Inactive Redirect virus; Staples remote help couldn't get rid of it; restore not working

[laladawn]

Obtained a virus (sorry - don't know what - Staples labeled as 'malware' in general) about three weeks ago when I switched from Norton to McAfee; I think it left my computer vulnerable for a while; at that time, I lost all icons and it appeared that all of my data was gone; took laptop to Staples where I bought it and they fixed it...next day, I notice the redirect is happening with all search engines, not just Google...I go back to Norton and run Malware Bytes...nothing found...work around the redirects, but I am a professional, so I need a clean computer; called Staples over the weekend and they worked remotely for over three hours, but couldn't remove...they said it was a rootkit and I would need to reinstall back to factory; I have tried every way to do that also, but it seems every attempt is blocked - Dell Inspiron - F8 Repair Computer option gives me a "Windows loading files" message that freezes computer; Dell DataSafe backup gives error message when trying to create recovery disc on USB; system restore gives me an error; at this point, I am buying a new work laptop, but would still like this one to be clean for home use...

I followed your steps and am posting the logs. GMER scan stopped working after a few seconds. I did try in safe mode, too, and it didn't work.

Thank you so much for your help!

Malware log:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Dawn :: WORKLAPTOP [administrator]

Protection: Disabled

1/3/2012 11:55:12 PM
mbam-log-2012-01-03 (23-55-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183103
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS Log #1:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dawn at 0:57:43 on 2012-01-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2135 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Workspace\workspaceupdate.exe
C:\Program Files (x86)\FileVault\FileVault.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe"
uRun: [FileVault.exe] C:\Program Files (x86)\FileVault\FileVault.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Dawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Dawn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: live.com\mail
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tlr.webex.com/client/T27L/webex/ieatgpc1.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{88870896-2C2C-4095-8743-75A6CF3F1DA3} : DhcpNameServer = 192.168.1.6 192.168.1.27
TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}\56279636 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}\7445B49405143535 : DhcpNameServer = 192.168.111.1
TCP: Interfaces\{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111228.001\IDSviA64.sys [2011-12-29 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-19 98208]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2010-7-16 1185008]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-12-14 130008]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-19 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-19 2320920]
R2 uvnc_service;uvnc_service;C:\Program Files (x86)\UltraVNC\winvnc.exe [2010-10-20 1590216]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-15 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssmirrdr;ssmirrdr;C:\Windows\system32\DRIVERS\ssmirrdr.sys --> C:\Windows\system32\DRIVERS\ssmirrdr.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-03 02:26:22 -------- d-----w- C:\1 AICPA PCPS Flash Drive
2012-01-02 02:50:02 -------- d--h--w- C:\$RECYCLE.BIN
2012-01-02 02:07:32 98816 ----a-w- C:\Windows\sed.exe
2012-01-02 02:07:32 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-02 02:07:32 256000 ----a-w- C:\Windows\PEV.exe
2012-01-02 02:07:32 208896 ----a-w- C:\Windows\MBR.exe
2012-01-01 04:49:14 -------- d-----w- C:\Users\Dawn\AppData\Roaming\Malwarebytes
2012-01-01 04:48:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-01 04:48:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-26 20:48:40 -------- d-----w- C:\Users\Dawn\AppData\Local\{6FDDD61B-D685-4441-8C4E-CE1EBBACE07E}
2011-12-26 20:48:27 -------- d-----w- C:\Users\Dawn\AppData\Local\{B55956D2-E02F-4674-AA15-143F0E05ADCE}
2011-12-15 19:26:47 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 19:26:46 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 19:26:42 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 19:26:42 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 19:26:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 19:26:38 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-15 18:19:06 -------- d-----w- C:\ProgramData\Nuance
2011-12-15 18:19:06 -------- d-----w- C:\ProgramData\Intuit
2011-12-15 18:19:06 -------- d-----w- C:\Program Files (x86)\Intuit
2011-12-15 18:19:06 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2011-12-15 15:26:21 -------- d--h--w- C:\Windows\msdownld.tmp
2011-12-15 15:22:40 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-12-15 15:22:40 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-12-15 15:22:40 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-12-15 07:15:46 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP
2011-12-15 03:02:57 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-12-15 03:02:57 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-12-15 03:02:56 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-12-15 03:02:56 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-12-15 03:02:56 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-12-15 03:02:56 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-12-15 03:02:33 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-12-15 02:20:17 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-15 02:20:17 -------- d-----w- C:\Program Files\Symantec
2011-12-15 02:20:17 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-12-15 02:19:33 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-12-15 02:19:32 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-12-15 02:17:41 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-12-14 15:39:44 -------- d-----w- C:\Program Files (x86)\smartmontools
2011-12-14 15:28:36 -------- d-----w- C:\Users\Dawn\AppData\Roaming\supportdotcom
2011-12-14 15:28:20 -------- d-----w- C:\Program Files (x86)\supportdotcom
2011-12-14 15:28:20 -------- d-----w- C:\Program Files (x86)\Common Files\supportdotcom
2011-12-12 02:05:09 -------- d-----w- C:\Users\Dawn\AppData\Local\{BF574E78-DC61-48DE-A5F6-F2659A30E10A}
2011-12-10 03:23:09 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BC41F6F-22AC-4967-9998-36BDCAE56962}\mpengine.dll
2011-12-10 03:23:02 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-08 16:38:44 -------- d-----w- C:\Users\Dawn\AppData\Local\McAfee Anti-Theft
.
==================== Find3M ====================
.
2011-11-17 02:04:34 69632 ----a-w- C:\Windows\SysWow64\Clifford Uninstall.exe
.
============= FINISH: 1:08:43.66 ===============


Will post DDS log #2 in next message.

Again, thank you.

 

[laladawn]

Second DDS log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/2/2010 3:44:30 PM
System Uptime: 1/4/2012 12:50:16 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 08VFX1
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 2255/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 376.854 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0024
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0024
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0025
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0025
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0026
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0026
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet J4680 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID:
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer:
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J4680 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet J4680 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP142: 12/26/2011 12:54:59 PM - Scheduled Checkpoint
RP143: 12/31/2011 11:28:12 PM - Norton 360 Registry Clean
RP144: 1/1/2012 10:44:49 PM - EasyTech Service Complete
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
4660_4680_Help
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.1)
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Atari Arcade Hits 1
Becker's CPA Exam Review and PassMaster - 2011 Edition
Big Fish Games: Game Manager
Bing Bar
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Clifford Reading
Clifford Thinking Adventures
Coupon Printer for Windows
Cozi
CPS FirstClass Client v9.012f
Crazy Chicken Pinball
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
Destinations
DeviceDiscovery
DocMgr
DocProc
Fax
FileVault
Frogger v3.0e
Google Chrome
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.457
GPBaseService2
HP Product Detection
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
J4680
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Live! Cam Avatar Creator
Mall Tycoon 2
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Mesh Runtime
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyScribe
NOOK Study
Norton 360
OverDrive Media Console
Plants vs. Zombies
ProductContext
QuickBooks
QuickBooks Premier: Accountant Edition 2012
QuickTime
Realtek High Definition Audio Driver
Roxio Burn
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
SupportSoft Assisted Service
System Requirements Lab
Tarzan Action Game
TestGen
Toolbox
TrayApp
UltraVNC 1.0.8.2
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update Installer for WildTangent Games App
VO Scan client for Citrix
WebEx
WebReg
WildTangent Games
WildTangent Games App
WildTangent Games App (Dell Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Workspace Desktop
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 9:27:01 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
12/31/2011 9:26:55 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
12/31/2011 11:47:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/31/2011 11:47:20 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/31/2011 11:45:22 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/30/2011 6:39:53 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A7A61BD4-D7A7-42FC-BD80-322F55969AFB}. The master browser is stopping or an election is being forced.
12/29/2011 11:18:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
12/28/2011 1:27:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
1/4/2012 12:58:10 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/4/2012 12:55:14 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
1/4/2012 12:55:14 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
1/4/2012 12:53:40 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/4/2012 12:53:01 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
1/4/2012 12:49:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:49:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/4/2012 12:49:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/4/2012 12:48:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/4/2012 12:48:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/4/2012 12:48:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/4/2012 12:48:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/4/2012 12:48:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/4/2012 12:48:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/4/2012 12:48:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ctxusbm DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/4/2012 12:48:17 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
1/4/2012 12:19:47 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/3/2012 5:24:42 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.
1/3/2012 4:45:53 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/3/2012 4:45:53 PM, Error: Service Control Manager [7038] - The HPSLPSVC service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/3/2012 4:45:53 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
1/3/2012 4:45:53 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not start due to a logon failure.
1/3/2012 4:45:53 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
1/3/2012 4:45:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
1/3/2012 4:45:49 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/3/2012 4:45:49 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
1/3/2012 4:45:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/3/2012 4:43:58 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: A system shutdown is in progress.
1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
1/3/2012 4:43:58 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
1/3/2012 4:43:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
1/3/2012 4:43:57 PM, Error: Service Control Manager [7038] - The FontCache service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/3/2012 4:43:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/3/2012 4:43:57 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 4:43:57 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not start due to a logon failure.
1/3/2012 4:43:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/3/2012 4:42:18 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The media is write protected.
1/3/2012 4:11:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
1/3/2012 2:35:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
1/3/2012 2:23:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
1/3/2012 11:49:36 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The pipe has been ended.
1/3/2012 11:49:36 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
1/2/2012 9:42:30 PM, Error: volsnap [35] - The shadow copies of volume \\?\Volume{24be6217-ab6a-11df-a61b-806e6f6e6963} were aborted because the shadow copy storage failed to grow.
1/2/2012 9:27:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
1/2/2012 4:53:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/2/2012 4:53:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}
1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The Symantec Real Time Storage Protection x64 service failed to start due to the following error: The media is write protected.
1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The system cannot find the path specified.
1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The system cannot find the path specified.
1/2/2012 3:29:19 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The system cannot find the path specified.
1/2/2012 3:29:07 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/2/2012 3:29:07 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
1/2/2012 2:38:05 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
1/2/2012 2:38:04 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
1/2/2012 12:40:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
1/2/2012 10:23:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
1/2/2012 10:23:08 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 10:23:08 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/2/2012 10:01:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/1/2012 9:47:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2012 9:47:23 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/1/2012 9:43:55 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/1/2012 9:08:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
1/1/2012 8:52:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2012 8:51:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
1/1/2012 8:51:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ctxusbm discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
1/1/2012 8:42:26 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll
1/1/2012 7:38:28 PM, Error: Application Popup [1060] - \??\C:\Users\Dawn\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/1/2012 7:12:12 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/1/2012 7:12:11 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:09 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The uvnc_service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The QBIDPService service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The File Backup Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Andrea RT Filters Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/1/2012 7:12:07 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/1/2012 7:12:06 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 5:58:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/1/2012 5:58:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
1/1/2012 5:57:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 5:56:15 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/1/2012 11:45:44 PM, Error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 1:19:08 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/1/2012 1:19:08 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
1/1/2012 1:19:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[laladawn]

Message from Combofix that Norton 360 realtime scan still running

although I did disable the anti-virus for 5 hours as the link directed...I disabled the Norton 360 firewall thinking that might be it and the combofix box said it would run but at my own risk...I didn't go any further...I don't know whether it is really combofix or not...don't know what to trust

Here was the first log.

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-04 12:41:44
-----------------------------
12:41:44.665 OS Version: Windows x64 6.1.7600
12:41:44.665 Number of processors: 4 586 0x2505
12:41:44.666 ComputerName: WORKLAPTOP UserName: Dawn
12:41:47.157 Initialize success
12:44:29.365 AVAST engine defs: 12010400
12:44:36.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:44:36.245 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
12:44:36.260 Disk 0 MBR read successfully
12:44:36.264 Disk 0 MBR scan
12:44:36.271 Disk 0 Windows 7 default MBR code
12:44:36.276 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:44:36.296 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
12:44:36.312 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
12:44:36.321 Service scanning
12:44:38.154 Modules scanning
12:44:38.161 Disk 0 trace - called modules:
12:44:38.214 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004c23334]<<
12:44:38.221 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0c790]
12:44:38.231 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048fd050]
12:44:38.240 \Driver\iaStor[0xfffffa80048f0750] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004c23334
12:44:40.122 AVAST engine scan C:\Windows
12:44:44.310 AVAST engine scan C:\Windows\system32
12:46:24.598 AVAST engine scan C:\Windows\system32\drivers
12:46:39.165 AVAST engine scan C:\Users\Dawn
12:57:45.036 AVAST engine scan C:\ProgramData
13:04:38.192 Scan finished successfully
13:12:08.724 Disk 0 MBR has been saved successfully to "C:\Users\Dawn\Desktop\MBR.dat"
13:12:08.728 The log file has been saved successfully to "C:\Users\Dawn\Desktop\aswMBR.txt"


thanks! Just let me know if I should still run the combofix or what to do next

 

[laladawn]

also got strange message when downloading aswmbr and combofix

forgot in my last post: When downloading both to my desktop, I got a "this file is safe" message from Norton, but then at the middle bottom of the screen a message popped up both times saying "aswMBR.exe/combofix.exe is not commonly downloaded and could harm your computer". Then it had three choices: Delete, Actions, View Downloads as buttons. The messages *appeared* to be from McAfee, but I thought I got rid of that a couple of weeks ago. I didn't click on the message at all, but rather closed my internet explorer.

thanks

 

[Broni]

Both downloads are obviously safe so go ahead.

 

[laladawn]

Combofix log part 1

ComboFix 12-01-04.02 - Dawn 01/04/2012 15:54:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2021 [GMT -5:00]
Running from: c:\users\Dawn\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 22:36 . 2012-01-04 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-03 02:26 . 2012-01-03 02:26 -------- d-----w- C:\1 AICPA PCPS Flash Drive
2012-01-01 04:49 . 2012-01-01 04:49 -------- d-----w- c:\users\Dawn\AppData\Roaming\Malwarebytes
2012-01-01 04:48 . 2012-01-01 04:48 -------- d-----w- c:\programdata\Malwarebytes
2012-01-01 04:48 . 2012-01-02 00:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-15 19:26 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 19:26 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 19:26 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:26 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 19:26 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 19:26 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 19:25 . 2011-12-15 19:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-15 18:19 . 2012-01-01 03:18 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2011-12-15 18:19 . 2011-12-22 15:54 -------- d-----w- c:\programdata\Intuit
2011-12-15 18:19 . 2011-12-15 18:21 -------- d-----w- c:\program files (x86)\Intuit
2011-12-15 18:19 . 2011-12-15 18:19 -------- d-----w- c:\programdata\Nuance
2011-12-15 15:26 . 2011-12-15 15:26 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-15 15:22 . 2011-12-15 15:22 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-12-15 15:22 . 2011-12-15 15:22 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-12-15 15:22 . 2011-12-15 15:22 144384 ----a-w- c:\windows\system32\cdd.dll
2011-12-15 07:15 . 2011-12-15 07:15 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2011-12-15 02:20 . 2011-12-15 03:03 -------- d-----w- c:\program files\Symantec
2011-12-15 02:20 . 2011-12-15 03:02 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-15 02:20 . 2011-12-15 02:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-12-15 02:19 . 2011-12-15 05:23 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-12-15 02:19 . 2011-12-15 02:19 -------- d-----w- c:\program files (x86)\Norton 360
2011-12-15 02:17 . 2011-12-15 02:17 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-12-14 15:39 . 2012-01-02 03:44 -------- d-----w- c:\program files (x86)\smartmontools
2011-12-14 15:35 . 2012-01-02 03:45 -------- d-----w- c:\programdata\support.com
2011-12-14 15:28 . 2011-12-14 15:28 -------- d-----w- c:\users\Dawn\AppData\Roaming\supportdotcom
2011-12-14 15:28 . 2012-01-02 15:23 -------- d-----w- c:\program files (x86)\supportdotcom
2011-12-14 15:28 . 2012-01-02 15:23 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
2011-12-10 03:23 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BC41F6F-22AC-4967-9998-36BDCAE56962}\mpengine.dll
2011-12-10 03:23 . 2011-11-15 19:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-12-08 16:38 . 2011-12-08 16:38 -------- d-----w- c:\users\Dawn\AppData\Local\McAfee Anti-Theft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 02:04 . 2011-11-16 20:22 69632 ----a-w- c:\windows\SysWow64\Clifford Uninstall.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-02_02.51.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-01 06:19 . 2012-01-01 06:19 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-04 22:38 . 2012-01-04 22:38 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-01-02 02:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-04 16:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-14 19:51 . 2012-01-02 02:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-04 18:48 . 2012-01-04 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-02 02:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-19 07:09 . 2012-01-04 16:12 81206 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-04 22:41 39780 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-02 22:56 . 2012-01-04 05:54 19348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1119411891-2864457860-3248121356-1000_UserData.bin
- 2010-10-02 19:41 . 2012-01-02 00:12 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-02 19:41 . 2012-01-04 05:04 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-02 19:41 . 2012-01-02 00:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-02 19:41 . 2012-01-04 05:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-02 00:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-04 05:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-15 18:23 . 2012-01-01 03:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMSMShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMSMShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMDTShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 69632 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\QFMDTShortcut.691646B9_A175_4950_9836_F2BA367B0A4F.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 45056 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 45056 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 86016 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 86016 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2011-08-20 02:31 . 2011-08-20 02:31 29528 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\syncmanagerclientlib.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 45416 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\svcxutil.dll
+ 2011-08-20 06:34 . 2011-08-20 06:34 56680 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbuchannel.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 15208 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbserverutilityhelper.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 85864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBSDKCOMUtil.dll
+ 2011-08-20 06:32 . 2011-08-20 06:32 77160 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbrequestadaptor.exe
+ 2011-08-20 06:33 . 2011-08-20 06:33 26472 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBObjProxy.dll
+ 2011-08-20 06:34 . 2011-08-20 06:34 14696 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBMsgMgrps.dll
+ 2011-08-20 02:34 . 2011-08-20 02:34 45928 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexceladaptor_64bit.exe
+ 2011-08-20 06:32 . 2011-08-20 06:32 38760 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexceladaptor.exe
+ 2011-08-20 06:33 . 2011-08-20 06:33 30568 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbdbportfinder.dll
+ 2011-08-20 04:49 . 2011-08-20 04:49 45056 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbcfmonitorservice.exe
+ 2011-08-20 06:33 . 2011-08-20 06:33 60264 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\permissionmgr.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 16728 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\oauthwebbrowser.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 26968 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\oauthhelper.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 18280 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\interop.netfwtypelib.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 55640 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibuenghost.exe
+ 2011-08-20 02:31 . 2011-08-20 02:31 36184 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x86w2k3.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 36184 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x86vista.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 43864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x64w2k3.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 43864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng_x64vista.dll
+ 2011-08-20 02:31 . 2011-08-20 02:31 36184 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\ibueng.dll
+ 2011-08-20 05:58 . 2011-08-20 05:58 36864 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\cfscan.dll
- 2011-12-15 18:21 . 2011-12-15 18:21 12120 c:\windows\assembly\GAC_32\QfmInterop\1.0.0.0__5b3f47ba29970ccb\QfmInterop.dll
+ 2012-01-02 18:21 . 2012-01-02 18:21 12120 c:\windows\assembly\GAC_32\QfmInterop\1.0.0.0__5b3f47ba29970ccb\QfmInterop.dll
+ 2012-01-02 18:20 . 2012-01-02 18:20 24576 c:\windows\assembly\GAC_32\QBWCCommon\2.1.0.27__82cc56431f1a971d\QBWCCommon.dll
+ 2012-01-02 18:21 . 2012-01-02 18:21 91480 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmModel\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmModel.dll
- 2011-12-15 18:21 . 2011-12-15 18:21 91480 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmModel\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmModel.dll
- 2011-12-15 18:21 . 2011-12-15 18:21 39256 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmExternal\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmExternal.dll
+ 2012-01-02 18:21 . 2012-01-02 18:21 39256 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmExternal\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmExternal.dll
- 2011-12-15 18:21 . 2011-12-15 18:21 52056 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmCommon\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmCommon.dll
+ 2012-01-02 18:21 . 2012-01-02 18:21 52056 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmCommon\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmCommon.dll
+ 2012-01-02 18:20 . 2012-01-02 18:20 16384 c:\windows\assembly\GAC\QBWCInterfaces\2.1.0.27__82cc56431f1a971d\QBWCInterfaces.dll
+ 2012-01-02 18:20 . 2012-01-02 18:20 77824 c:\windows\assembly\GAC\IEProtocol\2.1.0.27__82cc56431f1a971d\IEProtocol.dll
- 2010-10-21 21:58 . 2011-12-28 23:13 6044 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-10-21 21:58 . 2012-01-02 19:45 6044 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-04 22:38 . 2012-01-04 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-02 02:48 . 2012-01-02 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-02 02:48 . 2012-01-02 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-04 22:38 . 2012-01-04 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-20 06:33 . 2011-08-20 06:33 8040 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\quickbooksmsgs.dll
+ 2011-08-20 03:02 . 2011-08-20 03:02 5120 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\managedutilities.dll
+ 2010-10-03 01:53 . 2012-01-04 22:23 219198 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-01-01 02:42 663894 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-04 22:26 663894 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-01 02:42 122472 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-04 22:26 122472 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-01-04 22:38 403192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-02 01:42 403192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut92_995982DA6F5147D0B263EACCBFB80EEC.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut92_995982DA6F5147D0B263EACCBFB80EEC.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut911_52BC2593A7AD474C89760DD3095F858D.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut911_52BC2593A7AD474C89760DD3095F858D.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut82_C55036898DFD4AC78FAF03E64357D1C5.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut82_C55036898DFD4AC78FAF03E64357D1C5.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut811_35DFAD5C171D44088EAA810BD0A23520.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut811_35DFAD5C171D44088EAA810BD0A23520.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut72_CAD273ADB04649A6BD8728786328AA87.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut72_CAD273ADB04649A6BD8728786328AA87.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut711_017ECA06492B42F79CDC1E5C8EA0D4DB.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut711_017ECA06492B42F79CDC1E5C8EA0D4DB.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut52_0BE5792C876246FC9ABE69B6DDA308A3.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut52_0BE5792C876246FC9ABE69B6DDA308A3.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut511_C00D6FDD7F0C4313938DD0B302929D40.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut511_C00D6FDD7F0C4313938DD0B302929D40.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut42_3242FA92AA814582BF8F363E375E2617.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut42_3242FA92AA814582BF8F363E375E2617.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut411_D7FFEBDC368A4660B7F21BA64BFCD866.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut411_D7FFEBDC368A4660B7F21BA64BFCD866.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut32_F9B129D0055B4A3694BB83B45342EB06.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut32_F9B129D0055B4A3694BB83B45342EB06.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut311_4604B4259921471B96EC624AFEA12F1B.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut311_4604B4259921471B96EC624AFEA12F1B.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut29_64E38A90B85F447EA9D42C14DFF7B399.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut29_64E38A90B85F447EA9D42C14DFF7B399.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut211_8C085A93DB0043388676173D40A360A3.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut211_8C085A93DB0043388676173D40A360A3.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut102_5644560183D14A7B8DC5AA115758DEAA.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut102_5644560183D14A7B8DC5AA115758DEAA.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1011_5774C111B8F246B0AFB1F71F20FF4E67.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1011_5774C111B8F246B0AFB1F71F20FF4E67.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2011-12-15 18:23 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-12-15 18:23 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1_5DDC3DFBB658402487936E98D3651BFD.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\NewShortcut1_5DDC3DFBB658402487936E98D3651BFD.exe
- 2011-10-06 14:47 . 2012-01-01 03:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\IntuitDataProtect__04F38842ABCB4C6DB4AA98780DA65B97.exe
+ 2011-10-06 14:47 . 2012-01-02 18:21 335872 c:\windows\Installer\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}\IntuitDataProtect__04F38842ABCB4C6DB4AA98780DA65B97.exe

 

[laladawn]

Combofix log part 2

+ 2011-08-20 06:33 . 2011-08-20 06:33 479080 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\StopQBServer.dll
+ 2011-08-20 05:58 . 2011-08-20 05:58 155648 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\SSCE5232.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 745320 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBXMLRP2.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 121192 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBVersionTool.dll
+ 2011-08-20 06:34 . 2011-08-20 06:34 740712 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBUServiceMgr.dll
+ 2011-08-20 06:32 . 2011-08-20 06:32 268136 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbserverutilitymgr.exe
+ 2011-08-20 06:34 . 2011-08-20 06:34 567144 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBMsgRequestMgr.dll
+ 2011-08-20 06:34 . 2011-08-20 06:34 186728 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBMsgMgr.exe
+ 2011-08-20 06:33 . 2011-08-20 06:33 588648 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbmas32.dll
+ 2011-08-20 06:32 . 2011-08-20 06:32 784744 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBLaunch.exe
+ 2011-08-20 06:33 . 2011-08-20 06:33 786792 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\QBInstanceFinder.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 196968 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexcel2007reportupdater.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 190824 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbexcel2003reportupdater.dll
+ 2011-08-20 05:58 . 2011-08-20 05:58 143360 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\OLBService.dll
+ 2011-08-20 06:32 . 2011-08-20 06:32 263016 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\CoLocator2.dll
+ 2011-08-20 06:32 . 2011-08-20 06:32 268136 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\addinmgr2.dll
+ 2012-01-02 18:21 . 2012-01-02 18:21 143704 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmController\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmController.dll
- 2011-12-15 18:21 . 2011-12-15 18:21 143704 c:\windows\assembly\GAC_32\Intuit.Qfm.QfmController\1.0.0.0__5b3f47ba29970ccb\Intuit.Qfm.QfmController.dll
+ 2011-08-20 05:58 . 2011-08-20 05:58 1916928 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\xerces_c_2_5_0_qb.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 1165672 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\sdksubscription.dll
+ 2011-08-20 06:33 . 2011-08-20 06:33 7032168 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbwps.dll
+ 2011-08-20 06:34 . 2011-08-20 06:34 1175912 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\qbupdate.exe
+ 2011-08-20 02:31 . 2011-08-20 02:31 1874264 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\intuitsyncmanager.exe
+ 2011-08-20 02:31 . 2011-08-20 02:31 5828952 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\intuitdataprotect.exe
- 2009-07-14 02:34 . 2012-01-02 00:11 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-04 19:43 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-11-06 00:38 . 2012-01-04 22:38 16878027 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1119411891-2864457860-3248121356-1000-12288.dat
+ 2011-12-15 18:39 . 2011-12-15 18:39 76823552 c:\windows\Installer\a2c79c.msp
+ 2011-12-15 18:39 . 2011-12-15 18:39 36010496 c:\windows\Installer\a2c79b.msp
+ 2011-12-15 18:39 . 2011-12-15 18:39 49972224 c:\windows\Installer\a2c79a.msp
+ 2011-08-20 06:33 . 2011-08-20 06:33 22429544 c:\windows\Installer\$PatchCache$\Managed\1D202E527E8DFA644B0B51D799399AE3\22.0.4001\sdkparse.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2011-12-14 34496]
"FileVault.exe"="c:\program files (x86)\FileVault\FileVault.exe" [2008-10-01 108032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
.
c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-10 1156216]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20111228.001\IDSvia64.sys [2011-12-14 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2011-09-20 1185008]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2009-12-07 1590216]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-15 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000Core.job
- c:\users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 23:30]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000UA.job
- c:\users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 23:30]
.
2012-01-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-08 413720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: live.com\mail
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Clifford Adventure - c:\windows\system32\Clifford Uninstall.exe
AddRemove-Clifford Reading - c:\windows\system32\Clifford Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1119411891-2864457860-3248121356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1119411891-2864457860-3248121356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-01-04 18:02:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 23:02
.
Pre-Run: 404,729,798,656 bytes free
Post-Run: 404,306,739,200 bytes free
.
- - End Of File - - 05E96B9EF5A09A7638BFF2E3B7C03EA6

 

[Broni]

Which browser is getting redirected?

 

[laladawn]

IE and Google Chrome

msn search, bing search, norton search

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[laladawn]

bootkit screen

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`afd00000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

OK...

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

• Double click on downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log (FRST.txt) on your desktop.
• Please copy and paste it to your reply.

 

[laladawn]

FRST log part 1

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by Dawn at 2012-01-04 22:23:13
Running from C:\Users\Dawn\Desktop
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-04 22:22 - 2012-01-04 22:23 - 0000000 ____D C:\FRST
2012-01-04 22:21 - 2012-01-04 22:21 - 1378579 ____A C:\Users\Dawn\Desktop\FRST64.exe
2012-01-04 22:09 - 2012-01-04 22:09 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{a5d48fbf-3536-11e0-9aba-f04da24400aa}.TxR.blf
2012-01-04 20:38 - 2012-01-04 20:38 - 0000000 ____D C:\Users\Dawn\Desktop\bootkit_remover
2012-01-04 20:36 - 2012-01-04 20:36 - 0044607 ____A C:\Users\Dawn\Desktop\bootkit_remover.zip
2012-01-04 20:22 - 2012-01-04 20:22 - 0019233 ____A C:\Windows\System32\hs_err_pid1636.log
2012-01-04 18:39 - 2012-01-04 18:39 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-04 18:02 - 2012-01-04 18:02 - 0055739 ____A C:\ComboFix.txt
2012-01-04 15:44 - 2012-01-04 18:03 - 0000000 ____D C:\ComboFix
2012-01-04 13:13 - 2012-01-04 13:13 - 4369970 ____R (Swearware) C:\Users\Dawn\Desktop\ComboFix.exe
2012-01-04 13:12 - 2012-01-04 13:12 - 0001946 ____A C:\Users\Dawn\Desktop\aswMBR.txt
2012-01-04 13:12 - 2012-01-04 13:12 - 0000512 ____A C:\Users\Dawn\Desktop\MBR.dat
2012-01-04 12:39 - 2012-01-04 12:39 - 4704768 ____A (AVAST Software) C:\Users\Dawn\Desktop\aswMBR.exe
2012-01-04 00:56 - 2012-01-04 00:56 - 0607260 ____R (Swearware) C:\Users\Dawn\Downloads\dds.scr
2012-01-04 00:45 - 2012-01-04 00:45 - 0294216 ____A C:\Users\Dawn\Desktop\gmer.zip
2012-01-03 23:49 - 2012-01-03 23:49 - 0000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2012-01-02 21:26 - 2012-01-02 21:26 - 0000000 ____D C:\1 AICPA PCPS Flash Drive
2012-01-01 22:29 - 2012-01-01 22:29 - 0000512 ____A C:\original.mbr
2012-01-01 21:07 - 2011-06-26 01:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-01 21:07 - 2010-11-07 12:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-01 21:07 - 2009-04-19 23:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-01 21:07 - 2000-08-30 19:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-01 21:07 - 2000-08-30 19:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-01 21:07 - 2000-08-30 19:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-01 21:07 - 2000-08-30 19:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-01 21:07 - 2000-08-30 19:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-01 21:01 - 2012-01-01 21:58 - 0000000 ____D C:\Windows\ERDNT
2012-01-01 20:59 - 2012-01-04 18:03 - 0000000 ____D C:\Qoobox
2011-12-31 23:49 - 2011-12-31 23:49 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\Malwarebytes
2011-12-31 23:48 - 2012-01-01 19:23 - 0001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2011-12-31 23:48 - 2012-01-01 19:23 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-31 23:44 - 2011-12-31 23:44 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Dawn\Downloads\mbam-clean.exe
2011-12-31 22:22 - 2011-12-31 22:22 - 0002001 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
2011-12-31 20:44 - 2011-12-31 20:44 - 0019182 ____A C:\Windows\System32\hs_err_pid1340.log
2011-12-27 16:50 - 2011-12-30 10:29 - 0049664 ____A C:\Users\Dawn\Desktop\Becker Schedule 2012.xls
2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{B55956D2-E02F-4674-AA15-143F0E05ADCE}
2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{6FDDD61B-D685-4441-8C4E-CE1EBBACE07E}
2011-12-22 15:01 - 2011-12-22 15:01 - 0019145 ____A C:\Windows\System32\hs_err_pid1396.log
2011-12-22 11:44 - 2011-12-22 11:44 - 0296448 ____A C:\Users\Dawn\Downloads\Plan Designs- HRAs.doc
2011-12-19 07:52 - 2011-12-19 07:52 - 0019356 ____A C:\Windows\System32\hs_err_pid1580.log
2011-12-18 13:27 - 2011-12-18 13:27 - 0019188 ____A C:\Windows\System32\hs_err_pid1164.log
2011-12-17 09:15 - 2012-01-01 20:43 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2011-12-17 09:15 - 2012-01-01 20:43 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2011-12-16 06:49 - 2011-12-16 06:49 - 0019187 ____A C:\Windows\System32\hs_err_pid4156.log
2011-12-15 14:26 - 2011-11-24 00:00 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-15 14:26 - 2011-11-05 00:17 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-15 14:26 - 2011-11-04 23:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-15 14:26 - 2011-10-26 00:19 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-15 14:26 - 2011-10-15 01:25 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-15 14:26 - 2011-10-15 00:48 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-15 14:24 - 2011-10-03 05:06 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-12-15 14:24 - 2011-10-03 05:06 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-12-15 14:24 - 2011-10-03 05:06 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-12-15 14:22 - 2011-12-15 14:24 - 0004416 ____A C:\Windows\SysWOW64\jupdate-1.6.0_29-b11.log
2011-12-15 13:23 - 2011-12-31 22:22 - 0002405 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
2011-12-15 13:23 - 2011-12-31 22:22 - 0002192 ____A C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
2011-12-15 13:23 - 2011-12-31 22:22 - 0002152 ____A C:\Users\Public\Desktop\QuickBooks Premier - Accountant Edition 2012.lnk
2011-12-15 13:23 - 2011-12-31 22:22 - 0002126 ____A C:\Users\Public\Desktop\QuickBooks File Manager 2012.lnk
2011-12-15 13:19 - 2011-12-22 10:54 - 0000000 ____D C:\Users\All Users\Intuit
2011-12-15 13:19 - 2011-12-22 10:54 - 0000000 ____D C:\ProgramData\Intuit
2011-12-15 13:19 - 2011-12-15 13:21 - 0000000 ____D C:\Program Files (x86)\Intuit
2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\Public\Documents\Intuit
2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\All Users\Nuance
2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\ProgramData\Nuance
2011-12-15 10:26 - 2011-12-15 10:26 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-12-15 10:25 - 2011-12-15 10:25 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 10:25 - 2011-12-15 10:25 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-15 10:25 - 2011-12-15 10:25 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-15 10:25 - 2011-12-15 10:25 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 10:25 - 2011-12-15 10:25 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-12-15 10:25 - 2011-12-15 10:25 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-12-15 10:25 - 2011-12-15 10:25 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-12-15 10:25 - 2011-12-15 10:25 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-15 10:22 - 2011-12-15 10:22 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2011-12-15 10:22 - 2011-12-15 10:22 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2011-12-15 10:22 - 2011-12-15 10:22 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2011-12-15 10:19 - 2011-12-15 10:27 - 0008918 ____A C:\Windows\IE9_main.log
2011-12-15 02:15 - 2011-12-15 02:15 - 0000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2011-12-14 21:20 - 2011-12-15 00:22 - 0002359 ____A C:\Users\Public\Desktop\Norton 360.lnk
2011-12-14 21:20 - 2011-12-14 22:03 - 0000000 ____D C:\Program Files\Symantec
2011-12-14 21:20 - 2011-12-14 22:02 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2011-12-14 21:20 - 2011-12-14 22:02 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2011-12-14 21:20 - 2011-12-14 22:02 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2011-12-14 21:20 - 2011-12-14 21:20 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-14 21:19 - 2011-12-15 00:23 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-12-14 21:19 - 2011-12-14 21:19 - 0000000 ____D C:\Program Files (x86)\Norton 360
2011-12-14 21:17 - 2011-12-14 21:17 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2011-12-14 19:45 - 2011-12-14 19:45 - 0001633 ____A C:\Users\Dawn\Desktop\EXCEL - Shortcut.lnk
2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\WINWORD - Shortcut.lnk
2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\ONENOTE - Shortcut.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001664 ____A C:\Users\Dawn\Desktop\POWERPNT - Shortcut.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001653 ____A C:\Users\Dawn\Desktop\OUTLOOK - Shortcut.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0000000 ____D C:\Users\Dawn\Documents\OneNote Notebooks
2011-12-14 14:52 - 2011-12-14 14:52 - 0180745 ____A C:\Users\Dawn\Desktop\EasyTech Work Order 2013458972 Ticket 12742220 Receipt.mht
2011-12-14 14:48 - 2011-12-14 14:48 - 0002061 ____A C:\Users\Dawn\Desktop\EasyTech Solutions Toolkit Report Wednesday, December 14, 2011 2_47_59 PM.lnk
2011-12-14 14:47 - 2011-12-14 14:47 - 0000000 ____D C:\Users\Dawn\Documents\STK
2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\Start Menu\Programs\Startup\AutorunsDisabled
2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
2011-12-14 10:39 - 2012-01-01 22:44 - 0000000 ____D C:\Program Files (x86)\smartmontools
2011-12-14 10:35 - 2012-01-01 22:45 - 0000000 ____D C:\Users\All Users\support.com
2011-12-14 10:35 - 2012-01-01 22:45 - 0000000 ____D C:\ProgramData\support.com
2011-12-14 10:28 - 2012-01-02 10:23 - 0000000 ____D C:\Program Files (x86)\supportdotcom
2011-12-14 10:28 - 2011-12-14 10:28 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\supportdotcom

 

[laladawn]

FRST log part 2

2011-12-11 21:05 - 2011-12-11 21:05 - 0000000 ____D C:\Users\Dawn\AppData\Local\{BF574E78-DC61-48DE-A5F6-F2659A30E10A}
2011-12-09 22:23 - 2011-11-15 14:29 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-12-08 11:38 - 2011-12-08 11:38 - 0000000 ____D C:\Users\Dawn\AppData\Local\McAfee Anti-Theft
2011-12-08 11:21 - 2011-12-08 11:25 - 202496592 ____A (McAfee, Inc.) C:\Users\Dawn\Documents\2012_US_MTP_3U_1YEAR_PAID_312_OG_2242_User.exe
2011-12-05 19:58 - 2011-12-05 19:58 - 0016084 ____A C:\Users\Dawn\Downloads\gameloader.dcr

============ 3 Months Modified Files and Folders =============

2012-01-04 22:23 - 2012-01-04 22:22 - 0000000 ____D C:\FRST
2012-01-04 22:21 - 2012-01-04 22:21 - 1378579 ____A C:\Users\Dawn\Desktop\FRST64.exe
2012-01-04 22:19 - 2009-07-14 00:13 - 0784304 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-04 22:09 - 2012-01-04 22:09 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{a5d48fbf-3536-11e0-9aba-f04da24400aa}.TxR.blf
2012-01-04 21:35 - 2011-12-02 18:30 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000UA.job
2012-01-04 20:55 - 2009-07-14 00:10 - 1302008 ____A C:\Windows\WindowsUpdate.log
2012-01-04 20:39 - 2009-07-13 23:45 - 0014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-04 20:39 - 2009-07-13 23:45 - 0014240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-04 20:38 - 2012-01-04 20:38 - 0000000 ____D C:\Users\Dawn\Desktop\bootkit_remover
2012-01-04 20:36 - 2012-01-04 20:36 - 0044607 ____A C:\Users\Dawn\Desktop\bootkit_remover.zip
2012-01-04 20:30 - 2010-10-02 14:50 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-01-04 20:30 - 2010-10-02 14:50 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-01-04 20:30 - 2010-08-19 01:50 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-01-04 20:29 - 2011-02-25 10:24 - 0182583 ____A C:\Users\Dawn\Documents\WorkspaceUpdate.log
2012-01-04 20:29 - 2010-10-29 14:48 - 0345438 ____A C:\Windows\offSyncService.log
2012-01-04 20:29 - 2010-08-19 03:17 - 3061186560 __ASH C:\hiberfil.sys
2012-01-04 20:29 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-04 20:29 - 2009-07-13 23:51 - 0076444 ____A C:\Windows\setupact.log
2012-01-04 20:27 - 2011-09-08 12:25 - 5855232 ____A C:\Windows\ntbtlog.txt
2012-01-04 20:22 - 2012-01-04 20:22 - 0019233 ____A C:\Windows\System32\hs_err_pid1636.log
2012-01-04 18:39 - 2012-01-04 18:39 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-04 18:03 - 2012-01-04 15:44 - 0000000 ____D C:\ComboFix
2012-01-04 18:03 - 2012-01-01 20:59 - 0000000 ____D C:\Qoobox
2012-01-04 18:02 - 2012-01-04 18:02 - 0055739 ____A C:\ComboFix.txt
2012-01-04 17:40 - 2009-07-13 21:34 - 0000215 ____A C:\Windows\system.ini
2012-01-04 17:39 - 2009-07-13 21:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-04 17:38 - 2010-08-19 03:17 - 1402352 ____A C:\Windows\PFRO.log
2012-01-04 15:03 - 2011-02-25 10:24 - 1046874 ____A C:\Users\Dawn\Documents\WorkspaceInstall.log
2012-01-04 13:13 - 2012-01-04 13:13 - 4369970 ____R (Swearware) C:\Users\Dawn\Desktop\ComboFix.exe
2012-01-04 13:12 - 2012-01-04 13:12 - 0001946 ____A C:\Users\Dawn\Desktop\aswMBR.txt
2012-01-04 13:12 - 2012-01-04 13:12 - 0000512 ____A C:\Users\Dawn\Desktop\MBR.dat
2012-01-04 12:39 - 2012-01-04 12:39 - 4704768 ____A (AVAST Software) C:\Users\Dawn\Desktop\aswMBR.exe
2012-01-04 00:56 - 2012-01-04 00:56 - 0607260 ____R (Swearware) C:\Users\Dawn\Downloads\dds.scr
2012-01-04 00:45 - 2012-01-04 00:45 - 0294216 ____A C:\Users\Dawn\Desktop\gmer.zip
2012-01-04 00:21 - 2010-10-02 14:44 - 0000000 ____D C:\users\Dawn
2012-01-03 23:49 - 2012-01-03 23:49 - 0000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2012-01-02 21:26 - 2012-01-02 21:26 - 0000000 ____D C:\1 AICPA PCPS Flash Drive
2012-01-02 16:56 - 2010-10-12 12:59 - 0000000 ____D C:\Users\Dawn\AppData\Local\ElevatedDiagnostics
2012-01-02 14:06 - 2011-01-14 12:45 - 36114432 ___RA C:\Users\Dawn\Documents\Hill Family.QBW
2012-01-02 14:06 - 2010-12-28 09:51 - 0327680 ___RA C:\Users\Dawn\Documents\Hill Family.QBW.TLG
2012-01-02 14:06 - 2010-10-03 15:52 - 0000341 ____A C:\Users\Dawn\Documents\Hill Family.QBW.ND
2012-01-02 14:01 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-02 13:22 - 2011-01-14 12:36 - 0000090 ____A C:\Windows\QBChanUtil_Trigger.ini
2012-01-02 10:23 - 2011-12-14 10:28 - 0000000 ____D C:\Program Files (x86)\supportdotcom
2012-01-01 23:41 - 2010-10-28 00:48 - 0000000 ____D C:\Keller
2012-01-01 22:45 - 2011-12-14 10:35 - 0000000 ____D C:\Users\All Users\support.com
2012-01-01 22:45 - 2011-12-14 10:35 - 0000000 ____D C:\ProgramData\support.com
2012-01-01 22:44 - 2011-12-14 10:39 - 0000000 ____D C:\Program Files (x86)\smartmontools
2012-01-01 22:29 - 2012-01-01 22:29 - 0000512 ____A C:\original.mbr
2012-01-01 22:15 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Default
2012-01-01 22:14 - 2009-07-13 22:20 - 0000000 ___RD C:\users\Public
2012-01-01 21:58 - 2012-01-01 21:01 - 0000000 ____D C:\Windows\ERDNT
2012-01-01 20:43 - 2011-12-17 09:15 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-01-01 20:43 - 2011-12-17 09:15 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-01-01 19:23 - 2011-12-31 23:48 - 0001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-01 19:23 - 2011-12-31 23:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-01 18:35 - 2011-12-02 18:30 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1119411891-2864457860-3248121356-1000Core.job
2012-01-01 17:56 - 2009-07-14 00:08 - 0032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-31 23:49 - 2011-12-31 23:49 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\Malwarebytes
2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-31 23:48 - 2011-12-31 23:48 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-31 23:47 - 2010-10-02 14:44 - 0114784 ____A C:\Users\Dawn\AppData\Local\GDIPFONTCACHEV1.DAT
2011-12-31 23:46 - 2009-07-13 23:45 - 0434744 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-31 23:44 - 2011-12-31 23:44 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Dawn\Downloads\mbam-clean.exe
2011-12-31 22:22 - 2011-12-31 22:22 - 0002001 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
2011-12-31 22:22 - 2011-12-15 13:23 - 0002405 ____A C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
2011-12-31 22:22 - 2011-12-15 13:23 - 0002192 ____A C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
2011-12-31 22:22 - 2011-12-15 13:23 - 0002152 ____A C:\Users\Public\Desktop\QuickBooks Premier - Accountant Edition 2012.lnk
2011-12-31 22:22 - 2011-12-15 13:23 - 0002126 ____A C:\Users\Public\Desktop\QuickBooks File Manager 2012.lnk
2011-12-31 20:44 - 2011-12-31 20:44 - 0019182 ____A C:\Windows\System32\hs_err_pid1340.log
2011-12-30 14:08 - 2011-07-02 10:03 - 0000000 ____D C:\Program Files (x86)\Plants vs Zombies
2011-12-30 10:29 - 2011-12-27 16:50 - 0049664 ____A C:\Users\Dawn\Desktop\Becker Schedule 2012.xls
2011-12-28 18:12 - 2010-10-02 15:12 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\SoftGrid Client
2011-12-27 19:09 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2011-12-27 16:50 - 2010-12-27 15:47 - 0049664 ____A C:\Users\Dawn\Desktop\Becker Schedule 2011.xls
2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{B55956D2-E02F-4674-AA15-143F0E05ADCE}
2011-12-26 15:48 - 2011-12-26 15:48 - 0000000 ____D C:\Users\Dawn\AppData\Local\{6FDDD61B-D685-4441-8C4E-CE1EBBACE07E}
2011-12-22 15:01 - 2011-12-22 15:01 - 0019145 ____A C:\Windows\System32\hs_err_pid1396.log
2011-12-22 11:44 - 2011-12-22 11:44 - 0296448 ____A C:\Users\Dawn\Downloads\Plan Designs- HRAs.doc
2011-12-22 10:54 - 2011-12-15 13:19 - 0000000 ____D C:\Users\All Users\Intuit
2011-12-22 10:54 - 2011-12-15 13:19 - 0000000 ____D C:\ProgramData\Intuit
2011-12-22 09:52 - 2011-05-05 09:09 - 0000000 ____D C:\Users\Dawn\AppData\Local\CrashDumps
2011-12-22 09:46 - 2010-10-27 09:33 - 0000000 ____D C:\Users\Dawn\AppData\Local\Windows Live
2011-12-21 12:23 - 2010-11-16 09:18 - 0000000 ____D C:\Users\Dawn\Documents\My Scans
2011-12-19 07:52 - 2011-12-19 07:52 - 0019356 ____A C:\Windows\System32\hs_err_pid1580.log
2011-12-18 13:27 - 2011-12-18 13:27 - 0019188 ____A C:\Windows\System32\hs_err_pid1164.log
2011-12-17 09:15 - 2011-05-25 09:35 - 0000000 ____D C:\Program Files\Dell Support Center
2011-12-17 09:15 - 2010-08-19 01:26 - 0000000 ____D C:\Users\All Users\Dell
2011-12-17 09:15 - 2010-08-19 01:26 - 0000000 ____D C:\ProgramData\Dell
2011-12-16 16:18 - 2011-08-30 12:55 - 0000000 ____D C:\Users\Dawn\Desktop\Jaydon's Items
2011-12-16 08:33 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2011-12-16 06:49 - 2011-12-16 06:49 - 0019187 ____A C:\Windows\System32\hs_err_pid4156.log
2011-12-15 16:28 - 2010-11-05 19:19 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-15 16:28 - 2010-11-05 19:19 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-15 16:26 - 2010-10-12 13:26 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-15 14:24 - 2011-12-15 14:22 - 0004416 ____A C:\Windows\SysWOW64\jupdate-1.6.0_29-b11.log
2011-12-15 14:24 - 2010-08-19 01:24 - 0000000 ____D C:\Program Files (x86)\Java
2011-12-15 13:21 - 2011-12-15 13:19 - 0000000 ____D C:\Program Files (x86)\Intuit
2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\Public\Documents\Intuit
2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\Users\All Users\Nuance
2011-12-15 13:19 - 2011-12-15 13:19 - 0000000 ____D C:\ProgramData\Nuance
2011-12-15 13:03 - 2010-10-03 15:14 - 0000000 ____D C:\Program Files (x86)\Intuit (Old)
2011-12-15 12:18 - 2011-09-01 12:05 - 0000000 ____D C:\Program Files (x86)\Workspace
2011-12-15 10:36 - 2011-12-02 18:36 - 0002369 ____A C:\Users\Dawn\Desktop\Google Chrome.lnk
2011-12-15 10:27 - 2011-12-15 10:19 - 0008918 ____A C:\Windows\IE9_main.log
2011-12-15 10:27 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-12-15 10:26 - 2011-12-15 10:26 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-12-15 10:25 - 2011-12-15 10:25 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2011-12-15 10:25 - 2011-12-15 10:25 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 10:25 - 2011-12-15 10:25 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 10:25 - 2011-12-15 10:25 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-15 10:25 - 2011-12-15 10:25 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-15 10:25 - 2011-12-15 10:25 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 10:25 - 2011-12-15 10:25 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-12-15 10:25 - 2011-12-15 10:25 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2011-12-15 10:25 - 2011-12-15 10:25 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2011-12-15 10:25 - 2011-12-15 10:25 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2011-12-15 10:25 - 2011-12-15 10:25 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-12-15 10:25 - 2011-12-15 10:25 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-12-15 10:25 - 2011-12-15 10:25 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-15 10:22 - 2011-12-15 10:22 - 0982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2011-12-15 10:22 - 2011-12-15 10:22 - 0265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2011-12-15 10:22 - 2011-12-15 10:22 - 0144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2011-12-15 02:15 - 2011-12-15 02:15 - 0000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2011-12-15 00:23 - 2011-12-14 21:19 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2011-12-15 00:22 - 2011-12-14 21:20 - 0002359 ____A C:\Users\Public\Desktop\Norton 360.lnk
2011-12-14 22:03 - 2011-12-14 21:20 - 0000000 ____D C:\Program Files\Symantec
2011-12-14 22:02 - 2011-12-14 21:20 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2011-12-14 22:02 - 2011-12-14 21:20 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2011-12-14 22:02 - 2011-12-14 21:20 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2011-12-14 21:20 - 2011-12-14 21:20 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-12-14 21:19 - 2011-12-14 21:19 - 0000000 ____D C:\Program Files (x86)\Norton 360
2011-12-14 21:17 - 2011-12-14 21:17 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2011-12-14 21:12 - 2010-08-19 02:00 - 0000000 ____D C:\Users\All Users\McAfee
2011-12-14 21:12 - 2010-08-19 02:00 - 0000000 ____D C:\ProgramData\McAfee
2011-12-14 21:12 - 2010-08-19 02:00 - 0000000 ____D C:\Program Files (x86)\McAfee
2011-12-14 19:47 - 2010-10-03 15:14 - 0000000 ____D C:\Users\All Users\Intuit (Old)
2011-12-14 19:47 - 2010-10-03 15:14 - 0000000 ____D C:\ProgramData\Intuit (Old)
2011-12-14 19:45 - 2011-12-14 19:45 - 0001633 ____A C:\Users\Dawn\Desktop\EXCEL - Shortcut.lnk
2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\WINWORD - Shortcut.lnk
2011-12-14 19:44 - 2011-12-14 19:44 - 0001653 ____A C:\Users\Dawn\Desktop\ONENOTE - Shortcut.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001664 ____A C:\Users\Dawn\Desktop\POWERPNT - Shortcut.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001653 ____A C:\Users\Dawn\Desktop\OUTLOOK - Shortcut.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0001281 ____A C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2011-12-14 19:43 - 2011-12-14 19:43 - 0000000 ____D C:\Users\Dawn\Documents\OneNote Notebooks
2011-12-14 14:52 - 2011-12-14 14:52 - 0180745 ____A C:\Users\Dawn\Desktop\EasyTech Work Order 2013458972 Ticket 12742220 Receipt.mht
2011-12-14 14:48 - 2011-12-14 14:48 - 0002061 ____A C:\Users\Dawn\Desktop\EasyTech Solutions Toolkit Report Wednesday, December 14, 2011 2_47_59 PM.lnk
2011-12-14 14:47 - 2011-12-14 14:47 - 0000000 ____D C:\Users\Dawn\Documents\STK
2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\Start Menu\Programs\Startup\AutorunsDisabled
2011-12-14 14:23 - 2011-12-14 14:23 - 0000000 ___HD C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
2011-12-14 10:28 - 2011-12-14 10:28 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\supportdotcom
2011-12-11 21:05 - 2011-12-11 21:05 - 0000000 ____D C:\Users\Dawn\AppData\Local\{BF574E78-DC61-48DE-A5F6-F2659A30E10A}
2011-12-09 22:39 - 2009-07-13 21:34 - 0000545 ____A C:\Windows\win.ini
2011-12-08 11:38 - 2011-12-08 11:38 - 0000000 ____D C:\Users\Dawn\AppData\Local\McAfee Anti-Theft
2011-12-08 11:25 - 2011-12-08 11:21 - 202496592 ____A (McAfee, Inc.) C:\Users\Dawn\Documents\2012_US_MTP_3U_1YEAR_PAID_312_OG_2242_User.exe
2011-12-08 11:13 - 2011-04-11 07:07 - 0000000 ____D C:\Users\All Users\Norton
2011-12-08 11:13 - 2011-04-11 07:07 - 0000000 ____D C:\ProgramData\Norton
2011-12-08 02:25 - 2011-09-15 07:22 - 0000854 ____A C:\Users\Dawn\Desktop\TestGen Tests.lnk
2011-12-05 20:24 - 2011-11-21 19:01 - 0020411 ____A C:\Users\Dawn\Documents\Jaydon Short Story.docx
2011-12-05 19:58 - 2011-12-05 19:58 - 0016084 ____A C:\Users\Dawn\Downloads\gameloader.dcr
2011-12-04 22:13 - 2011-12-04 22:13 - 0016287 ____A C:\Users\Dawn\Documents\Student Leaders.docx
2011-12-04 22:07 - 2011-12-04 22:07 - 0400098 ____A C:\Users\Dawn\Desktop\activities.pdf
2011-12-02 19:17 - 2011-12-02 19:17 - 0606552 ____A (Google Inc.) C:\Users\Dawn\Downloads\GoogleEarthPluginSetup.exe
2011-12-02 18:36 - 2011-12-02 18:30 - 0000000 ____D C:\Users\Dawn\AppData\Local\Google
2011-12-02 18:30 - 2011-01-21 09:39 - 0000000 ____D C:\Users\Dawn\AppData\Local\Deployment
2011-12-01 12:10 - 2011-12-01 12:10 - 0000000 ___SD C:\Users\Dawn\Documents\My Data Sources
2011-12-01 11:35 - 2010-10-29 14:49 - 0001096 ____A C:\Users\Dawn\Desktop\desktoptools.lnk
2011-11-29 12:25 - 2011-11-29 12:21 - 0000000 ____D C:\Users\Dawn\AppData\Roaming\iYogi
2011-11-29 12:25 - 2011-11-29 12:20 - 0000000 ____D C:\Program Files (x86)\iYogi Support Dock
2011-11-29 12:21 - 2011-11-29 12:21 - 0000000 ____D C:\Users\Dawn\Desktop\SPC_Report
2011-11-28 11:40 - 2010-11-17 11:41 - 0327680 ___RA C:\DB Hill, CPA, LLC.QBW.TLG
2011-11-28 11:40 - 2010-10-21 11:12 - 13160448 ___RA C:\DB Hill, CPA, LLC.QBW
2011-11-28 11:40 - 2010-10-21 11:12 - 0000326 ____A C:\DB Hill, CPA, LLC.QBW.nd
2011-11-24 10:57 - 2010-08-19 01:37 - 0000000 ____D C:\Users\All Users\PCDr
2011-11-24 10:57 - 2010-08-19 01:37 - 0000000 ____D C:\ProgramData\PCDr
2011-11-24 10:55 - 2011-11-24 10:55 - 0000000 ____D C:\NVIDIA
2011-11-24 00:00 - 2011-12-15 14:26 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-18 12:14 - 2011-11-18 12:14 - 0000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2011-11-18 12:14 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2011-11-16 21:04 - 2011-11-16 21:04 - 0001218 ____A C:\Users\Dawn\Desktop\Clifford Reading.lnk
2011-11-16 21:04 - 2011-11-16 21:04 - 0000097 ____A C:\Windows\CR.ini
2011-11-16 21:04 - 2011-11-16 15:22 - 0069632 ____A C:\Windows\SysWOW64\Clifford Uninstall.exe
2011-11-16 21:04 - 2011-11-16 15:22 - 0000000 ____D C:\Program Files\Scholastic's Clifford
2011-11-16 15:23 - 2011-11-16 15:23 - 0001240 ____A C:\Users\Dawn\Desktop\Clifford Thinking Adventures.lnk
2011-11-16 15:23 - 2011-11-16 15:22 - 0000091 ____A C:\Windows\CBP.INI
2011-11-15 14:29 - 2011-12-09 22:23 - 0270720 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-11-10 03:21 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-05 00:17 - 2011-12-15 14:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 23:30 - 2011-12-15 14:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-01 17:41 - 2011-11-01 17:41 - 0199348 ____A C:\Windows\SysWOW64\mlfcache.dat
2011-10-26 00:19 - 2011-12-15 14:26 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-18 14:23 - 2011-09-17 11:05 - 0013286 ____A C:\Users\Dawn\Desktop\Menu.docx
2011-10-15 01:25 - 2011-12-15 14:26 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-15 00:48 - 2011-12-15 14:26 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-13 12:15 - 2010-08-19 01:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-10-12 15:44 - 2011-10-12 15:44 - 0000000 ____D C:\Users\Dawn\AppData\Local\{E928A2DF-7A16-46A8-B266-11E3386E1397}
2011-10-12 15:44 - 2011-10-12 15:44 - 0000000 ____D C:\Users\Dawn\AppData\Local\{B844F1B2-DCDC-444A-B712-9DCFEB78DD2A}
2011-10-12 06:24 - 2010-10-02 14:50 - 0000000 ____D C:\Users\Dawn\AppData\Local\SoftThinks
2011-10-10 11:10 - 2011-10-10 11:10 - 0000000 ____D C:\Users\Dawn\AppData\Local\{147D7180-B519-4F65-8864-F67B668E8FF3}
2011-10-10 02:04 - 2010-10-02 15:11 - 0778520 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 42%
Total physical RAM: 3892.5 MB
Available physical RAM: 2249.98 MB
Total Pagefile: 7783.15 MB
Available Pagefile: 6046.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (DB Hill CPA) (Fixed) (Total:451.01 GB) (Free:375.53 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB
Partition 4 Primary 1016 KB 465 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C DB Hill CPA NTFS Partition 451 GB Healthy Boot

Disk: 0
Partition 4
Type : 17
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==========================================================

Last Boot: 2011-12-31 14:38

======================= End Of Log ==========================

 

[Broni]

You're infected with the newest version of TDL rootkit.

WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.

===========================================================================================

Download gparted-live-0.10.0-3.iso (115.1 MB)

Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
Boot off of the newly created Gparted CD.

You should be here:

Press Enter.

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:

Choose your language and press ENTER. English is default [33]:

Once again, at this prompt, press ENTER:

You will now be taken to the main GUI screen below:

According to your logs, the partition that you want to delete is the small partition of 1016 KB.
Click on it to highlight it.
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:

Now you should be here:

Is "boot" next to your OS drive?

If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

In the menu that pops up, place a checkmark in boot like the picture below:

Now double-click the

button.

You should receive a small pop up like this:

Choose reboot and then press OK.

Post new Bootkit Remover log.

 

[laladawn]

don't see that exact file - version 2, not 3

I see gparted-live-0.10.0-2.iso which is next to "Looking for the latest version?"

Is that the file I should download?

Thanks!

 

[Broni]

Yes................

 

[laladawn]

Stuck after deleting partition

I deleted the smallest partition that was the 1016 KB. When it rebooted, it goes through the Dell screen, then I get a black screen that says

BOOTMGR is missing
Press Ctrl + Alt + Del to restart

This just keeps looping

I did change my OS to boot like in the instructions also.

Thanks!

 

[laladawn]

More information on partitions left

This is what I see now in the Gparted after I deleted the small partition.

Partition : /dev/sda1
File System: fat16
Label: DellUtility
Size: 100.00 MiB
Used: 9.21 MiB
Unused: 90.79 MiB
Flags: diag

Partition : /dev/sda2
File System: ntfs
Label: Recovery
Size: 14.65 GiB
Used: 11.66 GiB
Unused: 2.99 GiB
Flags:

Partition : /dev/sda3 (yellow triangle with exclamation point here)
File System: ntfs
Label: DBHillCPA
Size: 451.01 GiB
Used: ------
Unused: ---------
Flags: boot

Partition: unallocated
File System: unallocated
(this is the one I deleted)

Looks strange - did I pick the wrong partition to boot from?

I still get the message from before: "BOOTMGR is missing"

Thanks again!

 

[Broni]

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

 

[laladawn]

trouble following exactly

okay, I don't have a windows disk, and I cannot get to the system recovery menu from where I am. F8 does not work at all...I have tried so many times that I have probably broken the key.

But, if I go in and change the boot to the recovery label partition in gparted, then I can get to the system recovery menu (aha! by pressing F8!)...the only thing is that once I get to the command prompt, the path is X:\windows\system32> instead of what you have listed above.

I don't know if I am where I need to be or not, but I cannot get to that menu any other way...I can go back to where I was if I just went in the wrong direction...

thanks again for your help!!

 

[Broni]

Try the command from X:\windows\system32> prompt

 

[laladawn]

after the command, it says it was completed successfully (after only a few seconds), but when it reboots, it will not load windows and it goes into this startup repair which runs, but then says it cannot repair the startup after running for about an hour...

 

[Broni]

Try Startup Repair.