\Mark\AppData\Local\Microsoft Games
2011-05-17 18:32:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-05-17 18:26:44 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-17 18:26:44 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-05-17 18:26:44 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-05-17 18:26:44 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Symantec
2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-05-17 18:25:43 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-05-17 18:25:34 -------- d-----w- C:\Program Files (x86)\Norton 360 Premier Edition
2011-05-17 18:22:12 -------- d-----w- C:\PROGRA~3\PCSettings
2011-05-17 17:41:35 -------- d-----w- C:\Users\Mark\AppData\Local\Hewlett-Packard
2011-05-17 17:40:46 -------- d-----w- C:\Users\Mark\AppData\Local\VirtualStore
2011-05-17 17:37:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\HP TCS
.
==================== Find3M ====================
.
2011-05-18 01:52:53 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
.
============= FINISH: 19:07:15.88 ===============


**************************************************************************************************
Attach file
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2011 9:36:30 PM
System Uptime: 5/18/2011 5:22:56 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 531.904 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.92 GiB free.
E: is FIXED (NTFS) - 112 GiB total, 12.716 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: AVSTREAM\CIR\5&2525B28F&0&0
Manufacturer:
Name:
PNP Device ID: AVSTREAM\CIR\5&2525B28F&0&0
Service:
.
==== System Restore Points ===================
.
RP1: 5/17/2011 9:52:08 PM - Windows Modules Installer
RP2: 5/17/2011 10:44:05 PM - Installed Microsoft Fix it 50267
RP3: 5/18/2011 7:52:30 AM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Default Manager
DirectX for Managed Code Update (Summer 2004)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360 Premier Edition
NVIDIA PhysX v8.09.04
Power2Go
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
Realtek High Definition Audio Driver
.
==== Event Viewer Messages From Past Week ========
.
5/18/2011 7:06:55 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/18/2011 5:21:43 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
5/18/2011 12:57:23 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/17/2011 9:06:23 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.116. The computer with the IP address 192.168.1.120 did not allow the name to be claimed by this computer.
5/17/2011 8:54:06 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
5/17/2011 8:12:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/17/2011 8:12:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2011 8:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/17/2011 8:01:54 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
5/17/2011 7:41:42 PM, Error: Service Control Manager [7000] - The SetupNTGLM7X service failed to start due to the following error: This driver has been blocked from loading
5/17/2011 7:41:42 PM, Error: Application Popup [1060] - \??\F:\NTGLM7X.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2011 7:41:16 PM, Error: Service Control Manager [7000] - The GMSIPCI service failed to start due to the following error: This driver has been blocked from loading
5/17/2011 7:41:16 PM, Error: Application Popup [1060] - \??\F:\INSTALL\GMSIPCI.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2011 7:39:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/17/2011 6:14:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 for x64-based Systems (KB2418240).
5/17/2011 5:11:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/17/2011 5:11:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/17/2011 2:26:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
5/17/2011 11:16:06 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
5/17/2011 1:37:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Broni. Here are the files Bootkit remover has an error



Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
main(): CreateFile() ERROR 5
ERROR: Can't open volume device \\.\C:

Done;
Press any key to quit...

*************************************************************************************


ComboFix 11-05-17.03 - Mark 05/18/2011 21:04:23.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4193 [GMT -4:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 Premier Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 Premier Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 01:08 . 2011-05-19 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 00:51 . 2011-05-19 00:51 -------- d-----w- c:\program files\7-Zip
2011-05-18 21:22 . 2011-05-18 21:22 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-18 21:21 . 2011-05-18 21:22 -------- d-----w- c:\windows\system32\Wat
2011-05-18 11:54 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-18 11:54 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-05-18 11:52 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-05-18 11:43 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-05-18 11:43 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-18 11:43 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-05-18 11:43 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-05-18 11:35 . 2011-05-18 11:36 -------- d-----w- c:\users\Jill
2011-05-18 04:40 . 2011-05-18 01:36 -------- d-----w- c:\windows\Panther
2011-05-18 04:32 . 2011-05-18 00:58 -------- d-----w- C:\$WINDOWS.~Q
2011-05-18 04:30 . 2011-05-18 04:31 -------- d-----w- C:\$INPLACE.~TR
2011-05-18 03:31 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-18 03:31 . 2011-05-18 03:31 -------- d-----w- c:\programdata\Malwarebytes
2011-05-18 03:31 . 2011-05-18 03:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-18 03:31 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-18 03:18 . 2011-05-18 03:18 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-18 03:15 . 2011-05-18 03:23 20040 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-18 03:15 . 2011-05-18 03:15 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-18 03:14 . 2011-05-18 03:18 -------- d-----w- c:\programdata\Hitman Pro
2011-05-18 02:13 . 2011-05-18 02:13 -------- d-----w- c:\program files\Common Files\Canon
2011-05-18 01:52 . 2011-05-18 01:52 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-05-18 01:36 . 2011-05-18 01:36 -------- d-----w- C:\Recovery
2011-05-18 00:44 . 2011-05-18 01:36 -------- d-----w- c:\users\Mark
2011-05-18 00:44 . 2011-05-18 00:44 -------- d-----w- c:\program files\LSI SoftModem
2011-05-18 00:44 . 2011-05-18 00:44 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-05-18 00:44 . 2011-05-18 00:44 -------- d-----w- c:\program files\Realtek
2011-05-18 00:01 . 2011-05-18 00:50 -------- d-----w- c:\programdata\NVIDIA
2011-05-17 23:52 . 2011-05-17 23:52 -------- d-----w- C:\i386
2011-05-17 23:50 . 2011-05-17 23:50 -------- d-----w- C:\blocks
2011-05-17 23:49 . 2011-05-17 23:50 -------- d-----w- C:\$HPW7UA$
2011-05-17 23:46 . 2011-05-18 00:51 -------- d-----w- c:\windows\SysWow64\AGEIA
2011-05-17 23:46 . 2011-05-18 00:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-05-17 23:45 . 2011-05-18 00:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-05-17 23:45 . 2008-10-07 05:33 410656 ----a-w- c:\windows\system32\nvcpl.cpl
2011-05-17 23:45 . 2008-10-07 05:33 2112544 ----a-w- c:\windows\system32\nvcplui.exe
2011-05-17 23:45 . 2008-10-07 05:33 1097248 ----a-w- c:\windows\system32\nvcpluir.dll
2011-05-17 23:42 . 2008-10-02 14:08 501280 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-05-17 22:58 . 2009-03-08 11:40 131584 ------w- c:\windows\system32\PDMSetup.exe
2011-05-17 22:58 . 2009-03-08 11:40 125440 ------w- c:\windows\system32\SetDepNx.exe
2011-05-17 22:58 . 2009-03-08 11:33 109568 ------w- c:\windows\SysWow64\PDMSetup.exe
2011-05-17 22:58 . 2009-03-08 11:33 103936 ------w- c:\windows\SysWow64\SetDepNx.exe
2011-05-17 22:14 . 2011-05-17 22:14 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-05-17 18:32 . 2011-05-18 00:47 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-05-17 18:26 . 2011-05-18 00:51 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-17 18:26 . 2011-05-17 18:26 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-05-17 18:26 . 2009-05-18 22:17 34152 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-17 18:26 . 2008-04-17 21:12 126312 ----a-r- c:\windows\system32\GEARAspi64.dll
2011-05-17 18:26 . 2008-04-17 21:12 107368 ----a-r- c:\windows\SysWow64\GEARAspi.dll
2011-05-17 18:26 . 2011-05-18 00:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-17 18:26 . 2011-05-17 18:26 -------- d-----w- c:\program files\Symantec
2011-05-17 18:25 . 2011-05-18 21:22 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-05-17 18:25 . 2011-05-18 00:49 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
2011-05-17 18:22 . 2011-05-17 18:22 -------- d-----w- c:\programdata\PCSettings
2011-05-17 17:37 . 2011-05-18 00:49 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-05-17 17:35 . 2011-05-18 00:49 -------- d-----w- c:\program files (x86)\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_04.57.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-05-18 21:26 15230 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:30 . 2011-05-18 21:21 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-05-18 01:05 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-01-26 06:43 . 2011-01-26 06:43 26496 c:\windows\system32\DriverStore\FileRepository\atmirw76.inf_amd64_neutral_c84ac35adfdae911\aticir.sys
+ 2008-12-04 20:51 . 2008-12-04 20:51 24576 c:\windows\system32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_8a31ae59260f89a5\NcRemotePci.SYS
+ 2011-01-26 06:43 . 2011-01-26 06:43 26496 c:\windows\system32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_8a31ae59260f89a5\aticir.sys
+ 2008-12-04 20:51 . 2008-12-04 20:51 24576 c:\windows\system32\drivers\NcRemotePci.SYS
+ 2011-05-18 11:46 . 2010-04-22 02:29 32304 c:\windows\system32\drivers\N360x64\0403000.005\srtspx64.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 16000 c:\windows\system32\drivers\BdaSup.sys
+ 2011-01-26 06:43 . 2011-01-26 06:43 26496 c:\windows\system32\drivers\aticir.sys
- 2011-05-18 00:44 . 2011-05-18 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-18 00:44 . 2011-05-18 11:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-18 00:44 . 2011-05-18 03:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-18 00:44 . 2011-05-18 11:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-18 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-18 11:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-05-18 21:57 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-05-18 03:55 85688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-05-19 00:41 . 2011-05-19 00:41 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-05-18 11:37 . 2011-05-18 21:26 4266 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-05-18 03:23 . 2011-05-18 21:26 1734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2964803090-290193872-658021651-1000_UserData.bin
+ 2011-05-18 21:23 . 2011-05-18 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-18 03:21 . 2011-05-18 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-18 21:23 . 2011-05-18 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-18 03:21 . 2011-05-18 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-18 21:22 . 2011-05-18 11:53 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2011-05-18 21:22 . 2011-05-18 11:53 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2011-05-18 21:22 . 2011-05-18 11:53 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2011-05-18 21:22 . 2011-05-18 11:53 249656 c:\windows\system32\Wat\WatUX.exe
+ 2011-05-18 21:22 . 2011-05-18 11:53 138664 c:\windows\system32\Wat\npWatWeb.dll
- 2009-07-27 05:19 . 2011-05-18 03:26 662402 c:\windows\system32\prfh0416.dat
+ 2009-07-27 05:19 . 2011-05-19 00:33 662402 c:\windows\system32\prfh0416.dat
- 2009-07-27 05:19 . 2011-05-18 03:26 124850 c:\windows\system32\prfc0416.dat
+ 2009-07-27 05:19 . 2011-05-19 00:33 124850 c:\windows\system32\prfc0416.dat
+ 2009-07-27 05:09 . 2011-05-19 00:33 692886 c:\windows\system32\perfh00C.dat
- 2009-07-27 05:09 . 2011-05-18 03:26 692886 c:\windows\system32\perfh00C.dat
- 2009-07-27 04:58 . 2011-05-18 03:26 691932 c:\windows\system32\perfh00A.dat
+ 2009-07-27 04:58 . 2011-05-19 00:33 691932 c:\windows\system32\perfh00A.dat
+ 2009-07-14 02:36 . 2011-05-19 00:33 615122 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-18 03:26 615122 c:\windows\system32\perfh009.dat
- 2009-07-27 05:09 . 2011-05-18 03:26 126998 c:\windows\system32\perfc00C.dat
+ 2009-07-27 05:09 . 2011-05-19 00:33 126998 c:\windows\system32\perfc00C.dat
+ 2009-07-27 04:58 . 2011-05-19 00:33 133632 c:\windows\system32\perfc00A.dat
- 2009-07-27 04:58 . 2011-05-18 03:26 133632 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2011-05-19 00:33 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-18 03:26 103496 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-05-18 21:21 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-05-18 01:05 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-05-18 04:39 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-05-18 21:21 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-18 11:52 . 2010-03-04 04:40 184832 c:\windows\system32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_23bfbf6f668380d6\usbvideo.sys
- 2009-07-14 05:31 . 2009-07-14 07:43 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-05-18 21:21 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2011-05-18 11:46 . 2010-05-06 04:01 451120 c:\windows\system32\drivers\N360x64\0403000.005\symtdiv.sys
+ 2011-05-18 11:46 . 2010-04-22 03:02 221232 c:\windows\system32\drivers\N360x64\0403000.005\symefa64.sys
+ 2011-05-18 11:46 . 2009-10-15 03:50 433200 c:\windows\system32\drivers\N360x64\0403000.005\symds64.sys
+ 2011-05-18 11:46 . 2010-04-22 02:29 505392 c:\windows\system32\drivers\N360x64\0403000.005\srtsp64.sys
+ 2011-05-18 11:46 . 2010-04-29 05:03 150064 c:\windows\system32\drivers\N360x64\0403000.005\ironx64.sys
+ 2011-05-18 11:46 . 2010-02-26 00:22 615040 c:\windows\system32\drivers\N360x64\0403000.005\cchpx64.sys
- 2009-04-22 11:21 . 2011-05-18 03:19 571792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-04-22 11:21 . 2011-05-18 11:54 571792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-05-18 11:54 290352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 11:54 . 2011-05-18 11:54 743444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964803090-290193872-658021651-1003-4096.dat
+ 2011-05-18 03:19 . 2011-05-18 11:54 291120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964803090-290193872-658021651-1000-8192.dat
+ 2011-05-18 21:21 . 2011-05-18 11:53 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
+ 2009-07-14 02:34 . 2011-05-18 21:34 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-05-18 03:32 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-26 06:42 . 2011-01-26 06:42 1559936 c:\windows\system32\DriverStore\FileRepository\aticaw76.inf_amd64_neutral_8a31ae59260f89a5\atinavrr.sys
+ 2011-01-26 06:42 . 2011-01-26 06:42 1559936 c:\windows\system32\drivers\atinavrr.sys
- 2009-07-14 04:45 . 2011-05-18 03:25 3798208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-05-18 21:26 3798208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-18 05:15 . 2011-05-18 11:54 1844564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2964803090-290193872-658021651-1000-4096.dat
+ 2011-05-19 00:50 . 2011-05-19 00:50 1376768 c:\windows\Installer\b556b6.msi
+ 2011-05-19 00:40 . 2011-05-19 00:40 20314624 c:\windows\Installer\b556b2.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2011-04-05 2692024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-04-30 1127032]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110514.001\IDSvia64.sys [2011-04-26 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-17 136824]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\dagru97e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2984"="{28C880C4-09B9-463F-B953-672CDC974298}"
"ccSvcHst_N360"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"IPS_COMMAND_CHANNEL"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ncw_performance_IPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_ProcessDetection_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccGenericEvent_Global_EM"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccGenericEvent_Global_LM"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_AvProdSvcComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"SNDServiceRequestChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"SNDLocationChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccSettingsService"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"g_coVistaProxyChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_isDataPrComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ipcChannel_ShastaServer"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_HSPlayerCommand_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"SymRedirSvcRequestChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"FWAlert"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"NortonNetServiceIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"NetMapServiceIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"BashIPCChannel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccGenericLog_Manager"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"isError_Service_IPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"Tuneup_Context_Switch_Channel"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_buSvcComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_buVssComm_"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"_ReputationSvcComm_ReputationPublisher"="{8812F7FE-1A2C-4E20-B460-9B63473503C6}"
"ccSvcHst_UserSession_2680"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"AvProdSession_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"AvProdSession_Options_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"AvProdSession_Scanless_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"_buUIComm_"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"clt::AlertChannel2_01"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"AccountServices_1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"FormHandler_1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"TRUSTCHANNEL"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"SDKCHANNEL1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
"ToasterNotify\\SessionID_1"="{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{28C880C4-09B9-463F-B953-672CDC974298}"=""
"{4082F4D0-2734-4944-A44C-467A2D7D92A8}"=""
"{8E498CE5-FA81-4B42-A30B-6D2629FC9953}"=""
"{AA13BCA9-326E-4D17-B78F-BA6F85B5AA8B}"=""
"{7F6CF72B-676B-440E-AFFD-9ADD85E6DEE7}"=""
"{21821FDF-E8BF-487B-A8E6-5459ACDB23A5}"=""
"{0D0D3305-57DC-42B1-8B7E-E8E68C76FA82}"=""
"{B6E40AED-AD33-41B4-B530-AC3E6B6DD14D}"=""
"{33F36640-23DA-454F-98C8-CE1C963913BA}"=""
"{699F700F-2AE5-404E-ADFA-54DB5F2F05E7}"=""
"{8B1687A9-567F-4C21-A2B7-B61A6D93A4A4}"=""
"{B8A432E8-5F76-47F6-83FD-2DB60CE16DE9}"=""
"{8812F7FE-1A2C-4E20-B460-9B63473503C6}"=""
"{3780C5D9-8D73-4BDB-BE30-ECA63614939A}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-18 21:10:24
ComboFix-quarantined-files.txt 2011-05-19 01:10
ComboFix2.txt 2011-05-18 04:59
.
Pre-Run: 568,240,635,904 bytes free
Post-Run: 568,199,106,560 bytes free
.
- - End Of File - - 1E579AF5F61B5212404FED00B095866D
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Broni, I've run the TDSSKiller with no issues found. The file is pasted below. I hope I'm not wasting your time since these things don't look like they're finding a problem and I'm not currently experiencing the redirect problem. Besides redirect I was also getting lots spam sent out to my contacts and I'm sure a few other things.

At one point in the last few days I ran a program to modify my "Hosts" fine in Windows\system32\drivers\ect. It renamed the file to "OLD File" under file type. Here is that file:
**********************************************************************
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost


*******************************************************************************************
TDSSKiller

2011/05/18 22:07:07.0908 2556 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 22:07:08.0365 2556 ================================================================================
2011/05/18 22:07:08.0365 2556 SystemInfo:
2011/05/18 22:07:08.0365 2556
2011/05/18 22:07:08.0366 2556 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/18 22:07:08.0366 2556 Product type: Workstation
2011/05/18 22:07:08.0366 2556 ComputerName: MARK-PC
2011/05/18 22:07:08.0366 2556 UserName: Mark
2011/05/18 22:07:08.0366 2556 Windows directory: C:\Windows
2011/05/18 22:07:08.0366 2556 System windows directory: C:\Windows
2011/05/18 22:07:08.0366 2556 Running under WOW64
2011/05/18 22:07:08.0366 2556 Processor architecture: Intel x64
2011/05/18 22:07:08.0366 2556 Number of processors: 2
2011/05/18 22:07:08.0366 2556 Page size: 0x1000
2011/05/18 22:07:08.0366 2556 Boot type: Normal boot
2011/05/18 22:07:08.0366 2556 ================================================================================
2011/05/18 22:07:08.0812 2556 Initialize success
2011/05/18 22:07:13.0234 4920 ================================================================================
2011/05/18 22:07:13.0234 4920 Scan started
2011/05/18 22:07:13.0234 4920 Mode: Manual;
2011/05/18 22:07:13.0234 4920 ================================================================================
2011/05/18 22:07:13.0798 4920 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/18 22:07:13.0862 4920 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/18 22:07:13.0928 4920 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/18 22:07:14.0074 4920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/18 22:07:14.0115 4920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/18 22:07:14.0157 4920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/18 22:07:14.0215 4920 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/18 22:07:14.0305 4920 AgereSoftModem (1cd4b03012d62962274e1c9eb8670a10) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/05/18 22:07:14.0385 4920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/18 22:07:14.0421 4920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/18 22:07:14.0440 4920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/18 22:07:14.0460 4920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/18 22:07:14.0480 4920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/18 22:07:14.0523 4920 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/18 22:07:14.0559 4920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/18 22:07:14.0601 4920 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/18 22:07:14.0618 4920 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/18 22:07:14.0651 4920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/18 22:07:14.0683 4920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/18 22:07:14.0717 4920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/18 22:07:14.0734 4920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/18 22:07:14.0792 4920 ATIAVPCI (c7e9e60fa4fd57c5d75de6ef5af72853) C:\Windows\system32\DRIVERS\atinavrr.sys
2011/05/18 22:07:14.0857 4920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/18 22:07:14.0901 4920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/18 22:07:14.0958 4920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/18 22:07:15.0160 4920 BHDrvx64 (3b9b31981894123f78c4ef0d97184319) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys
2011/05/18 22:07:15.0227 4920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/18 22:07:15.0286 4920 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/18 22:07:15.0313 4920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/18 22:07:15.0329 4920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/18 22:07:15.0360 4920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/18 22:07:15.0400 4920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/18 22:07:15.0414 4920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/18 22:07:15.0431 4920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/18 22:07:15.0450 4920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/18 22:07:15.0560 4920 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
2011/05/18 22:07:15.0620 4920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/18 22:07:15.0659 4920 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/18 22:07:15.0714 4920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/18 22:07:15.0751 4920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/18 22:07:15.0781 4920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/18 22:07:15.0799 4920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/18 22:07:15.0837 4920 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/18 22:07:15.0869 4920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/18 22:07:15.0906 4920 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/18 22:07:15.0927 4920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/18 22:07:15.0976 4920 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/18 22:07:16.0023 4920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/18 22:07:16.0037 4920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/18 22:07:16.0107 4920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/18 22:07:16.0178 4920 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/18 22:07:16.0261 4920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/18 22:07:16.0395 4920 eeCtrl (eb0883462ac43829e47929d705d40933) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/05/18 22:07:16.0444 4920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/18 22:07:16.0520 4920 EraserUtilRebootDrv (86fc0d272f6bb43e7214d4ba955a41e7) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/18 22:07:16.0568 4920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/18 22:07:16.0629 4920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/18 22:07:16.0657 4920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/18 22:07:16.0717 4920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/18 22:07:16.0747 4920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/18 22:07:16.0764 4920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/18 22:07:16.0780 4920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/18 22:07:16.0807 4920 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/18 22:07:16.0850 4920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/18 22:07:16.0875 4920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/18 22:07:16.0914 4920 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/18 22:07:16.0950 4920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/18 22:07:16.0992 4920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/18 22:07:17.0044 4920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/18 22:07:17.0123 4920 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/18 22:07:17.0151 4920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/18 22:07:17.0168 4920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/18 22:07:17.0202 4920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/18 22:07:17.0251 4920 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/18 22:07:17.0288 4920 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/18 22:07:17.0332 4920 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/18 22:07:17.0370 4920 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/18 22:07:17.0384 4920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/18 22:07:17.0439 4920 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/18 22:07:17.0469 4920 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/18 22:07:17.0632 4920 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSvia64.sys
2011/05/18 22:07:17.0706 4920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/18 22:07:17.0796 4920 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/18 22:07:17.0841 4920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/18 22:07:17.0870 4920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/18 22:07:17.0893 4920 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/18 22:07:17.0914 4920 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/18 22:07:17.0960 4920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/18 22:07:17.0990 4920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/18 22:07:18.0009 4920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/18 22:07:18.0062 4920 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/18 22:07:18.0098 4920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/18 22:07:18.0115 4920 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/18 22:07:18.0161 4920 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/18 22:07:18.0178 4920 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/18 22:07:18.0195 4920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/18 22:07:18.0258 4920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/18 22:07:18.0298 4920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/18 22:07:18.0336 4920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/18 22:07:18.0351 4920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/18 22:07:18.0383 4920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/18 22:07:18.0417 4920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/18 22:07:18.0437 4920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/18 22:07:18.0475 4920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/18 22:07:18.0523 4920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/18 22:07:18.0538 4920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/18 22:07:18.0555 4920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/18 22:07:18.0574 4920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/18 22:07:18.0595 4920 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/18 22:07:18.0611 4920 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/18 22:07:18.0627 4920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/18 22:07:18.0651 4920 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/18 22:07:18.0668 4920 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/18 22:07:18.0703 4920 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/18 22:07:18.0720 4920 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/18 22:07:18.0737 4920 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/18 22:07:18.0778 4920 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/18 22:07:18.0803 4920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/18 22:07:18.0831 4920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/18 22:07:18.0848 4920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/18 22:07:18.0897 4920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/18 22:07:18.0916 4920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/18 22:07:18.0933 4920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/18 22:07:18.0964 4920 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/18 22:07:19.0008 4920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/18 22:07:19.0031 4920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/18 22:07:19.0048 4920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/18 22:07:19.0065 4920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/18 22:07:19.0129 4920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/18 22:07:19.0283 4920 NAVENG (f594e1acbbb3ba48586b5dd69b3a6bc2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\ENG64.SYS
2011/05/18 22:07:19.0367 4920 NAVEX15 (cfe00b55488acf0cd9f62b0401297864) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\EX64.SYS
2011/05/18 22:07:19.0442 4920 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/18 22:07:19.0493 4920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/18 22:07:19.0535 4920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/18 22:07:19.0552 4920 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/18 22:07:19.0590 4920 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/18 22:07:19.0606 4920 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/18 22:07:19.0638 4920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/18 22:07:19.0662 4920 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/18 22:07:19.0704 4920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/18 22:07:19.0734 4920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/18 22:07:19.0770 4920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/18 22:07:19.0828 4920 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/18 22:07:19.0880 4920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/18 22:07:20.0100 4920 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/18 22:07:20.0323 4920 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/18 22:07:20.0384 4920 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/18 22:07:20.0418 4920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/18 22:07:20.0457 4920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/18 22:07:20.0486 4920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/18 22:07:20.0506 4920 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/18 22:07:20.0610 4920 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
2011/05/18 22:07:20.0658 4920 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/18 22:07:20.0675 4920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/18 22:07:20.0698 4920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/18 22:07:20.0715 4920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/18 22:07:20.0758 4920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/18 22:07:20.0872 4920 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/18 22:07:20.0896 4920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/18 22:07:20.0944 4920 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/18 22:07:20.0995 4920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/18 22:07:21.0055 4920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/18 22:07:21.0078 4920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/18 22:07:21.0099 4920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/18 22:07:21.0151 4920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/18 22:07:21.0170 4920 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/18 22:07:21.0192 4920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/18 22:07:21.0226 4920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/18 22:07:21.0254 4920 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/18 22:07:21.0293 4920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/18 22:07:21.0308 4920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/18 22:07:21.0346 4920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/18 22:07:21.0365 4920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/18 22:07:21.0384 4920 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/18 22:07:21.0424 4920 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/18 22:07:21.0475 4920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/18 22:07:21.0542 4920 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/05/18 22:07:21.0594 4920 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/18 22:07:21.0620 4920 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/18 22:07:21.0674 4920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/18 22:07:21.0712 4920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/18 22:07:21.0753 4920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/18 22:07:21.0769 4920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/18 22:07:21.0805 4920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/18 22:07:21.0822 4920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/18 22:07:21.0840 4920 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/18 22:07:21.0857 4920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/18 22:07:21.0902 4920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/18 22:07:21.0955 4920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/18 22:07:21.0985 4920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/18 22:07:22.0014 4920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/18 22:07:22.0120 4920 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
2011/05/18 22:07:22.0177 4920 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
2011/05/18 22:07:22.0224 4920 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/05/18 22:07:22.0253 4920 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/18 22:07:22.0293 4920 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/18 22:07:22.0318 4920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/18 22:07:22.0341 4920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/18 22:07:22.0386 4920 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
2011/05/18 22:07:22.0439 4920 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
2011/05/18 22:07:22.0497 4920 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/05/18 22:07:22.0530 4920 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
2011/05/18 22:07:22.0579 4920 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
2011/05/18 22:07:22.0677 4920 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/05/18 22:07:22.0753 4920 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/18 22:07:22.0800 4920 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/18 22:07:22.0819 4920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/18 22:07:22.0837 4920 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/18 22:07:22.0875 4920 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/18 22:07:22.0891 4920 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/18 22:07:22.0954 4920 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/18 22:07:22.0991 4920 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/18 22:07:23.0009 4920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/18 22:07:23.0043 4920 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/18 22:07:23.0099 4920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/18 22:07:23.0123 4920 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/18 22:07:23.0140 4920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/18 22:07:23.0167 4920 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/18 22:07:23.0220 4920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/18 22:07:23.0236 4920 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/18 22:07:23.0278 4920 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/18 22:07:23.0320 4920 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/18 22:07:23.0377 4920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/18 22:07:23.0405 4920 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/18 22:07:23.0421 4920 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/18 22:07:23.0459 4920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/18 22:07:23.0497 4920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/18 22:07:23.0513 4920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/18 22:07:23.0537 4920 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/18 22:07:23.0553 4920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/18 22:07:23.0572 4920 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/18 22:07:23.0624 4920 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/18 22:07:23.0651 4920 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/18 22:07:23.0690 4920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/18 22:07:23.0711 4920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/05/18 22:07:23.0738 4920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/18 22:07:23.0759 4920 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 22:07:23.0774 4920 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 22:07:23.0813 4920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/18 22:07:23.0849 4920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/18 22:07:23.0925 4920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/18 22:07:23.0940 4920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/18 22:07:23.0996 4920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/18 22:07:24.0053 4920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/18 22:07:24.0091 4920 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/18 22:07:24.0120 4920 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/18 22:07:24.0310 4920 ================================================================================
2011/05/18 22:07:24.0310 4920 Scan finished
2011/05/18 22:07:24.0310 4920 ================================================================================
 
I'm not currently experiencing the redirect problem
Click to expand...
I didn't know that.

Let's go forward then...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni, Sorry about the confusion. I mentioned that in my opening post. I've spent the last 3 days trying to rid myself of this virus following different instructions and the redirect suddenly quit earlier tonight but I'm not comfortable that it's gone.


Here's the log Part 1

OTL logfile created on: 5/18/2011 10:35:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mark\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 62.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 529.08 Gb Free Space | 90.83% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 1.92 Gb Free Space | 14.04% Space Free | Partition Type: NTFS
Drive E: | 111.78 Gb Total Space | 12.72 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 494.07 Gb Free Space | 53.04% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 22:35:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2011/05/17 22:48:49 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Downloads\tdsskiller\TDSSKiller.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/04/10 02:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/10 02:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/19 13:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 22:35:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 22:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/17 14:26:41 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/01/26 02:42:06 | 001,559,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/02 14:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/01/20 12:49:30 | 001,254,400 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/01/20 10:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2011/05/17 23:18:55 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\EX64.SYS -- (NAVEX15)
DRV - [2011/05/17 23:18:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110518.021\ENG64.SYS -- (NAVENG)
DRV - [2011/05/17 14:29:58 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/17 14:29:58 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/30 01:44:12 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/04/26 16:27:36 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/05/17 20:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/05/18 07:45:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/17 22:05:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/17 22:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/05/17 22:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/18 07:45:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/23 05:45:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\ElevatedDiagnostics
[2011/05/18 21:27:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011/05/18 21:10:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/18 21:03:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/18 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/05/18 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/18 20:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/18 17:22:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/05/18 17:21:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/05/18 07:46:21 | 000,451,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys
[2011/05/18 07:46:21 | 000,221,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys
[2011/05/18 07:46:20 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys
[2011/05/18 07:46:20 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys
[2011/05/18 07:46:20 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys
[2011/05/18 07:46:20 | 000,150,064 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys
[2011/05/18 07:46:20 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys
[2011/05/18 07:45:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0403000.005
[2011/05/18 00:52:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/18 00:52:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/18 00:52:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/18 00:52:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/18 00:40:16 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/05/18 00:32:37 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2011/05/18 00:30:04 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2011/05/17 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2011/05/17 23:31:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/17 23:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/17 23:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/17 23:31:44 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/17 23:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/17 23:18:10 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/05/17 23:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/05/17 23:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/17 23:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/05/17 22:51:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/17 22:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/05/17 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mozilla
[2011/05/17 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla
[2011/05/17 22:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/17 21:44:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Macromedia
[2011/05/17 21:44:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe
[2011/05/17 21:37:20 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/17 21:36:29 | 000,000,000 | ---D | C] -- C:\Recovery
[2011/05/17 20:44:57 | 000,000,000 | --SD | C] -- C:\Users\Mark\AppData\Roaming\Microsoft
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Videos
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Saved Games
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Pictures
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Music
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Links
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Favorites
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Downloads
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\My Documents
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\Desktop
[2011/05/17 20:44:57 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Temporary Internet Files
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Templates
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Start Menu
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\SendTo
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Recent
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\PrintHood
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\NetHood
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Videos
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Pictures
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Music
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\My Documents
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Local Settings
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\History
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Cookies
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Application Data
[2011/05/17 20:44:57 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Application Data
[2011/05/17 20:44:57 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData
[2011/05/17 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
[2011/05/17 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft
[2011/05/17 20:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Media Center Programs
[2011/05/17 20:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/05/17 20:44:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/05/17 20:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/05/17 20:42:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/05/17 20:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/05/17 19:52:46 | 000,000,000 | ---D | C] -- C:\i386
[2011/05/17 19:50:21 | 000,000,000 | ---D | C] -- C:\blocks
[2011/05/17 19:49:29 | 000,000,000 | ---D | C] -- C:\$HPW7UA$
[2011/05/17 19:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/05/17 19:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/05/17 19:46:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011/05/17 19:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/05/17 18:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/05/17 16:27:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/17 15:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\CrashDumps
[2011/05/17 15:12:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft Games
[2011/05/17 14:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/17 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Symantec
[2011/05/17 14:26:44 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/17 14:26:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/05/17 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/17 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/17 14:25:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/05/17 14:25:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
[2011/05/17 14:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
[2011/05/17 14:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2011/05/17 13:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Hewlett-Packard
[2011/05/17 13:41:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Hewlett-Packard
[2011/05/17 13:41:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/17 13:41:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\Searches
[2011/05/17 13:41:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/17 13:41:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Identities
[2011/05/17 13:41:17 | 000,000,000 | R--D | C] -- C:\Users\Mark\Contacts
[2011/05/17 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VirtualStore
[2011/05/17 13:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/05/17 13:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/05/17 13:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/05/17 13:37:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\HP TCS
[2011/05/17 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
[2011/05/17 13:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days
[2011/05/17 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/05/17 13:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/05/17 13:35:26 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\InstallShield
[2011/05/17 13:28:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/05/18 22:36:43 | 002,057,028 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/05/18 21:26:40 | 000,009,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 21:26:40 | 000,009,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/18 21:02:54 | 004,351,251 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe
[2011/05/18 20:33:06 | 003,118,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/18 20:33:06 | 000,692,886 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/05/18 20:33:06 | 000,691,932 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/05/18 20:33:06 | 000,662,402 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2011/05/18 20:33:06 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/18 20:33:06 | 000,133,632 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/05/18 20:33:06 | 000,126,998 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/05/18 20:33:06 | 000,124,850 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2011/05/18 20:33:06 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/18 17:39:14 | 000,001,940 | ---- | M] () -- C:\Users\Mark\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 17:23:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/18 17:23:09 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/18 17:21:49 | 000,002,555 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/18 00:40:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/17 23:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 23:23:24 | 000,020,040 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/17 23:22:32 | 000,001,439 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/17 23:18:10 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/05/17 23:15:52 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/05/17 22:05:41 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/17 21:54:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/17 21:54:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/17 21:03:07 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/17 21:03:07 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/05/17 20:58:01 | 000,022,744 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2011/05/17 20:56:20 | 000,331,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/17 20:43:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/17 20:27:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:27:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:05:53 | 000,003,040 | ---- | M] () -- C:\Users\Mark\Desktop\Windows Compatibility Report.htm
[2011/05/17 20:03:21 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/05/17 20:03:21 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/05/17 19:56:51 | 000,000,340 | -HS- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/05/17 19:54:25 | 000,000,554 | ---- | M] () -- C:\Users\Mark\Desktop\HP Upgrade Assistant.lnk
[2011/05/17 15:59:21 | 000,001,896 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeCell.lnk
[2011/05/17 15:22:49 | 000,001,537 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/05/17 14:26:41 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/17 14:26:41 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/17 14:26:41 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/17 14:24:33 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/05/17 13:35:25 | 000,001,916 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
[2011/05/17 13:35:25 | 000,001,916 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
[2011/05/17 13:35:14 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 30 Prints.lnk

========== Files Created - No Company Name ==========

[2011/05/18 21:01:00 | 004,351,251 | R--- | C] () -- C:\Users\Mark\Desktop\ComboFix.exe
[2011/05/18 17:39:14 | 000,001,940 | ---- | C] () -- C:\Users\Mark\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 17:21:08 | 002,057,028 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\Cat.DB
[2011/05/18 07:46:21 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.cat
[2011/05/18 07:46:21 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv64.cat
[2011/05/18 07:46:21 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet64.cat
[2011/05/18 07:46:21 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa.inf
[2011/05/18 07:46:21 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnetv.inf
[2011/05/18 07:46:21 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symnet.inf
[2011/05/18 07:46:20 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.cat
[2011/05/18 07:46:20 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.cat
[2011/05/18 07:46:20 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.cat
[2011/05/18 07:46:20 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.cat
[2011/05/18 07:46:20 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.cat
[2011/05/18 07:46:20 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds.inf
[2011/05/18 07:46:20 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.inf
[2011/05/18 07:46:20 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.inf
[2011/05/18 07:46:20 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.inf
[2011/05/18 07:46:20 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\iron.inf
[2011/05/18 07:45:59 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0403000.005\isolate.ini
[2011/05/18 00:52:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/18 00:52:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/18 00:52:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/18 00:52:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/18 00:52:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 23:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 23:15:52 | 000,020,040 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/05/17 23:15:52 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/05/17 22:05:41 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/17 22:05:41 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/17 21:54:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/05/17 21:54:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/05/17 21:37:28 | 000,001,411 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/17 21:37:22 | 000,001,445 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/17 21:04:44 | 536,260,607 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/17 20:58:01 | 000,022,744 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2011/05/17 20:44:57 | 000,000,290 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/17 20:44:57 | 000,000,272 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/17 20:44:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/17 20:44:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/17 20:44:08 | 000,009,872 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:44:08 | 000,009,872 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/17 20:43:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/17 19:56:52 | 000,003,040 | ---- | C] () -- C:\Users\Mark\Desktop\Windows Compatibility Report.htm
[2011/05/17 19:56:51 | 000,001,439 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/17 19:54:20 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/05/17 19:54:20 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/05/17 19:52:55 | 000,000,554 | ---- | C] () -- C:\Users\Mark\Desktop\HP Upgrade Assistant.lnk
[2011/05/17 15:59:21 | 000,001,896 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeCell.lnk
[2011/05/17 15:22:49 | 000,001,537 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2011/05/17 14:26:44 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/17 14:26:44 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/17 14:26:40 | 000,002,555 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/17 13:44:42 | 000,000,552 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/05/17 13:38:07 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/05/17 13:37:50 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/05/17 13:35:18 | 000,001,916 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
[2011/05/17 13:35:18 | 000,001,916 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NY428AA-ABA p6110f_YC_0Pavi_Q3CR917_E93NAv6PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.37_T090223_WUH1_L409_M6143_J640_7Intel_8Pentium Dual-Core E5300_92.6_#090716_N10EC8168_Z11C10630_G10DE0640.MRK
[2011/05/17 13:35:14 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 30 Prints.lnk
[2011/05/17 13:34:58 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/05/17 13:34:58 | 000,001,562 | ---- | C] () -- C:\Users\Public\Desktop\Try Microsoft Office for 60 days.lnk
[2011/05/17 13:34:57 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/05/17 13:34:57 | 000,002,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2011/05/17 13:34:57 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/05/17 13:34:29 | 000,001,928 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2011/05/17 13:34:29 | 000,001,350 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
[2011/05/17 13:34:29 | 000,000,340 | -HS- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/22 06:18:42 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/04/22 06:18:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

========== LOP Check ==========

[2011/05/17 14:24:33 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 01:08:49 | 000,001,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
Here is part 2 of the log

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/05/18 00:40:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/05/18 21:10:24 | 000,029,498 | ---- | M] () -- C:\ComboFix.txt
[2011/05/17 19:52:49 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2011/05/18 17:23:09 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/05/18 17:23:28 | 2146,672,639 | -HS- | M] () -- C:\pagefile.sys
[2011/05/17 22:50:27 | 000,064,096 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_17.05.2011_22.48.59_log.txt
[2011/05/18 22:07:25 | 000,064,238 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_18.05.2011_22.07.07_log.txt
[2009/04/22 06:54:38 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/17 19:56:51 | 000,000,340 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/05/17 23:22:32 | 000,000,221 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/18 21:02:54 | 004,351,251 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/17 21:37:27 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL log looks clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni, Here are the results of SecurityCheck. ESET has been running for over 12 hours and it was still going. I had left it running ovenight and it's been at 99% of step 3 of 4 for at least 5 of those hours since I've been up. It was on my back-up drive which I shut down so the scan would complete. I'll be gone for the weekend and will look at any response on Sunday. I really appreciate your help here.
I should note that when I powered up my system yesterday after all of the programs you had me run the night before it said it was making registry changes during the power up sequence. 42783 changes. Does that sound right?


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````


*********************************************************************************************
ESET results

C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan
 
Does that sound right?
Click to expand...
Possible.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe 
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe 
C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
My computer is somehow still infected after all this. I just tried a Google search and and it wouldn't return anything. I tried a Yahoo search and got a redirect. I had completed most of you instructions in the last email. The logs are below. I'm going back to the very beginning and will start those instructions all over again and will post those results in my next reply.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully.
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe moved successfully.
File\Folder C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jill
->Temp folder emptied: 1625 bytes
->Temporary Internet Files folder emptied: 4743934 bytes
->Flash cache emptied: 727 bytes

User: Junior
->Temp folder emptied: 3788 bytes
->Temporary Internet Files folder emptied: 59454181 bytes
->Flash cache emptied: 1203 bytes

User: Mark
->Temp folder emptied: 967 bytes
->Temporary Internet Files folder emptied: 9072777 bytes
->FireFox cache emptied: 73566348 bytes
->Flash cache emptied: 1074 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58640 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jill
->Flash cache emptied: 0 bytes

User: Junior
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05222011_191614

Files\Folders moved on Reboot...
C:\Users\Mark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

********************************************************************************

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jill
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Junior
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 15281281 bytes
->Flash cache emptied: 640 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jill
->Flash cache emptied: 0 bytes

User: Junior
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 05222011_192409

Files\Folders moved on Reboot...
C:\Users\Mark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
I'm starting over. Here are the Malwarebytes log along with the DDS and Attach logs. GMER found nothing and had an empty log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6603

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/22/2011 8:48:34 PM
mbam-log-2011-05-22 (20-48-34).txt

Scan type: Quick scan
Objects scanned: 181449
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


***********************************************************************

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/17/2011 9:36:30 PM
System Uptime: 5/22/2011 7:49:51 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 506.916 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.92 GiB free.
E: is FIXED (NTFS) - 112 GiB total, 12.716 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: AVSTREAM\CIR\5&2525B28F&0&0
Manufacturer:
Name:
PNP Device ID: AVSTREAM\CIR\5&2525B28F&0&0
Service:
.
==== System Restore Points ===================
.
RP1: 5/17/2011 9:52:08 PM - Windows Modules Installer
RP2: 5/17/2011 10:44:05 PM - Installed Microsoft Fix it 50267
RP3: 5/18/2011 7:52:30 AM - Windows Update
RP4: 5/18/2011 8:50:44 PM - Installed 7-Zip 9.20 (x64 edition)
RP5: 5/18/2011 10:36:28 PM - OTL Restore Point
RP6: 5/18/2011 11:18:55 PM - Windows Update
RP7: 5/19/2011 6:27:22 AM - Windows Update
RP8: 5/19/2011 7:23:23 AM - Windows Update
RP9: 5/19/2011 5:06:10 PM - Windows Update
RP10: 5/21/2011 7:11:25 PM - Language Pack Removal
RP11: 5/22/2011 7:24:26 PM - OTL Restore Point
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Default Manager
DirectX for Managed Code Update (Summer 2004)
ESET Online Scanner v3
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360 Premier Edition
NVIDIA PhysX v8.09.04
Power2Go
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
.
==== Event Viewer Messages From Past Week ========
.
5/22/2011 8:54:24 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/22/2011 7:24:09 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
5/22/2011 7:06:37 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
5/20/2011 7:17:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
5/20/2011 7:17:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/19/2011 6:23:50 AM, Error: Service Control Manager [7023] -
5/19/2011 6:23:23 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.116. The computer with the IP address 192.168.1.120 did not allow the name to be claimed by this computer.
5/18/2011 9:08:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/17/2011 8:54:06 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
5/17/2011 8:12:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/17/2011 8:12:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/17/2011 8:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/17/2011 8:01:54 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
5/17/2011 7:41:42 PM, Error: Service Control Manager [7000] - The SetupNTGLM7X service failed to start due to the following error: This driver has been blocked from loading
5/17/2011 7:41:42 PM, Error: Application Popup [1060] - \??\F:\NTGLM7X.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2011 7:41:16 PM, Error: Service Control Manager [7000] - The GMSIPCI service failed to start due to the following error: This driver has been blocked from loading
5/17/2011 7:41:16 PM, Error: Application Popup [1060] - \??\F:\INSTALL\GMSIPCI.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2011 7:39:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/17/2011 6:14:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 for x64-based Systems (KB2418240).
5/17/2011 5:11:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
5/17/2011 5:11:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/17/2011 2:26:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
5/17/2011 11:16:06 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
5/17/2011 1:37:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
5/17/2011 1:34:58 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
.
==== End Of File ===========================



**************************************************************************************8

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mark at 20:54:41 on 2011-05-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4632 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 Premier Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\ProgramData\Norton\NUA.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark\Downloads\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\IPSBHO.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\dagru97e.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.iwon.com/|http://us.mg6.mail.yahoo.com/neo/la...WeatherLocalUndeclared&from=searchbox_localwx
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-5-18 1127032]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110518.001\IDSviA64.sys [2011-5-18 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [2011-5-18 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-17 136824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-05-20 02:01:19 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-20 01:33:35 -------- d-----w- C:\Program Files (x86)\ESET
2011-05-19 03:32:13 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-05-19 03:32:13 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-05-19 03:23:37 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-05-19 03:23:37 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-05-19 03:23:37 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-05-19 03:23:37 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-05-19 03:23:37 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-05-19 03:23:37 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-05-19 03:23:37 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-05-19 03:23:37 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-05-19 03:23:37 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-05-19 03:23:37 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-05-19 03:10:44 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-19 01:27:17 -------- d-----w- C:\Users\Mark\AppData\Local\ElevatedDiagnostics
2011-05-19 01:27:05 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP3.DLL
2011-05-18 21:32:59 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-05-18 21:31:38 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-05-18 21:30:52 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-05-18 21:29:52 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2011-05-18 21:28:06 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-05-18 21:28:06 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-05-18 21:28:03 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-18 21:28:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-05-18 21:28:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-05-18 21:28:00 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-05-18 21:28:00 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-05-18 21:27:59 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-05-18 21:27:59 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-05-18 21:27:59 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-05-18 21:27:58 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-05-18 21:27:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-05-18 21:27:58 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-05-18 21:27:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-05-18 21:27:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-05-18 21:27:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-05-18 21:27:58 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-05-18 21:27:54 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-05-18 21:27:54 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-05-18 21:22:00 -------- d-----w- C:\Windows\SysWow64\Wat
2011-05-18 21:21:59 -------- d-----w- C:\Windows\System32\Wat
2011-05-18 11:52:50 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-05-18 11:46:21 451120 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys
2011-05-18 11:46:21 221232 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys
2011-05-18 11:46:20 615040 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys
2011-05-18 11:46:20 505392 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtsp64.sys
2011-05-18 11:46:20 433200 ----a-r- C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys
2011-05-18 11:46:20 32304 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\srtspx64.sys
2011-05-18 11:46:20 150064 ----a-w- C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys
2011-05-18 11:45:59 -------- d-----w- C:\Windows\System32\drivers\N360x64\0403000.005
2011-05-18 11:43:10 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-05-18 11:43:10 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-05-18 11:43:00 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-05-18 11:43:00 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-05-18 04:40:16 -------- d-----w- C:\Windows\Panther
2011-05-18 04:32:37 -------- d-----w- C:\$WINDOWS.~Q
2011-05-18 04:30:04 -------- d-----w- C:\$INPLACE.~TR
2011-05-18 03:31:53 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
2011-05-18 03:31:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-18 03:31:47 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-18 03:31:44 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-18 03:31:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-18 03:18:10 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-05-18 03:15:52 20040 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-05-18 03:15:51 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-05-18 03:14:41 -------- d-----w- C:\ProgramData\Hitman Pro
2011-05-18 02:13:16 -------- d-----w- C:\Program Files\Common Files\Canon
2011-05-18 01:54:04 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2011-05-18 01:52:53 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-05-18 01:36:29 -------- d-----w- C:\Recovery
2011-05-17 23:52:46 -------- d-----w- C:\i386
2011-05-17 23:50:21 -------- d-----w- C:\blocks
2011-05-17 23:49:29 -------- d-----w- C:\$HPW7UA$
2011-05-17 23:46:00 -------- d-----w- C:\Windows\SysWow64\AGEIA
2011-05-17 23:45:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-05-17 23:45:13 410656 ----a-w- C:\Windows\System32\nvcpl.cpl
2011-05-17 23:45:13 2112544 ----a-w- C:\Windows\System32\nvcplui.exe
2011-05-17 23:45:13 1097248 ----a-w- C:\Windows\System32\nvcpluir.dll
2011-05-17 23:42:43 501280 ----a-w- C:\Windows\System32\NVUNINST.EXE
2011-05-17 22:58:27 131584 ------w- C:\Windows\System32\PDMSetup.exe
2011-05-17 22:58:27 125440 ------w- C:\Windows\System32\SetDepNx.exe
2011-05-17 22:58:25 109568 ------w- C:\Windows\SysWow64\PDMSetup.exe
2011-05-17 22:58:25 103936 ------w- C:\Windows\SysWow64\SetDepNx.exe
2011-05-17 22:14:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-05-17 19:23:56 -------- d-----w- C:\Users\Mark\AppData\Local\CrashDumps
2011-05-17 19:12:32 -------- d-----w- C:\Users\Mark\AppData\Local\Microsoft Games
2011-05-17 18:32:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-05-17 18:26:44 34152 ----a-r- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-17 18:26:44 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-05-17 18:26:44 126312 ----a-r- C:\Windows\System32\GEARAspi64.dll
2011-05-17 18:26:44 107368 ----a-r- C:\Windows\SysWow64\GEARAspi.dll
2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Symantec
2011-05-17 18:26:41 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-05-17 18:25:43 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-05-17 18:25:34 -------- d-----w- C:\Program Files (x86)\Norton 360 Premier Edition
2011-05-17 18:22:12 -------- d-----w- C:\ProgramData\PCSettings
2011-05-17 17:41:35 -------- d-----w- C:\Users\Mark\AppData\Local\Hewlett-Packard
2011-05-17 17:40:46 -------- d-----w- C:\Users\Mark\AppData\Local\VirtualStore
2011-05-17 17:37:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\HP TCS
.
==================== Find3M ====================
.
2011-05-18 01:52:53 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
.
============= FINISH: 20:55:18.06 ===============
 
Your computer seems to be clean, but we may need to reset your router.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
Broni, I can not get my router to work anymore. I went through the steps you had me do and now I can't get anything through my router. I've tried resetting it numerous times and powered it on and off numerous times also. It's a Linksys WRT160N router. The one thing that seems to be out of the ordinary is the yellow light above the "Wi-Fi Protected Setup Button is constantly on.


The LED lights up amber if there is an error
during the Wi‑Fi Protected Setup process. Make
sure the client device supports Wi‑Fi Protected
Setup​
. Wait until the LED is off, and then try again.


I can't say if this related to the virus problem I had?
 
I don't think, this is malware related.
Try to disconnect router from the power source for 1 minute.
 
Broni, I had to get a new router. That's up and running now and I don't appear to have the Google redirect issue anymore. However, another spam was sent out from my email earlier today with the PC was hooked directly to the cable modem. Do I still have a problem?
 
What type of email program is it?
Is the spam mail listed in your "Sent" folder?
 
Any web based email can be hacked without accessing your computer.
Your computer is clean, so I assume, your Yahoo account has been simply hacked.

You can try to change your password there, but to be totally safe, I'd abandon that account and I'd create new one.

If that's the only issue, I'll mark this thread as resolved.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
391
trparky
T
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back