1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Missing dll file, empty folders, crashes after removing virus with Norton

Discussion in 'Virus & Other Malware Removal' started by farmerlisa, Mar 25, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    After having Norton tech support remove a virus from computer using their NPC, the home screen comes up with message There was a problem starting C:\Windows\Temp The specified module could not be found. Clicking on the START button (Windows 7 Home Premium) produces the FORM, but no information or links are listed. Clicking on the Desktop>> link on the bottom of the page shows the desktop items, but shows all folders and disks as empty. There IS information on them (i.e., programs, etc) but they are not accessible. I am assuming there is still some sort of virus on this computer; it crashes intermittently, and I cannot load the AdAware program; it comes up with a message that the system administrator has set policies to prevent this installation. I was also unable to run the 3rd recommended download from your "before you post" directions, it runs it partway through and then crashes. Do you think there's any help for this, or do I have a new anchor? Any assistance or suggestions would be VERY appreciated!!! I'm attaching / copying the reports as requested in the instructions. Thank you, and hope you're having a good day :)

    Lisa

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:44:14 PM, on 3/25/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Lisa\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
    O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\Windows\TEMP\E_S8BFD.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Lisa\AppData\Local\Temp\E_SFE6D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_SD5B2.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 10816 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Lisa at 15:26:44 on 2012-03-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1949 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.1.2.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.1.2.10\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.1.2.10\coIEPlg.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No File
    uRun: [EPSON Stylus Photo R260 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibna.exe /fu "c:\windows\temp\E_S8BFD.tmp" /EF "HKCU"
    uRun: [EPSON Stylus Photo RX595 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\users\lisa\appdata\local\temp\E_SFE6D.tmp" /EF "HKCU"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_SD5B2.tmp" /EF "HKCU"
    uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Update] rundll32.exe "c:\windows\temp\",DllRegisterServer
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    dRun: [Update] rundll32.exe "c:\windows\temp\",DllRegisterServer
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: DisableTaskMgr = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F58A5EB7-E1C0-4317-BA2D-8D7E8AF53A35} : DhcpNameServer = 192.168.1.1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0601020.00a\symds.sys [2012-3-23 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0601020.00a\symefa.sys [2012-3-23 905336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-17 820856]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0601020.00a\ccsetx86.sys [2012-3-23 132744]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120323.002\IDSvix86.sys [2012-3-23 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0601020.00a\ironx86.sys [2012-3-23 149624]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0601020.00a\symnets.sys [2012-3-23 318584]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 N360;Norton 360;c:\program files\norton 360\engine\6.1.2.10\ccsvchst.exe [2012-3-23 138232]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-15 106104]
    R3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\drivers\xcbdaV.sys [2009-6-10 157568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-17 39272]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
    S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-03-24 03:14:39 84992 ----a-w- c:\windows\system32\yUuBM1gl.exe
    2012-03-24 03:14:39 84992 ----a-w- c:\windows\system32\2k3BdWRS.exe
    2012-03-24 03:14:32 84992 ----a-w- c:\programdata\cl6MFSXX.exe
    2012-03-23 22:00:24 905336 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\symefa.sys
    2012-03-23 22:00:24 574584 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\srtsp.sys
    2012-03-23 22:00:24 340088 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\symds.sys
    2012-03-23 22:00:24 32888 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\srtspx.sys
    2012-03-23 22:00:24 318584 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\symnets.sys
    2012-03-23 22:00:24 149624 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\ironx86.sys
    2012-03-23 22:00:23 132744 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\ccsetx86.sys
    2012-03-23 21:59:59 4782 ----a-w- c:\windows\system32\drivers\n360\0601020.00a\symvtcer.dat
    2012-03-23 21:59:59 -------- d-----w- c:\windows\system32\drivers\n360\0601020.00A
    2012-03-23 15:15:09 -------- d-----w- C:\w
    2012-03-23 15:15:08 -------- d-----w- C:\skins
    2012-03-23 15:15:05 -------- d-----w- C:\e
    2012-03-23 15:15:04 -------- d-----w- C:\Data
    2012-03-23 04:05:30 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-23 03:26:46 -------- d--h--w- c:\users\lisa\appdata\local\NPE
    2012-03-23 03:18:33 -------- d--h--w- c:\users\lisa\appdata\local\LogMeIn Rescue Applet
    2012-03-23 01:13:40 84992 ----a-w- c:\windows\system32\j4W3MpaK3.com
    2012-03-23 01:09:56 84992 ----a-w- c:\windows\system32\j4W3MpaK3.com_
    2012-03-23 00:44:59 -------- d--h--w- c:\users\lisa\appdata\roaming\Tific
    2012-03-19 20:01:15 -------- d-----w- c:\program files\RealNetworks
    2012-03-06 17:00:51 -------- d--h--w- c:\users\lisa\appdata\roaming\RealNetworks
    .
    ==================== Find3M ====================
    .
    2012-03-23 02:29:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-19 18:55:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-02-19 18:55:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-10 03:11:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 ->
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8709D49F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870a4740]; MOV EAX, [0x870a48b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82E8852A] -> \Device\Harddisk0\DR0[0x86A28948]
    3 CLASSPNP[0x8B97759E] -> ntkrnlpa!IofCallDriver[0x82E8852A] -> [0x862C5450]
    5 ACPI[0x8359D3D4] -> ntkrnlpa!IofCallDriver[0x82E8852A] -> \00000063[0x862C5030]
    \Driver\nvstor[0x870AF088] -> IRP_MJ_CREATE -> 0x8709D49F
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    detected disk devices:
    \Device\00000063 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-00YGA#4&1b498b83&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 15:33:54.44 ===============
     

    Attached Files:

  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Hiya and welcome to Tech Support Guy :)

    Can you firstly do this for me, as you have some files that I need to look at further:

    Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

    Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

    Let me know when they're uploaded :)


    ===================

    After doing that, can you run this tool for me:

    Download the latest version of TDSSKiller from here and save it to your Desktop.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      [​IMG]
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

      [​IMG]
    • Click the Start Scan button.

      [​IMG]
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      [​IMG]
    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

      [​IMG]
    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


    eddie
     
  3. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    Thank you so much for your response. I have done the requested tasks; compressed file is uploaded to the other site, and I ran the TDSSKiller application. The report from it is as follows (before rebooting computer, if that makes a difference):

    18:56:30.0151 5908 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    18:56:31.0169 5908 ============================================================
    18:56:31.0169 5908 Current date / time: 2012/03/26 18:56:31.0169
    18:56:31.0169 5908 SystemInfo:
    18:56:31.0169 5908
    18:56:31.0169 5908 OS Version: 6.1.7601 ServicePack: 1.0
    18:56:31.0169 5908 Product type: Workstation
    18:56:31.0169 5908 ComputerName: LISA-PC
    18:56:31.0169 5908 UserName: Lisa
    18:56:31.0169 5908 Windows directory: C:\Windows
    18:56:31.0169 5908 System windows directory: C:\Windows
    18:56:31.0169 5908 Processor architecture: Intel x86
    18:56:31.0169 5908 Number of processors: 4
    18:56:31.0169 5908 Page size: 0x1000
    18:56:31.0170 5908 Boot type: Normal boot
    18:56:31.0170 5908 ============================================================
    18:56:35.0661 5908 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:56:35.0661 5908 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:56:35.0675 5908 \Device\Harddisk0\DR0:
    18:56:35.0675 5908 MBR used
    18:56:35.0675 5908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x160025D
    18:56:35.0675 5908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160029C, BlocksNum 0x38D85594
    18:56:35.0675 5908 \Device\Harddisk1\DR1:
    18:56:35.0675 5908 MBR used
    18:56:35.0675 5908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
    18:56:35.0796 5908 Initialize success
    18:56:35.0796 5908 ============================================================
    18:57:24.0616 6016 ============================================================
    18:57:24.0616 6016 Scan started
    18:57:24.0616 6016 Mode: Manual; SigCheck; TDLFS;
    18:57:24.0616 6016 ============================================================
    18:57:27.0321 6016 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    18:57:27.0462 6016 1394ohci - ok
    18:57:27.0529 6016 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    18:57:27.0549 6016 ACPI - ok
    18:57:27.0604 6016 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    18:57:27.0717 6016 AcpiPmi - ok
    18:57:27.0829 6016 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    18:57:27.0857 6016 AdobeActiveFileMonitor8.0 - ok
    18:57:27.0922 6016 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:57:27.0963 6016 adp94xx - ok
    18:57:27.0993 6016 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    18:57:28.0013 6016 adpahci - ok
    18:57:28.0038 6016 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    18:57:28.0055 6016 adpu320 - ok
    18:57:28.0082 6016 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    18:57:28.0131 6016 AeLookupSvc - ok
    18:57:28.0327 6016 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    18:57:28.0426 6016 AFD - ok
    18:57:28.0471 6016 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    18:57:28.0489 6016 agp440 - ok
    18:57:28.0543 6016 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    18:57:28.0557 6016 aic78xx - ok
    18:57:28.0654 6016 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    18:57:28.0709 6016 ALG - ok
    18:57:28.0787 6016 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    18:57:28.0801 6016 aliide - ok
    18:57:28.0886 6016 AMD External Events Utility (abcb0bf67188cb26702bdad21e54ff00) C:\Windows\system32\atiesrxx.exe
    18:57:28.0959 6016 AMD External Events Utility - ok
    18:57:28.0991 6016 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    18:57:29.0014 6016 amdagp - ok
    18:57:29.0034 6016 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    18:57:29.0053 6016 amdide - ok
    18:57:29.0094 6016 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    18:57:29.0142 6016 AmdK8 - ok
    18:57:29.0379 6016 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:57:29.0620 6016 amdkmdag - ok
    18:57:29.0704 6016 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
    18:57:29.0756 6016 amdkmdap - ok
    18:57:29.0850 6016 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    18:57:29.0898 6016 AmdPPM - ok
    18:57:29.0973 6016 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    18:57:29.0995 6016 amdsata - ok
    18:57:30.0027 6016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:57:30.0045 6016 amdsbs - ok
    18:57:30.0082 6016 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    18:57:30.0096 6016 amdxata - ok
    18:57:30.0161 6016 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    18:57:30.0278 6016 AppID - ok
    18:57:30.0305 6016 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    18:57:30.0355 6016 AppIDSvc - ok
    18:57:30.0413 6016 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    18:57:30.0464 6016 Appinfo - ok
    18:57:30.0600 6016 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:57:30.0627 6016 Apple Mobile Device - ok
    18:57:30.0714 6016 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    18:57:30.0729 6016 arc - ok
    18:57:30.0765 6016 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    18:57:30.0791 6016 arcsas - ok
    18:57:30.0866 6016 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:57:30.0884 6016 aspnet_state - ok
    18:57:30.0943 6016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:57:31.0050 6016 AsyncMac - ok
    18:57:31.0136 6016 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    18:57:31.0156 6016 atapi - ok
    18:57:31.0438 6016 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
    18:57:31.0564 6016 atikmdag - ok
    18:57:31.0682 6016 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    18:57:31.0767 6016 AudioEndpointBuilder - ok
    18:57:31.0782 6016 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    18:57:31.0833 6016 Audiosrv - ok
    18:57:31.0906 6016 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    18:57:32.0010 6016 AxInstSV - ok
    18:57:32.0076 6016 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    18:57:32.0163 6016 b06bdrv - ok
    18:57:32.0267 6016 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    18:57:32.0301 6016 b57nd60x - ok
    18:57:32.0375 6016 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    18:57:32.0448 6016 BDESVC - ok
    18:57:32.0503 6016 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    18:57:32.0571 6016 Beep - ok
    18:57:32.0646 6016 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
    18:57:32.0712 6016 BFE - ok
    18:57:32.0991 6016 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
    18:57:33.0125 6016 BHDrvx86 - ok
    18:57:33.0386 6016 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    18:57:33.0515 6016 BITS - ok
    18:57:33.0540 6016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:57:33.0584 6016 blbdrive - ok
    18:57:33.0712 6016 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    18:57:33.0749 6016 Bonjour Service - ok
    18:57:33.0819 6016 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    18:57:33.0871 6016 bowser - ok
    18:57:33.0894 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:57:33.0960 6016 BrFiltLo - ok
    18:57:33.0981 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:57:34.0023 6016 BrFiltUp - ok
    18:57:34.0051 6016 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    18:57:34.0084 6016 Browser - ok
    18:57:34.0140 6016 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    18:57:34.0193 6016 Brserid - ok
    18:57:34.0215 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:57:34.0246 6016 BrSerWdm - ok
    18:57:34.0263 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:57:34.0292 6016 BrUsbMdm - ok
    18:57:34.0311 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:57:34.0346 6016 BrUsbSer - ok
    18:57:34.0365 6016 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:57:34.0395 6016 BTHMODEM - ok
    18:57:34.0459 6016 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    18:57:34.0506 6016 bthserv - ok
    18:57:34.0729 6016 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
    18:57:34.0787 6016 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
    18:57:34.0787 6016 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
    18:57:34.0892 6016 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0601020.00A\ccSetx86.sys
    18:57:34.0916 6016 ccSet_N360 - ok
    18:57:34.0979 6016 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    18:57:35.0033 6016 cdfs - ok
    18:57:35.0098 6016 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    18:57:35.0126 6016 cdrom - ok
    18:57:35.0175 6016 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    18:57:35.0221 6016 CertPropSvc - ok
    18:57:35.0259 6016 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    18:57:35.0293 6016 circlass - ok
    18:57:35.0331 6016 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    18:57:35.0357 6016 CLFS - ok
    18:57:35.0434 6016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:57:35.0448 6016 clr_optimization_v2.0.50727_32 - ok
    18:57:35.0527 6016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:57:35.0555 6016 clr_optimization_v4.0.30319_32 - ok
    18:57:35.0581 6016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:57:35.0606 6016 CmBatt - ok
    18:57:35.0703 6016 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    18:57:35.0726 6016 cmdide - ok
    18:57:35.0767 6016 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    18:57:35.0816 6016 CNG - ok
    18:57:35.0831 6016 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    18:57:35.0844 6016 Compbatt - ok
    18:57:35.0904 6016 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    18:57:35.0929 6016 CompositeBus - ok
    18:57:35.0955 6016 COMSysApp - ok
    18:57:35.0983 6016 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:57:36.0004 6016 crcdisk - ok
    18:57:36.0069 6016 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    18:57:36.0139 6016 CryptSvc - ok
    18:57:36.0183 6016 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    18:57:36.0261 6016 DcomLaunch - ok
    18:57:36.0296 6016 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    18:57:36.0370 6016 defragsvc - ok
    18:57:36.0395 6016 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    18:57:36.0457 6016 DfsC - ok
    18:57:36.0493 6016 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    18:57:36.0542 6016 Dhcp - ok
    18:57:36.0563 6016 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    18:57:36.0607 6016 discache - ok
    18:57:36.0686 6016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    18:57:36.0711 6016 Disk - ok
    18:57:36.0755 6016 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    18:57:36.0805 6016 Dnscache - ok
    18:57:36.0842 6016 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    18:57:36.0897 6016 dot3svc - ok
    18:57:36.0923 6016 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    18:57:36.0980 6016 DPS - ok
    18:57:37.0024 6016 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    18:57:37.0052 6016 drmkaud - ok
    18:57:37.0120 6016 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    18:57:37.0166 6016 DXGKrnl - ok
    18:57:37.0186 6016 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    18:57:37.0233 6016 EapHost - ok
    18:57:37.0313 6016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    18:57:37.0431 6016 ebdrv - ok
    18:57:37.0545 6016 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:57:37.0565 6016 eeCtrl - ok
    18:57:37.0606 6016 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    18:57:37.0655 6016 EFS - ok
    18:57:37.0756 6016 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    18:57:37.0860 6016 ehRecvr - ok
    18:57:37.0938 6016 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    18:57:37.0965 6016 ehSched - ok
    18:57:38.0107 6016 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    18:57:38.0151 6016 elxstor - ok
    18:57:38.0289 6016 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    18:57:38.0349 6016 EPSON_EB_RPCV4_01 - ok
    18:57:38.0393 6016 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    18:57:38.0460 6016 EPSON_PM_RPCV4_01 - ok
    18:57:38.0500 6016 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    18:57:38.0545 6016 ErrDev - ok
    18:57:38.0618 6016 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    18:57:38.0692 6016 EventSystem - ok
    18:57:38.0746 6016 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    18:57:38.0790 6016 exfat - ok
    18:57:38.0817 6016 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    18:57:38.0862 6016 fastfat - ok
    18:57:38.0940 6016 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    18:57:39.0043 6016 Fax - ok
    18:57:39.0058 6016 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    18:57:39.0090 6016 fdc - ok
    18:57:39.0112 6016 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    18:57:39.0165 6016 fdPHost - ok
    18:57:39.0184 6016 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    18:57:39.0233 6016 FDResPub - ok
    18:57:39.0252 6016 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    18:57:39.0267 6016 FileInfo - ok
    18:57:39.0286 6016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    18:57:39.0322 6016 Filetrace - ok
    18:57:39.0415 6016 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:57:39.0461 6016 FLEXnet Licensing Service - ok
    18:57:39.0476 6016 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:57:39.0515 6016 flpydisk - ok
    18:57:39.0558 6016 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    18:57:39.0575 6016 FltMgr - ok
    18:57:39.0629 6016 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    18:57:39.0759 6016 FontCache - ok
    18:57:39.0854 6016 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:57:39.0881 6016 FontCache3.0.0.0 - ok
    18:57:39.0935 6016 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    18:57:39.0950 6016 FsDepends - ok
    18:57:39.0992 6016 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    18:57:40.0005 6016 fssfltr - ok
    18:57:40.0025 6016 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    18:57:40.0040 6016 Fs_Rec - ok
    18:57:40.0099 6016 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    18:57:40.0123 6016 fvevol - ok
    18:57:40.0177 6016 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:57:40.0207 6016 gagp30kx - ok
    18:57:40.0278 6016 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:57:40.0297 6016 GEARAspiWDM - ok
    18:57:40.0341 6016 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    18:57:40.0408 6016 gpsvc - ok
    18:57:40.0506 6016 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    18:57:40.0520 6016 gupdate - ok
    18:57:40.0580 6016 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    18:57:40.0594 6016 gupdatem - ok
    18:57:40.0674 6016 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:57:40.0691 6016 gusvc - ok
    18:57:40.0747 6016 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    18:57:40.0795 6016 hcw85cir - ok
    18:57:40.0854 6016 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    18:57:40.0892 6016 HdAudAddService - ok
    18:57:40.0949 6016 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    18:57:40.0981 6016 HDAudBus - ok
    18:57:41.0024 6016 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:57:41.0057 6016 HidBatt - ok
    18:57:41.0076 6016 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    18:57:41.0113 6016 HidBth - ok
    18:57:41.0136 6016 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    18:57:41.0177 6016 HidIr - ok
    18:57:41.0214 6016 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    18:57:41.0271 6016 hidserv - ok
    18:57:41.0318 6016 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    18:57:41.0352 6016 HidUsb - ok
    18:57:41.0393 6016 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    18:57:41.0447 6016 hkmsvc - ok
    18:57:41.0479 6016 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    18:57:41.0531 6016 HomeGroupListener - ok
    18:57:41.0560 6016 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    18:57:41.0606 6016 HomeGroupProvider - ok
    18:57:41.0665 6016 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    18:57:41.0691 6016 HpSAMD - ok
    18:57:41.0771 6016 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    18:57:41.0865 6016 HSF_DPV - ok
    18:57:41.0911 6016 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    18:57:41.0955 6016 HSXHWBS2 - ok
    18:57:42.0010 6016 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    18:57:42.0078 6016 HTTP - ok
    18:57:42.0117 6016 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    18:57:42.0130 6016 hwpolicy - ok
    18:57:42.0202 6016 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    18:57:42.0236 6016 i8042prt - ok
    18:57:42.0356 6016 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    18:57:42.0384 6016 iaStorV - ok
    18:57:42.0483 6016 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:57:42.0533 6016 idsvc - ok
    18:57:42.0775 6016 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120323.002\IDSvix86.sys
    18:57:42.0795 6016 IDSVix86 - ok
    18:57:42.0838 6016 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    18:57:42.0853 6016 iirsp - ok
    18:57:42.0948 6016 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    18:57:43.0021 6016 IKEEXT - ok
    18:57:43.0049 6016 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    18:57:43.0065 6016 intelide - ok
    18:57:43.0120 6016 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    18:57:43.0155 6016 intelppm - ok
    18:57:43.0201 6016 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    18:57:43.0242 6016 IPBusEnum - ok
    18:57:43.0260 6016 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:57:43.0309 6016 IpFilterDriver - ok
    18:57:43.0403 6016 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
    18:57:43.0454 6016 iphlpsvc - ok
    18:57:43.0485 6016 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    18:57:43.0511 6016 IPMIDRV - ok
    18:57:43.0537 6016 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    18:57:43.0581 6016 IPNAT - ok
    18:57:43.0695 6016 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
    18:57:43.0740 6016 iPod Service - ok
    18:57:43.0790 6016 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    18:57:43.0864 6016 IRENUM - ok
    18:57:43.0894 6016 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    18:57:43.0908 6016 isapnp - ok
    18:57:43.0946 6016 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    18:57:43.0965 6016 iScsiPrt - ok
    18:57:44.0002 6016 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
    18:57:44.0017 6016 kbdclass - ok
    18:57:44.0061 6016 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
    18:57:44.0104 6016 kbdhid - ok
    18:57:44.0128 6016 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:57:44.0157 6016 KeyIso - ok
    18:57:44.0171 6016 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    18:57:44.0196 6016 KSecDD - ok
    18:57:44.0244 6016 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    18:57:44.0261 6016 KSecPkg - ok
    18:57:44.0301 6016 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    18:57:44.0367 6016 KtmRm - ok
    18:57:44.0463 6016 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    18:57:44.0548 6016 LanmanServer - ok
    18:57:44.0592 6016 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    18:57:44.0696 6016 LanmanWorkstation - ok
    18:57:44.0760 6016 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    18:57:44.0828 6016 lltdio - ok
    18:57:44.0856 6016 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    18:57:44.0903 6016 lltdsvc - ok
    18:57:44.0950 6016 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    18:57:45.0052 6016 lmhosts - ok
    18:57:45.0093 6016 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:57:45.0112 6016 LSI_FC - ok
    18:57:45.0136 6016 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:57:45.0163 6016 LSI_SAS - ok
    18:57:45.0202 6016 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:57:45.0223 6016 LSI_SAS2 - ok
    18:57:45.0245 6016 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:57:45.0262 6016 LSI_SCSI - ok
    18:57:45.0285 6016 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    18:57:45.0341 6016 luafv - ok
    18:57:45.0402 6016 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
    18:57:45.0436 6016 MarvinBus - ok
    18:57:45.0474 6016 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    18:57:45.0494 6016 Mcx2Svc - ok
    18:57:45.0543 6016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    18:57:45.0558 6016 mdmxsdk - ok
    18:57:45.0579 6016 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    18:57:45.0602 6016 megasas - ok
    18:57:45.0652 6016 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:57:45.0683 6016 MegaSR - ok
    18:57:45.0709 6016 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    18:57:45.0775 6016 MMCSS - ok
    18:57:45.0785 6016 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    18:57:45.0831 6016 Modem - ok
    18:57:45.0872 6016 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    18:57:45.0905 6016 monitor - ok
    18:57:45.0969 6016 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    18:57:45.0998 6016 mouclass - ok
    18:57:46.0061 6016 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    18:57:46.0098 6016 mouhid - ok
    18:57:46.0168 6016 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    18:57:46.0187 6016 mountmgr - ok
    18:57:46.0262 6016 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    18:57:46.0279 6016 mpio - ok
    18:57:46.0317 6016 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    18:57:46.0406 6016 mpsdrv - ok
    18:57:46.0471 6016 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
    18:57:46.0535 6016 MpsSvc - ok
    18:57:46.0558 6016 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    18:57:46.0580 6016 MRxDAV - ok
    18:57:46.0623 6016 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:57:46.0662 6016 mrxsmb - ok
    18:57:46.0688 6016 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:57:46.0708 6016 mrxsmb10 - ok
    18:57:46.0759 6016 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:57:46.0776 6016 mrxsmb20 - ok
    18:57:46.0806 6016 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    18:57:46.0820 6016 msahci - ok
    18:57:46.0852 6016 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    18:57:46.0869 6016 msdsm - ok
    18:57:46.0896 6016 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    18:57:46.0923 6016 MSDTC - ok
    18:57:46.0961 6016 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    18:57:46.0993 6016 Msfs - ok
    18:57:47.0035 6016 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    18:57:47.0067 6016 mshidkmdf - ok
    18:57:47.0123 6016 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    18:57:47.0155 6016 msisadrv - ok
    18:57:47.0212 6016 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    18:57:47.0278 6016 MSiSCSI - ok
    18:57:47.0288 6016 MSIServer - ok
    18:57:47.0334 6016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    18:57:47.0400 6016 MSKSSRV - ok
    18:57:47.0443 6016 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:57:47.0491 6016 MSPCLOCK - ok
    18:57:47.0513 6016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    18:57:47.0545 6016 MSPQM - ok
    18:57:47.0562 6016 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    18:57:47.0581 6016 MsRPC - ok
    18:57:47.0616 6016 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    18:57:47.0631 6016 mssmbios - ok
    18:57:47.0661 6016 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    18:57:47.0695 6016 MSTEE - ok
    18:57:47.0711 6016 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:57:47.0744 6016 MTConfig - ok
    18:57:47.0766 6016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    18:57:47.0781 6016 Mup - ok
    18:57:47.0962 6016 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    18:57:47.0977 6016 N360 - ok
    18:57:48.0008 6016 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    18:57:48.0073 6016 napagent - ok
    18:57:48.0120 6016 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    18:57:48.0146 6016 NativeWifiP - ok
    18:57:48.0368 6016 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120326.002\NAVENG.SYS
    18:57:48.0393 6016 NAVENG - ok
    18:57:48.0457 6016 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120326.002\NAVEX15.SYS
    18:57:48.0543 6016 NAVEX15 - ok
    18:57:48.0584 6016 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    18:57:48.0643 6016 NDIS - ok
    18:57:48.0686 6016 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:57:48.0737 6016 NdisCap - ok
    18:57:48.0760 6016 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:57:48.0829 6016 NdisTapi - ok
    18:57:48.0889 6016 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:57:48.0929 6016 Ndisuio - ok
    18:57:48.0960 6016 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:57:48.0992 6016 NdisWan - ok
    18:57:49.0032 6016 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    18:57:49.0077 6016 NDProxy - ok
    18:57:49.0118 6016 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    18:57:49.0194 6016 NetBIOS - ok
    18:57:49.0230 6016 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    18:57:49.0288 6016 NetBT - ok
    18:57:49.0348 6016 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:57:49.0376 6016 Netlogon - ok
    18:57:49.0442 6016 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    18:57:49.0508 6016 Netman - ok
    18:57:49.0535 6016 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    18:57:49.0582 6016 netprofm - ok
    18:57:49.0658 6016 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:57:49.0683 6016 NetTcpPortSharing - ok
    18:57:49.0761 6016 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:57:49.0785 6016 nfrd960 - ok
    18:57:49.0822 6016 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    18:57:49.0900 6016 NlaSvc - ok
    18:57:49.0925 6016 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    18:57:49.0973 6016 Npfs - ok
    18:57:49.0988 6016 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    18:57:50.0027 6016 nsi - ok
    18:57:50.0043 6016 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    18:57:50.0094 6016 nsiproxy - ok
    18:57:50.0155 6016 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    18:57:50.0255 6016 Ntfs - ok
    18:57:50.0272 6016 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    18:57:50.0318 6016 Null - ok
    18:57:50.0408 6016 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    18:57:50.0445 6016 NVENETFD - ok
    18:57:50.0514 6016 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
    18:57:50.0556 6016 NVNET - ok
    18:57:50.0633 6016 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    18:57:50.0660 6016 nvraid - ok
    18:57:50.0707 6016 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    18:57:50.0722 6016 nvstor - ok
    18:57:50.0768 6016 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    18:57:50.0784 6016 nv_agp - ok
    18:57:50.0898 6016 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:57:50.0941 6016 odserv - ok
    18:57:50.0970 6016 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    18:57:51.0006 6016 ohci1394 - ok
    18:57:51.0054 6016 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:57:51.0079 6016 ose - ok
    18:57:51.0112 6016 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    18:57:51.0155 6016 p2pimsvc - ok
    18:57:51.0215 6016 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    18:57:51.0274 6016 p2psvc - ok
    18:57:51.0302 6016 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    18:57:51.0329 6016 Parport - ok
    18:57:51.0363 6016 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    18:57:51.0379 6016 partmgr - ok
    18:57:51.0399 6016 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    18:57:51.0427 6016 Parvdm - ok
    18:57:51.0452 6016 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    18:57:51.0477 6016 PcaSvc - ok
    18:57:51.0515 6016 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    18:57:51.0533 6016 pci - ok
    18:57:51.0566 6016 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    18:57:51.0581 6016 pciide - ok
    18:57:51.0600 6016 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:57:51.0620 6016 pcmcia - ok
    18:57:51.0642 6016 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    18:57:51.0656 6016 pcw - ok
    18:57:51.0680 6016 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    18:57:51.0764 6016 PEAUTH - ok
    18:57:51.0839 6016 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    18:57:51.0944 6016 pla - ok
    18:57:52.0004 6016 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    18:57:52.0069 6016 PlugPlay - ok
    18:57:52.0104 6016 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    18:57:52.0142 6016 PNRPAutoReg - ok
    18:57:52.0190 6016 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    18:57:52.0216 6016 PNRPsvc - ok
    18:57:52.0245 6016 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    18:57:52.0304 6016 PolicyAgent - ok
    18:57:52.0357 6016 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    18:57:52.0397 6016 Power - ok
    18:57:52.0436 6016 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    18:57:52.0487 6016 PptpMiniport - ok
    18:57:52.0509 6016 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    18:57:52.0531 6016 Processor - ok
    18:57:52.0582 6016 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    18:57:52.0637 6016 ProfSvc - ok
    18:57:52.0659 6016 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:57:52.0677 6016 ProtectedStorage - ok
    18:57:52.0728 6016 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    18:57:52.0800 6016 Psched - ok
    18:57:52.0834 6016 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    18:57:52.0855 6016 PxHelp20 - ok
    18:57:52.0933 6016 QBCFMonitorService (0f1f42c39ab2b16db957a7a1756feffb) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    18:57:52.0946 6016 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
    18:57:52.0946 6016 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
    18:57:52.0991 6016 QBFCService (92aa40e2b692e8637d45fb2d01137d17) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    18:57:53.0003 6016 QBFCService ( UnsignedFile.Multi.Generic ) - warning
    18:57:53.0004 6016 QBFCService - detected UnsignedFile.Multi.Generic (1)
    18:57:53.0052 6016 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    18:57:53.0129 6016 ql2300 - ok
    18:57:53.0159 6016 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:57:53.0175 6016 ql40xx - ok
    18:57:53.0228 6016 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    18:57:53.0290 6016 QWAVE - ok
    18:57:53.0312 6016 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    18:57:53.0341 6016 QWAVEdrv - ok
    18:57:53.0366 6016 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    18:57:53.0401 6016 RasAcd - ok
    18:57:53.0454 6016 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:57:53.0504 6016 RasAgileVpn - ok
    18:57:53.0524 6016 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    18:57:53.0576 6016 RasAuto - ok
    18:57:53.0600 6016 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:57:53.0652 6016 Rasl2tp - ok
    18:57:53.0716 6016 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    18:57:53.0798 6016 RasMan - ok
    18:57:53.0823 6016 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:57:53.0883 6016 RasPppoe - ok
    18:57:53.0932 6016 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    18:57:53.0990 6016 RasSstp - ok
    18:57:54.0022 6016 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    18:57:54.0084 6016 rdbss - ok
    18:57:54.0107 6016 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:57:54.0139 6016 rdpbus - ok
    18:57:54.0171 6016 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:57:54.0221 6016 RDPCDD - ok
    18:57:54.0277 6016 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    18:57:54.0339 6016 RDPENCDD - ok
    18:57:54.0364 6016 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    18:57:54.0439 6016 RDPREFMP - ok
    18:57:54.0473 6016 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    18:57:54.0534 6016 RDPWD - ok
    18:57:54.0591 6016 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    18:57:54.0620 6016 rdyboost - ok
    18:57:54.0651 6016 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    18:57:54.0721 6016 RemoteAccess - ok
    18:57:54.0752 6016 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    18:57:54.0822 6016 RemoteRegistry - ok
    18:57:54.0863 6016 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    18:57:54.0921 6016 RpcEptMapper - ok
    18:57:54.0944 6016 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    18:57:54.0975 6016 RpcLocator - ok
    18:57:55.0012 6016 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    18:57:55.0054 6016 RpcSs - ok
    18:57:55.0073 6016 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    18:57:55.0123 6016 rspndr - ok
    18:57:55.0148 6016 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:57:55.0164 6016 SamSs - ok
    18:57:55.0215 6016 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    18:57:55.0240 6016 sbp2port - ok
    18:57:55.0251 6016 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    18:57:55.0311 6016 SCardSvr - ok
    18:57:55.0337 6016 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    18:57:55.0379 6016 scfilter - ok
    18:57:55.0452 6016 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    18:57:55.0552 6016 Schedule - ok
    18:57:55.0602 6016 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    18:57:55.0641 6016 SCPolicySvc - ok
    18:57:55.0683 6016 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    18:57:55.0740 6016 SDRSVC - ok
    18:57:55.0822 6016 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    18:57:55.0852 6016 SeaPort - ok
    18:57:55.0902 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    18:57:55.0948 6016 secdrv - ok
    18:57:56.0016 6016 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    18:57:56.0091 6016 seclogon - ok
    18:57:56.0133 6016 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    18:57:56.0190 6016 SENS - ok
    18:57:56.0216 6016 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    18:57:56.0256 6016 SensrSvc - ok
    18:57:56.0275 6016 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    18:57:56.0294 6016 Serenum - ok
    18:57:56.0313 6016 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    18:57:56.0333 6016 Serial - ok
    18:57:56.0359 6016 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    18:57:56.0391 6016 sermouse - ok
    18:57:56.0433 6016 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    18:57:56.0476 6016 SessionEnv - ok
    18:57:56.0504 6016 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    18:57:56.0531 6016 sffdisk - ok
    18:57:56.0551 6016 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    18:57:56.0568 6016 sffp_mmc - ok
    18:57:56.0583 6016 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    18:57:56.0609 6016 sffp_sd - ok
    18:57:56.0629 6016 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:57:56.0655 6016 sfloppy - ok
    18:57:56.0685 6016 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    18:57:56.0734 6016 SharedAccess - ok
    18:57:56.0766 6016 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    18:57:56.0806 6016 ShellHWDetection - ok
    18:57:56.0838 6016 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    18:57:56.0854 6016 sisagp - ok
    18:57:56.0905 6016 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:57:56.0919 6016 SiSRaid2 - ok
    18:57:56.0942 6016 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:57:56.0957 6016 SiSRaid4 - ok
    18:57:57.0008 6016 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    18:57:57.0049 6016 Smb - ok
    18:57:57.0113 6016 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    18:57:57.0138 6016 SNMPTRAP - ok
    18:57:57.0156 6016 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    18:57:57.0171 6016 spldr - ok
    18:57:57.0206 6016 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    18:57:57.0263 6016 Spooler - ok
    18:57:57.0375 6016 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    18:57:57.0519 6016 sppsvc - ok
    18:57:57.0562 6016 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    18:57:57.0612 6016 sppuinotify - ok
    18:57:57.0715 6016 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\N360\0601020.00A\SRTSP.SYS
    18:57:57.0760 6016 SRTSP - ok
    18:57:57.0804 6016 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\N360\0601020.00A\SRTSPX.SYS
    18:57:57.0820 6016 SRTSPX - ok
    18:57:57.0850 6016 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    18:57:57.0899 6016 srv - ok
    18:57:57.0940 6016 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    18:57:57.0962 6016 srv2 - ok
    18:57:58.0018 6016 SrvHsfPCI (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
    18:57:58.0056 6016 SrvHsfPCI - ok
    18:57:58.0091 6016 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    18:57:58.0150 6016 SrvHsfV92 - ok
    18:57:58.0202 6016 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    18:57:58.0251 6016 SrvHsfWinac - ok
    18:57:58.0286 6016 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    18:57:58.0304 6016 srvnet - ok
    18:57:58.0353 6016 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    18:57:58.0398 6016 SSDPSRV - ok
    18:57:58.0425 6016 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    18:57:58.0472 6016 SstpSvc - ok
    18:57:58.0503 6016 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    18:57:58.0518 6016 stexstor - ok
    18:57:58.0609 6016 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    18:57:58.0675 6016 StiSvc - ok
    18:57:58.0695 6016 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    18:57:58.0716 6016 swenum - ok
    18:57:58.0854 6016 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    18:57:58.0918 6016 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
    18:57:58.0918 6016 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    18:57:58.0953 6016 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    18:57:59.0016 6016 swprv - ok
    18:57:59.0138 6016 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0601020.00A\SYMDS.SYS
    18:57:59.0168 6016 SymDS - ok
    18:57:59.0236 6016 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS
    18:57:59.0287 6016 SymEFA - ok
    18:57:59.0406 6016 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
    18:57:59.0430 6016 SymEvent - ok
    18:57:59.0483 6016 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0601020.00A\Ironx86.SYS
    18:57:59.0507 6016 SymIRON - ok
    18:57:59.0561 6016 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS
    18:57:59.0601 6016 SymNetS - ok
    18:57:59.0744 6016 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    18:57:59.0802 6016 SysMain - ok
    18:57:59.0836 6016 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    18:57:59.0870 6016 TabletInputService - ok
    18:57:59.0895 6016 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    18:57:59.0949 6016 TapiSrv - ok
    18:57:59.0977 6016 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    18:58:00.0025 6016 TBS - ok
    18:58:00.0115 6016 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    18:58:00.0186 6016 Tcpip - ok
    18:58:00.0252 6016 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    18:58:00.0287 6016 TCPIP6 - ok
    18:58:00.0325 6016 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    18:58:00.0365 6016 tcpipreg - ok
    18:58:00.0398 6016 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    18:58:00.0435 6016 TDPIPE - ok
    18:58:00.0466 6016 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    18:58:00.0504 6016 TDTCP - ok
    18:58:00.0544 6016 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    18:58:00.0595 6016 tdx - ok
    18:58:00.0677 6016 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    18:58:00.0693 6016 TermDD - ok
    18:58:00.0736 6016 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    18:58:00.0784 6016 TermService - ok
    18:58:00.0823 6016 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    18:58:00.0856 6016 Themes - ok
    18:58:00.0879 6016 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    18:58:00.0915 6016 THREADORDER - ok
    18:58:00.0930 6016 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    18:58:00.0980 6016 TrkWks - ok
    18:58:01.0024 6016 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    18:58:01.0071 6016 TrustedInstaller - ok
    18:58:01.0089 6016 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:58:01.0130 6016 tssecsrv - ok
    18:58:01.0177 6016 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    18:58:01.0223 6016 TsUsbFlt - ok
    18:58:01.0284 6016 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    18:58:01.0331 6016 tunnel - ok
    18:58:01.0363 6016 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    18:58:01.0377 6016 uagp35 - ok
    18:58:01.0414 6016 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    18:58:01.0458 6016 udfs - ok
    18:58:01.0512 6016 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    18:58:01.0543 6016 UI0Detect - ok
    18:58:01.0576 6016 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    18:58:01.0590 6016 uliagpkx - ok
    18:58:01.0646 6016 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    18:58:01.0685 6016 umbus - ok
    18:58:01.0741 6016 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    18:58:01.0776 6016 UmPass - ok
    18:58:01.0839 6016 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    18:58:01.0924 6016 upnphost - ok
    18:58:01.0965 6016 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:58:01.0991 6016 usbccgp - ok
    18:58:02.0062 6016 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    18:58:02.0095 6016 usbcir - ok
    18:58:02.0121 6016 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:58:02.0137 6016 usbehci - ok
    18:58:02.0162 6016 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    18:58:02.0223 6016 usbhub - ok
    18:58:02.0259 6016 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
    18:58:02.0293 6016 usbohci - ok
    18:58:02.0347 6016 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    18:58:02.0372 6016 usbprint - ok
    18:58:02.0426 6016 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    18:58:02.0467 6016 usbscan - ok
    18:58:02.0492 6016 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:58:02.0535 6016 USBSTOR - ok
    18:58:02.0560 6016 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
    18:58:02.0576 6016 usbuhci - ok
    18:58:02.0608 6016 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    18:58:02.0654 6016 UxSms - ok
    18:58:02.0675 6016 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:58:02.0693 6016 VaultSvc - ok
    18:58:02.0754 6016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    18:58:02.0769 6016 vdrvroot - ok
    18:58:02.0818 6016 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    18:58:02.0870 6016 vds - ok
    18:58:02.0892 6016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:58:02.0929 6016 vga - ok
    18:58:02.0953 6016 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    18:58:02.0984 6016 VgaSave - ok
    18:58:03.0019 6016 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    18:58:03.0038 6016 vhdmp - ok
    18:58:03.0093 6016 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    18:58:03.0108 6016 viaagp - ok
    18:58:03.0118 6016 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    18:58:03.0151 6016 ViaC7 - ok
    18:58:03.0171 6016 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    18:58:03.0185 6016 viaide - ok
    18:58:03.0222 6016 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    18:58:03.0251 6016 volmgr - ok
    18:58:03.0273 6016 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    18:58:03.0293 6016 volmgrx - ok
    18:58:03.0337 6016 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    18:58:03.0356 6016 volsnap - ok
    18:58:03.0409 6016 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:58:03.0425 6016 vsmraid - ok
    18:58:03.0513 6016 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    18:58:03.0649 6016 VSS - ok
    18:58:03.0699 6016 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    18:58:03.0732 6016 vwifibus - ok
    18:58:03.0762 6016 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    18:58:03.0815 6016 W32Time - ok
    18:58:03.0841 6016 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    18:58:03.0872 6016 WacomPen - ok
    18:58:03.0907 6016 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    18:58:03.0949 6016 WANARP - ok
    18:58:03.0954 6016 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    18:58:03.0985 6016 Wanarpv6 - ok
    18:58:04.0087 6016 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:58:04.0148 6016 WatAdminSvc - ok
    18:58:04.0205 6016 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    18:58:04.0282 6016 wbengine - ok
    18:58:04.0302 6016 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    18:58:04.0334 6016 WbioSrvc - ok
    18:58:04.0367 6016 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    18:58:04.0403 6016 wcncsvc - ok
    18:58:04.0421 6016 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    18:58:04.0461 6016 WcsPlugInService - ok
    18:58:04.0507 6016 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    18:58:04.0524 6016 Wd - ok
    18:58:04.0583 6016 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
    18:58:04.0599 6016 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
    18:58:04.0602 6016 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
    18:58:04.0602 6016 Wdf01000 - detected Virus.Win32.Rloader.a (0)
    18:58:04.0627 6016 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    18:58:04.0717 6016 WdiServiceHost - ok
    18:58:04.0724 6016 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    18:58:04.0754 6016 WdiSystemHost - ok
    18:58:04.0785 6016 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    18:58:04.0870 6016 WebClient - ok
    18:58:04.0893 6016 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    18:58:04.0931 6016 Wecsvc - ok
    18:58:04.0956 6016 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    18:58:04.0998 6016 wercplsupport - ok
    18:58:05.0062 6016 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    18:58:05.0120 6016 WerSvc - ok
    18:58:05.0158 6016 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:58:05.0210 6016 WfpLwf - ok
    18:58:05.0222 6016 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    18:58:05.0243 6016 WIMMount - ok
    18:58:05.0307 6016 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    18:58:05.0361 6016 winachsf - ok
    18:58:05.0419 6016 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
    18:58:05.0491 6016 WinDefend - ok
    18:58:05.0502 6016 WinHttpAutoProxySvc - ok
    18:58:05.0550 6016 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    18:58:05.0584 6016 Winmgmt - ok
    18:58:05.0655 6016 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    18:58:05.0801 6016 WinRM - ok
    18:58:05.0885 6016 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    18:58:05.0949 6016 Wlansvc - ok
    18:58:06.0069 6016 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:58:06.0184 6016 wlidsvc - ok
    18:58:06.0238 6016 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    18:58:06.0254 6016 WmiAcpi - ok
    18:58:06.0282 6016 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    18:58:06.0315 6016 wmiApSrv - ok
    18:58:06.0428 6016 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:58:06.0521 6016 WMPNetworkSvc - ok
    18:58:06.0541 6016 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    18:58:06.0568 6016 WPCSvc - ok
    18:58:06.0603 6016 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    18:58:06.0655 6016 WPDBusEnum - ok
    18:58:06.0676 6016 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    18:58:06.0725 6016 ws2ifsl - ok
    18:58:06.0745 6016 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
    18:58:06.0771 6016 wscsvc - ok
    18:58:06.0780 6016 WSearch - ok
    18:58:06.0864 6016 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    18:58:06.0986 6016 wuauserv - ok
    18:58:07.0042 6016 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    18:58:07.0112 6016 WudfPf - ok
    18:58:07.0164 6016 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:58:07.0212 6016 WUDFRd - ok
    18:58:07.0247 6016 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    18:58:07.0296 6016 wudfsvc - ok
    18:58:07.0322 6016 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    18:58:07.0349 6016 WwanSvc - ok
    18:58:07.0383 6016 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
    18:58:07.0398 6016 XAudio - ok
    18:58:07.0459 6016 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
    18:58:07.0484 6016 XAudioService - ok
    18:58:07.0543 6016 xcbdaNtscV (d697099edc21307965518f7db5972eb9) C:\Windows\system32\DRIVERS\xcbdaV.sys
    18:58:07.0571 6016 xcbdaNtscV - ok
    18:58:07.0714 6016 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    18:58:07.0777 6016 YahooAUService - ok
    18:58:07.0809 6016 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
    18:58:07.0843 6016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:58:07.0844 6016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:58:07.0933 6016 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    18:58:07.0933 6016 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    18:58:07.0942 6016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
    18:58:08.0005 6016 \Device\Harddisk1\DR1 - ok
    18:58:08.0010 6016 Boot (0x1200) (4f723df9f9c821b066920f98bcbeaf70) \Device\Harddisk0\DR0\Partition0
    18:58:08.0012 6016 \Device\Harddisk0\DR0\Partition0 - ok
    18:58:08.0043 6016 Boot (0x1200) (1cd8aaa5183ee978ed79200862ac6e00) \Device\Harddisk0\DR0\Partition1
    18:58:08.0044 6016 \Device\Harddisk0\DR0\Partition1 - ok
    18:58:08.0050 6016 Boot (0x1200) (a3df845520e479427bfe9cd5f1ce8c99) \Device\Harddisk1\DR1\Partition0
    18:58:08.0052 6016 \Device\Harddisk1\DR1\Partition0 - ok
    18:58:08.0053 6016 ============================================================
    18:58:08.0053 6016 Scan finished
    18:58:08.0053 6016 ============================================================
    18:58:08.0067 2280 Detected object count: 7
    18:58:08.0067 2280 Actual detected object count: 7
    18:59:52.0496 2280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
    18:59:52.0497 2280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:59:52.0497 2280 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
    18:59:52.0497 2280 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:59:52.0500 2280 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
    18:59:52.0500 2280 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:59:52.0502 2280 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
    18:59:52.0502 2280 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
    18:59:52.0631 2280 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
    18:59:52.0848 2280 Backup copy not found, trying to cure infected file..
    18:59:52.0852 2280 Cure success, using it..
    18:59:53.0063 2280 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
    18:59:53.0063 2280 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
    18:59:53.0095 2280 \Device\Harddisk0\DR0\# - copied to quarantine
    18:59:53.0096 2280 \Device\Harddisk0\DR0 - copied to quarantine
    18:59:53.0122 2280 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    18:59:53.0131 2280 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    18:59:53.0136 2280 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    18:59:53.0141 2280 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    18:59:53.0148 2280 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    18:59:53.0160 2280 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    18:59:53.0168 2280 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    18:59:53.0172 2280 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    18:59:53.0175 2280 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    18:59:53.0178 2280 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    18:59:53.0183 2280 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    18:59:53.0187 2280 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    18:59:53.0214 2280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    18:59:53.0215 2280 \Device\Harddisk0\DR0 - ok
    18:59:53.0834 2280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    18:59:53.0835 2280 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    18:59:53.0835 2280 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

    Thank you again for your assistance! YOU ARE WONDERFUL :)
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Thanks, got the files, and look like they are rootkit files. Could be already removed, but they are useful for further analysis (y)

    Okay, can you run the following tools now:

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]


    -----------------

    Clear Cache/Temp Files
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.






    Download and scan with SUPERAntiSpyware Free Edition for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Home" button to leave the control center screen.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click Scan your computer.
    • On the left, select all fixed drives.
    • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click View Scan Logs.
        [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
        [*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
        [*]Please copy and paste the Scan Log results in your next reply.
      [*]Click Close to exit the program.


    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  5. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    Finally done with today's tasks ... thank you again for your help! Here is the information you requested:

    ASWMBR REPORT:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-27 22:02:23
    -----------------------------
    22:02:23.358 OS Version: Windows 6.1.7601 Service Pack 1
    22:02:23.358 Number of processors: 4 586 0x202
    22:02:23.358 ComputerName: LISA-PC UserName: Lisa
    22:02:46.354 Initialize success
    22:03:25.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
    22:03:25.087 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
    22:03:25.087 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064
    22:03:25.102 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
    22:03:25.102 Disk 0 MBR read successfully
    22:03:25.118 Disk 0 MBR scan
    22:03:25.118 Disk 0 Windows 7 default MBR code
    22:03:25.134 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11264 MB offset 63
    22:03:25.149 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 465674 MB offset 23069340
    22:03:25.165 Disk 0 scanning sectors +976771120
    22:03:25.227 Disk 0 scanning C:\Windows\system32\drivers
    22:03:31.764 Service scanning
    22:03:45.008 Modules scanning
    22:04:04.960 Disk 0 trace - called modules:
    22:04:04.992 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
    22:04:04.992 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866283a8]
    22:04:05.007 3 CLASSPNP.SYS[8b9ad59e] -> nt!IofCallDriver -> [0x863be9f0]
    22:04:05.007 5 ACPI.sys[8b1a53d4] -> nt!IofCallDriver -> \Device\00000063[0x85f008a0]
    22:04:05.023 Scan finished successfully
    22:04:36.145 Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
    22:04:36.160 The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"

    MBAM LOG:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org
    Database version: v2012.03.27.08
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Lisa :: LISA-PC [administrator]
    3/27/2012 10:24:50 PM
    mbam-log-2012-03-27 (22-24-50).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 604621
    Time elapsed: 2 hour(s), 32 minute(s), 21 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 5
    C:\ProgramData\cl6MFSXX.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
    C:\Windows\System32\2k3BdWRS.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
    C:\Windows\System32\j4W3MpaK3.com (Trojan.VirTool) -> Delete on reboot.
    C:\Windows\System32\j4W3MpaK3.com_ (Trojan.VirTool) -> Delete on reboot.
    C:\Windows\System32\yUuBM1gl.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
    (end)

    SUPERANTISPYWARE SCAN LOG:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 03/28/2012 at 05:31 AM
    Application Version : 5.0.1146
    Core Rules Database Version : 8389
    Trace Rules Database Version: 6201
    Scan type : Complete Scan
    Total Scan Time : 04:18:34
    Operating System Information
    Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User
    Memory items scanned : 678
    Memory threats detected : 0
    Registry items scanned : 34860
    Registry threats detected : 116
    File items scanned : 372869
    File threats detected : 129
    PUP.MyWebSearch/FunWebProducts
    HKU\S-1-5-21-1742908884-2609549574-1285964605-1001\SOFTWARE\FunWebProducts
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
    HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
    HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
    HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
    HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
    HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
    HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
    HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
    HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
    HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
    HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
    HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
    HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
    HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
    HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
    HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
    HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
    HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
    HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
    Adware.Tracking Cookie
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\UG11BAZF.txt [ /media6degrees.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\OD95V943.txt [ /adxpose.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FL3QK29M.txt [ /www.mynortonaccount.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\HEB9OUWN.txt [ /apmebf.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FSNQBVME.txt [ /ru4.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\XT5JMKYC.txt [ /yieldmanager.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\RDSY0GZE.txt [ /247realmedia.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\VKQ8SZYM.txt [ /mediaplex.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\L065RMRR.txt [ /liveperson.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\QG8RY66F.txt [ /mynortonaccount.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\22T13LCN.txt [ /adbrite.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\B4NV9JBW.txt [ /account.norton.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\8BOMN901.txt [ /doubleclick.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\ZGP73I7R.txt [ /atdmt.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\H1I8T7L9.txt [ /ad.yieldmanager.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\Y4K9EJAX.txt [ /revsci.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\PD4M09NL.txt [ /pro-market.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\LB64CSJC.txt [ /casalemedia.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\34OT63HZ.txt [ /account.norton.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\NONB4MS6.txt [ /c1.atdmt.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\K5T48553.txt [ /serving-sys.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\601O7QZN.txt [ /2o7.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\ZVKMPK4X.txt [ /lucidmedia.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\0AWMRV27.txt [ /liveperson.net ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\48P5G10J.txt [ /bizzclick.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\QYKWW8GN.txt [ /invitemedia.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\TMCDYC10.txt [ /tribalfusion.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\C2MW39CW.txt [ /questionmarket.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\J8Y38TXF.txt [ /ads.undertone.com ]
    C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\CHRVR427.txt [ /fastclick.net ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@adxpose[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZW4ALJR.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T86F3LQ.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@imrworldwide[2].txt [ Cookie:[email protected]/cgi-bin ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@maxvelocitytrack[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY3M4E5O.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@redorbit[3].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/tracking/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8WVA7XH8.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLOCPMPF.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DXBX1A02.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PSGG4B23.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUWR1FDU.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\60SUM99R.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@triangletracks[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\H3W7ZESH.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/theindependent.com/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ecstats[1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KHU8860.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5H7MJ3A.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@mediacomtoday[2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G15OK3JH.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9A1YEXOE.txt [ Cookie:[email protected]/cgi-bin/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D66S84GU.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5U49WTF.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B4141XI.txt [ Cookie:[email protected]/accounts/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XH5INDNM.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHTKVEPF.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D0E0BVE7.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XEBYDDP.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7R1HWWH4.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MQ8X2GD.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0STKN4SK.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LTLNU40X.txt [ Cookie:[email protected]/accounts/recovery/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EH1R1YRK.txt [ Cookie:[email protected]/accounts ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VI500OVP.txt [ Cookie:[email protected]/pagead/conversion/1072690309/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWW5XROD.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VQREU0J.txt [ Cookie:[email protected]/advertpro ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDTJ85E6.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJFOV51C.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YPU2201.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB9ULRSR.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TQ8CDIU.txt [ Cookie:[email protected]/adserving ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7A13DJI.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IQFB6HN.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1OJ6BGY.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RXX4DMXZ.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2LLM4FJ.txt [ Cookie:[email protected]/pagead/conversion/999933429/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WR42E6P5.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZKONWEI.txt [ Cookie:[email protected]/livestats/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MTL2CRU.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H6G4JUI.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JSS7VGT.txt [ Cookie:[email protected]/accounts ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PY8SYCF5.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ERFB5W8.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3AMP9BK.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4J673RU0.txt [ Cookie:[email protected]/accounts/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JUJUTY1.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\W6PYQ5XU.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTF21TPQ.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCVIS6U0.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUJPPB9R.txt [ Cookie:[email protected]/pagead/conversion/1072530749/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHQ4QTQR.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7W6J4BT8.txt [ Cookie:[email protected]/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDIDCHHX.txt [ Cookie:lisa@s08.flagcounter.com/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IX5WAUF.txt [ Cookie:lisa@www.googleadservices.com/pagead/conversion/1069095226/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROIRH035.txt [ Cookie:lisa@zedo.com/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQVFG413.txt [ Cookie:lisa@serving-sys.com/ ]
    C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZMEMAH7.txt [ Cookie:lisa@www.googleadservices.com/pagead/conversion/1046367831/ ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@ADS.FOODBUZZ[2].TXT [ /ADS.FOODBUZZ ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@ADS.JOONBUG[1].TXT [ /ADS.JOONBUG ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@ADTRACKRS[2].TXT [ /ADTRACKRS ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@C.GIGCOUNT[1].TXT [ /C.GIGCOUNT ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@CLICKAIDER[1].TXT [ /CLICKAIDER ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@CLICKBOOTH[1].TXT [ /CLICKBOOTH ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@JMP.CLICKBOOTH[1].TXT [ /JMP.CLICKBOOTH ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@SIBLEYCOUNTYFAIR[2].TXT [ /SIBLEYCOUNTYFAIR ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@SUPPORT.ECSTATS[2].TXT [ /SUPPORT.ECSTATS ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@VA.PX.INVITEMEDIA[1].TXT [ /VA.PX.INVITEMEDIA ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@WEB-TRAFFIC-ANALYSIS[2].TXT [ /WEB-TRAFFIC-ANALYSIS ]
    C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@WWW.MEDIACOMTODAY[2].TXT [ /WWW.MEDIACOMTODAY ]
    Trojan.Agent/Gen-ZAccess
    C:\TDSSKILLER_QUARANTINE\26.03.2012_18.56.31\MBR0000\TDLFS0000\TSK0005.DTA

    NEW HIJACK THIS REPORT:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:19:23 PM, on 3/28/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Users\Lisa\Desktop\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
    R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\Windows\TEMP\E_S8BFD.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Lisa\AppData\Local\Temp\E_SFE6D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_SD5B2.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 11184 bytes

    Thank you again, and have a wonderful day!
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Looks like the files were removed :)

    Okay, can you run these two for me, and post the 3 logs they produce :)

    ------------------

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    ------------------------------------

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    eddie
     
  7. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    Thank you once again ... here is the requested information:

    ComboFix 12-03-29.02 - Lisa 03/29/2012 17:55:43.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1586 [GMT -5:00]
    Running from: c:\users\Lisa\Desktop\username123.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~NiA8EJOQCvIgdO
    c:\programdata\~NiA8EJOQCvIgdOr
    c:\programdata\NiA8EJOQCvIgdO
    c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\odbcad32.exe
    E:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-29 23:14 . 2012-03-29 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-28 08:03 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-28 08:03 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-28 08:03 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-28 08:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-28 08:03 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-28 08:03 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-28 06:07 . 2012-03-28 06:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-28 06:06 . 2012-03-28 06:07 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 06:06 . 2012-03-28 06:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-28 03:23 . 2012-03-28 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-28 03:23 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-28 02:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-27 00:43 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-27 00:43 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-26 23:59 . 2012-03-26 23:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-23 21:59 . 2012-03-23 22:18 -------- d-----w- c:\windows\system32\drivers\N360\0601020.00A
    2012-03-23 15:15 . 2012-03-23 22:15 -------- d-----w- C:\w
    2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\skins
    2012-03-23 15:15 . 2012-03-27 00:27 -------- d-----w- C:\e
    2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\Data
    2012-03-23 04:05 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-23 03:26 . 2012-03-23 21:43 -------- d--h--w- c:\users\Lisa\AppData\Local\NPE
    2012-03-23 03:18 . 2012-03-23 04:18 -------- d--h--w- c:\users\Lisa\AppData\Local\LogMeIn Rescue Applet
    2012-03-23 00:44 . 2012-03-23 00:44 -------- d--h--w- c:\users\Lisa\AppData\Roaming\Tific
    2012-03-20 01:56 . 2012-03-28 05:17 -------- d--h--w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
    2012-03-19 20:01 . 2012-03-19 20:01 -------- d-----w- c:\program files\RealNetworks
    2012-03-06 17:00 . 2012-03-06 17:00 -------- d--h--w- c:\users\Lisa\AppData\Roaming\RealNetworks
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-27 00:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-03-23 02:29 . 2010-12-05 21:15 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-19 18:55 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-02-19 18:55 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-10 03:11 . 2011-05-18 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 08:58 . 2012-02-16 02:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-07-10 22:28 1174920 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ---ha-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ---ha-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ---ha-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-04 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-19 296056]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-10 247968]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601020.00A\SYMDS.SYS [2011-08-16 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS [2011-11-24 905336]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-17 820856]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601020.00A\ccSetx86.sys [2011-11-04 132744]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120328.002\IDSvix86.sys [2012-03-22 368248]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601020.00A\Ironx86.SYS [2011-11-17 149624]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS [2011-11-17 318584]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 106104]
    S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
    .
    2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
    WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
    HKCU-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    HKCU-Run-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    SafeBoot-67834180.sys
    AddRemove-Pinnacle HFX Volume 1 - c:\windows\unvise32.exe \unvol1log
    AddRemove-Pinnacle HFX Volume 2 - c:\windows\unvise32.exe \unvol2log
    AddRemove-ShapeCollage - c:\program files\Shape Collage\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
    6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:60,ad,6a,bf,91,08,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-29 18:32:52
    ComboFix-quarantined-files.txt 2012-03-29 23:32
    .
    Pre-Run: 228,811,272,192 bytes free
    Post-Run: 228,789,010,432 bytes free
    .
    - - End Of File - - D08E2F785CF824464B016422E2BBE979


    OTL Extras logfile created on: 3/29/2012 6:53:40 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lisa\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 54.58% Memory free
    6.00 Gb Paging File | 4.85 Gb Available in Paging File | 80.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 454.76 Gb Total Space | 213.14 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 163.19 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
    Drive E: | 11.00 Gb Total Space | 3.13 Gb Free Space | 28.47% Space Free | Partition Type: NTFS

    Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{06ADD09E-3ED4-4224-B308-CDFBBCCD1092}" = DaisyTrail Be My Valentine Digikit
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0838C0E7-2D7E-41B7-88A1-42DD9F6B6414}" = DaisyTrail Easter 2010 Digikit
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0E2FBF64-9411-4429-9ED1-6B80EEB91DA1}" = DaisyTrail Easter DigiKit
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
    "{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
    "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CAC5D98-8076-41D3-A28C-A9B0367BB99F}" = Serif Digital Scrapbook Artist Photobook, New Baby
    "{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{344A1884-A298-4740-8B7A-3DC3F17F652C}" = Serif WebPlus Starter Edition
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A31F76B-A6C2-495A-ABEB-553ED70CDC22}" = Digital Image Update
    "{4BE17802-5214-4B16-B3FD-ED83A33D11DA}" = DaisyTrail Sparkle Sky Digikit
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62292998-4C9E-4D10-97D2-77AEE95FAFAA}" = DaisyTrail Serif Christmas Card 2009 Digikit
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
    "{6AE9D936-BA5C-449D-BDA4-22BE6DD7CE8B}" = DaisyTrail Playground Digikit
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72369EBF-06F8-41A8-AADB-1622094A7E77}" = DaisyTrail Spooktacular Digikit
    "{72F6E0E4-76B4-4C15-8C78-0F098F8FAAC6}" = Serif Christmas Card 2008 DigiKit
    "{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist Compact
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{789DE23F-A8B4-40B1-9BE4-66C0730377DE}" = DaisyTrail Mexican Wave Digikit
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
    "{7EABB767-5B74-469B-86AD-E542986A0DA5}" = DaisyTrail Independence Day Digikit
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B59F5CA-E7F9-45BF-B2A9-BDA2F01C28EA}" = DaisyTrail American Holidays 2010 Digikit
    "{8C1D4735-84E4-41E2-A1DB-70EADE27633C}" = Adobe Photoshop Lightroom 3.3
    "{8EECBEA8-6DCD-4572-8BDA-5A063D945326}" = Serif Digital Scrapbook Artist Photobook, Contemporary
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A85E2E0D-A116-4F39-A571-2FE83B4BF4F2}" = Serif Digital Scrapbook Artist Photobook, Holiday
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B6F59547-7A1C-4A98-BDA7-7D5CD096E9BF}" = DaisyTrail Fishing DigiKit
    "{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
    "{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
    "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
    "{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D64EE99C-9D04-409A-B041-CEB9C6D6B675}" = DaisyTrail Mothers Day DigiKit
    "{D73DA7BC-958C-4E10-AB13-AF5A1EB62666}" = Serif Digital Scrapbook Artist Photobook, No Frames
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{EFF4CF7F-8A33-4DE7-9E20-39F2894CA1CA}" = DaisyTrail Materials Digikit
    "{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
    "{F8FD0A90-60FD-4037-B0EA-C8C37877E6B3}" = Serif Digital Scrapbook Artist Photobook, Wedding
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
    "A-PDF Thumbnailer_is1" = A-PDF Thumbnailer 1.6
    "Birdie DOC2PDF Converter_is1" = Birdie DOC2PDF Converter
    "Bookworm" = Bookworm (remove only)
    "Boxoft PDF to JPG (freeware)_is1" = Boxoft PDF to JPG (freeware)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DIAEUpdate" = Microsoft Digital Image Suite 2006 (Anniversary Edition Update)
    "doPDF 7 printer_is1" = doPDF 7.1 printer
    "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "FileZilla Client" = FileZilla Client 3.5.3
    "Google Chrome" = Google Chrome
    "GPL Ghostscript 8.71" = GPL Ghostscript 8.71
    "Image to PDF Converter Free_is1" = Image to PDF Converter Free 3.0
    "Magic Bullet Looks Studio" = Magic Bullet Looks Studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "N360" = Norton 360
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "PDF To JPG Converter_is1" = PDF To JPG Converter 2.0.2
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "Picasa 3" = Picasa 3
    "PictureItSuite_v11" = Microsoft Digital Image Suite 2006
    "PrintConductor_is1" = PrintConductor
    "proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
    "RealPlayer 15.0" = RealPlayer
    "STANDARDR" = Microsoft Office Standard 2007
    "stax-Pinnacle_is1" = SureThing Express Labeler
    "Web Album Generator_is1" = Web Album Generator 1.8.2
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/24/2012 8:15:18 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
    0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x64842921
    Faulting
    process id: 0x1524 Faulting application start time: 0x01cd0a1c58275860 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
    Report
    Id: 9994a460-760f-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:15:48 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll, version: 5.5.0.145,
    time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x000c2921 Faulting
    process id: 0x16c0 Faulting application start time: 0x01cd0a1c65c473e0 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files\Ask.com\GenericAskToolbar.dll Report Id: ab9ede00-760f-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:16:18 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e2111c0 Exception code: 0xe06d7363 Fault offset: 0x0000d36f Faulting
    process id: 0x1af0 Faulting application start time: 0x01cd0a1c7e9a8008 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: bd7edf08-760f-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:16:40 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
    0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x64842921
    Faulting
    process id: 0x1f48 Faulting application start time: 0x01cd0a1c8b2ee5e8 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
    Report
    Id: cae9cec8-760f-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:17:56 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll, version: 5.5.0.145,
    time stamp: 0x4a57dc86 Exception code: 0xc0000409 Fault offset: 0x000c2935 Faulting
    process id: 0xebc Faulting application start time: 0x01cd0a1cb11496b8 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files\Ask.com\GenericAskToolbar.dll Report Id: f833e4b8-760f-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:18:19 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00053341 Faulting
    process id: 0x1ea4 Faulting application start time: 0x01cd0a1cbec00a18 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 05dde500-7610-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:19:09 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
    0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x64842921
    Faulting
    process id: 0x1e98 Faulting application start time: 0x01cd0a1cd0904be0 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
    Report
    Id: 235f1630-7610-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:19:52 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
    0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x62972921
    Faulting
    process id: 0x428 Faulting application start time: 0x01cd0a1cfc5a8448 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
    Report
    Id: 3d53ffd8-7610-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:20:43 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll, version: 5.5.0.145,
    time stamp: 0x4a57dc86 Exception code: 0xc0000409 Fault offset: 0x000c2935 Faulting
    process id: 0x1984 Faulting application start time: 0x01cd0a1d15e313a8 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
    Files\Ask.com\GenericAskToolbar.dll Report Id: 5b7ec718-7610-11e1-abe5-001e906fdca9

    Error - 3/24/2012 8:20:58 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
    time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
    0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x62972921
    Faulting
    process id: 0xc78 Faulting application start time: 0x01cd0a1d1f3b8098 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
    Report
    Id: 648d9460-7610-11e1-abe5-001e906fdca9

    [ Media Center Events ]
    Error - 2/14/2010 9:31:56 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 7:31:49 PM - Error connecting to the internet. 7:31:49 PM - Unable
    to contact server..

    Error - 2/14/2010 10:32:45 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 8:32:45 PM - Error connecting to the internet. 8:32:45 PM - Unable
    to contact server..

    Error - 2/14/2010 10:33:21 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 8:33:14 PM - Error connecting to the internet. 8:33:14 PM - Unable
    to contact server..

    Error - 2/15/2010 7:06:29 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 5:06:29 AM - Error connecting to the internet. 5:06:29 AM - Unable
    to contact server..

    Error - 2/15/2010 7:07:04 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 5:06:58 AM - Error connecting to the internet. 5:06:58 AM - Unable
    to contact server..

    Error - 2/15/2010 7:16:00 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 5:16:00 PM - Error connecting to the internet. 5:16:00 PM - Unable
    to contact server..

    Error - 2/15/2010 7:16:36 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 5:16:29 PM - Error connecting to the internet. 5:16:29 PM - Unable
    to contact server..

    Error - 3/7/2010 7:28:47 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 5:28:40 PM - Failed to retrieve EpgListings (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    Error - 4/5/2010 7:43:53 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 6:43:47 AM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    Error - 4/23/2010 7:37:38 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
    Description = 6:37:38 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
    status 404: The requested URL does not exist on the server. )

    [ System Events ]
    Error - 3/27/2012 11:06:51 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
    Description = The AMD External Events Utility service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 3/28/2012 4:01:17 AM | Computer Name = Lisa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80246007: Security Update for Windows 7 (KB2621440).

    Error - 3/28/2012 4:01:17 AM | Computer Name = Lisa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80246007: Security Update for Windows 7 (KB2667402).

    Error - 3/28/2012 10:11:39 PM | Computer Name = Lisa-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:08:40 PM on ?3/?28/?2012 was unexpected.

    Error - 3/29/2012 6:50:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
    Description = The EPSON V5 Service4(01) service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 3/29/2012 6:50:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
    Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 3/29/2012 6:54:34 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
    Description = The XAudioService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 3/29/2012 6:55:12 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/29/2012 7:02:04 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 3/29/2012 7:14:43 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >


    OTL logfile created on: 3/29/2012 6:53:40 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lisa\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 54.58% Memory free
    6.00 Gb Paging File | 4.85 Gb Available in Paging File | 80.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 454.76 Gb Total Space | 213.14 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 163.19 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
    Drive E: | 11.00 Gb Total Space | 3.13 Gb Free Space | 28.47% Space Free | Partition Type: NTFS

    Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/29 18:51:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
    PRC - [2012/02/19 13:55:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
    PRC - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.1.2.10\ccsvchst.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2011/03/09 04:53:20 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/02/20 13:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe -- (N360)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/06/04 19:24:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/05/13 03:00:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
    SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\username123\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/22 21:29:25 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/03/22 15:52:12 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120328.002\IDSvix86.sys -- (IDSVix86)
    DRV - [2012/03/22 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120328.021\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/03/22 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/03/22 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120328.021\NAVENG.SYS -- (NAVENG)
    DRV - [2012/03/17 02:15:00 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/02/03 21:51:54 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/11/23 21:23:47 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\symefa.sys -- (SymEFA)
    DRV - [2011/11/23 20:50:26 | 000,574,584 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\srtsp.sys -- (SRTSP)
    DRV - [2011/11/23 20:50:26 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/11/16 22:37:59 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\symnets.sys -- (SymNetS)
    DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\ironx86.sys -- (SymIRON)
    DRV - [2011/11/04 18:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\ccsetx86.sys -- (ccSet_N360)
    DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\symds.sys -- (SymDS)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/03/09 04:17:26 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009/08/24 23:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/07/13 17:54:14 | 000,157,568 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbdaV.sys -- (xcbdaNtscV) ViXS Tuner Card (NTSC)
    DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
    DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 99 F3 6C 0F A8 CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{2CCDC4CA-9022-416F-B65F-1A900081AB49}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20100938,6686,0,8,0
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Lisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/03/22 22:35:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/03/29 17:45:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/22 18:30:42 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Lisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

    O1 HOSTS File: ([2012/03/29 18:14:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} http://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab (JamShellLinkX Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58A5EB7-E1C0-4317-BA2D-8D7E8AF53A35}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/29 18:51:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
    [2012/03/29 18:32:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/29 18:32:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/29 17:53:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/29 17:53:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/29 17:53:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/29 17:53:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/29 17:50:41 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/29 17:47:39 | 004,448,838 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\username123.exe
    [2012/03/28 01:07:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
    [2012/03/28 01:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/03/28 01:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/03/28 01:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/03/28 01:04:36 | 015,614,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Lisa\Desktop\SUPERAntiSpyware.exe
    [2012/03/27 22:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/27 22:23:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/27 22:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/27 22:21:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/03/27 22:06:11 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\TFC.exe
    [2012/03/27 22:01:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
    [2012/03/26 18:59:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/26 18:54:26 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
    [2012/03/26 18:38:50 | 000,518,656 | ---- | C] (Safer Networking Limited) -- C:\Users\Lisa\Desktop\sfp.exe
    [2012/03/25 14:46:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\backups
    [2012/03/25 14:32:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\dds.com
    [2012/03/25 14:31:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lisa\Desktop\HijackThis.exe
    [2012/03/23 10:15:09 | 000,000,000 | ---D | C] -- C:\w
    [2012/03/23 10:15:08 | 000,000,000 | ---D | C] -- C:\skins
    [2012/03/23 10:15:05 | 000,000,000 | ---D | C] -- C:\e
    [2012/03/23 10:15:04 | 000,000,000 | ---D | C] -- C:\Data
    [2012/03/22 22:26:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\NPE
    [2012/03/22 22:18:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\LogMeIn Rescue Applet
    [2012/03/22 19:44:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Tific
    [2012/03/19 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
    [2012/03/06 12:00:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\RealNetworks

    ========== Files - Modified Within 30 Days ==========

    [2012/05/23 15:57:38 | 000,755,380 | ---- | M] () -- C:\Users\Lisa\DSC08188.JPG
    [2012/03/29 18:51:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
    [2012/03/29 18:16:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/29 18:14:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/29 17:53:13 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/29 17:53:13 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/29 17:47:49 | 004,448,838 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\username123.exe
    [2012/03/29 17:45:47 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/29 17:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/29 17:45:29 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/28 01:06:50 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/03/28 01:05:22 | 015,614,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Lisa\Desktop\SUPERAntiSpyware.exe
    [2012/03/27 22:23:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/27 22:21:55 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam--setup-1.60.1.1000.exe
    [2012/03/27 22:06:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\TFC.exe
    [2012/03/27 22:04:36 | 000,000,512 | ---- | M] () -- C:\Users\Lisa\Desktop\MBR.dat
    [2012/03/27 22:01:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
    [2012/03/27 21:18:45 | 000,635,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/27 21:18:45 | 000,111,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/26 19:43:59 | 001,439,299 | ---- | M] () -- C:\Windows\System32\drivers\N360\0601020.00A\Cat.DB
    [2012/03/26 18:55:53 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
    [2012/03/26 18:39:25 | 000,350,380 | ---- | M] () -- C:\Users\Lisa\Desktop\requested-files[2012-03-26_18_39].cab
    [2012/03/26 18:37:48 | 000,264,875 | ---- | M] () -- C:\Users\Lisa\Desktop\sfp.zip
    [2012/03/25 23:23:49 | 492,315,529 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/25 14:32:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\dds.com
    [2012/03/25 14:31:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lisa\Desktop\HijackThis.exe
    [2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\yUuBM1gl.exe_.b
    [2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\yUuBM1gl.exe.b
    [2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\2k3BdWRS.exe_.b
    [2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\2k3BdWRS.exe.b
    [2012/03/23 22:14:33 | 000,000,001 | ---- | M] () -- C:\ProgramData\cl6MFSXX.exe_.b
    [2012/03/23 22:14:33 | 000,000,001 | ---- | M] () -- C:\ProgramData\cl6MFSXX.exe.b
    [2012/03/23 17:19:21 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/03/23 17:18:49 | 000,008,727 | ---- | M] () -- C:\Windows\System32\drivers\N360\0601020.00A\VT20120301.009
    [2012/03/23 17:15:02 | 000,001,096 | ---- | M] () -- C:\tmsgr_s0.bmp
    [2012/03/23 17:15:02 | 000,001,028 | ---- | M] () -- C:\tmsgr_s1.bmp
    [2012/03/23 17:15:02 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
    [2012/03/23 17:15:02 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
    [2012/03/23 17:15:02 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
    [2012/03/23 17:15:01 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
    [2012/03/23 10:15:27 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
    [2012/03/23 10:15:25 | 000,000,138 | ---- | M] () -- C:\flk2.gif
    [2012/03/23 10:15:25 | 000,000,113 | ---- | M] () -- C:\del_1.gif
    [2012/03/23 10:15:24 | 000,000,380 | ---- | M] () -- C:\edu.bmp
    [2012/03/23 10:15:24 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
    [2012/03/23 10:15:21 | 000,000,304 | ---- | M] () -- C:\dir.bmp
    [2012/03/23 10:15:21 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
    [2012/03/23 10:15:21 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
    [2012/03/23 10:15:21 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
    [2012/03/23 10:15:20 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
    [2012/03/23 10:15:20 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
    [2012/03/23 10:15:20 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
    [2012/03/23 10:15:20 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
    [2012/03/23 10:15:20 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
    [2012/03/23 10:15:19 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
    [2012/03/23 10:15:09 | 000,001,028 | ---- | M] () -- C:\msgr_on.bmp
    [2012/03/22 23:28:16 | 000,001,393 | ---- | M] () -- C:\Users\Lisa\Desktop\iexplore.exe - Shortcut.lnk
    [2012/03/22 23:16:02 | 004,247,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/22 22:49:08 | 000,000,884 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
    [2012/03/22 22:31:22 | 000,001,260 | ---- | M] () -- C:\Users\Lisa\Desktop\Norton Installation Files.lnk
    [2012/03/22 22:28:41 | 007,201,475 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\SMRBackup250.dat
    [2012/03/22 21:29:25 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012/03/22 21:29:25 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012/03/22 21:29:25 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012/03/22 20:13:59 | 000,000,112 | ---- | M] () -- C:\ProgramData\73b5h28.dat
    [2012/03/19 23:42:46 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0601020.00A\isolate.ini
    [2012/03/16 18:40:38 | 000,163,572 | ---- | M] () -- C:\Users\Lisa\Documents\Little Sister Hat.pdf

    ========== Files Created - No Company Name ==========

    [2012/03/29 17:53:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/29 17:53:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/29 17:53:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/29 17:53:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/29 17:53:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/28 01:06:50 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/03/27 22:23:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/27 22:04:36 | 000,000,512 | ---- | C] () -- C:\Users\Lisa\Desktop\MBR.dat
    [2012/03/26 18:39:25 | 000,350,380 | ---- | C] () -- C:\Users\Lisa\Desktop\requested-files[2012-03-26_18_39].cab
    [2012/03/26 18:37:47 | 000,264,875 | ---- | C] () -- C:\Users\Lisa\Desktop\sfp.zip
    [2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\yUuBM1gl.exe_.b
    [2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\yUuBM1gl.exe.b
    [2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\2k3BdWRS.exe_.b
    [2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\2k3BdWRS.exe.b
    [2012/03/23 22:14:33 | 000,000,001 | ---- | C] () -- C:\ProgramData\cl6MFSXX.exe_.b
    [2012/03/23 22:14:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\cl6MFSXX.exe.b
    [2012/03/23 17:15:02 | 000,001,096 | ---- | C] () -- C:\tmsgr_s0.bmp
    [2012/03/23 17:15:02 | 000,001,028 | ---- | C] () -- C:\tmsgr_s1.bmp
    [2012/03/23 17:15:02 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
    [2012/03/23 17:15:02 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
    [2012/03/23 17:15:02 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
    [2012/03/23 17:15:01 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
    [2012/03/23 10:15:26 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
    [2012/03/23 10:15:25 | 000,000,138 | ---- | C] () -- C:\flk2.gif
    [2012/03/23 10:15:24 | 000,000,380 | ---- | C] () -- C:\edu.bmp
    [2012/03/23 10:15:24 | 000,000,113 | ---- | C] () -- C:\del_1.gif
    [2012/03/23 10:15:21 | 000,000,304 | ---- | C] () -- C:\dir.bmp
    [2012/03/23 10:15:21 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
    [2012/03/23 10:15:21 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
    [2012/03/23 10:15:21 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
    [2012/03/23 10:15:21 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
    [2012/03/23 10:15:20 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
    [2012/03/23 10:15:20 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
    [2012/03/23 10:15:20 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
    [2012/03/23 10:15:20 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
    [2012/03/23 10:15:19 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
    [2012/03/23 10:15:19 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
    [2012/03/23 10:15:08 | 000,001,028 | ---- | C] () -- C:\msgr_on.bmp
    [2012/03/22 23:28:16 | 000,001,393 | ---- | C] () -- C:\Users\Lisa\Desktop\iexplore.exe - Shortcut.lnk
    [2012/03/22 22:31:11 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/03/22 22:28:18 | 007,201,475 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\SMRBackup250.dat
    [2012/03/22 20:58:33 | 000,001,260 | ---- | C] () -- C:\Users\Lisa\Desktop\Norton Installation Files.lnk
    [2012/03/22 20:01:54 | 000,000,112 | ---- | C] () -- C:\ProgramData\73b5h28.dat
    [2012/03/16 18:40:36 | 000,163,572 | ---- | C] () -- C:\Users\Lisa\Documents\Little Sister Hat.pdf
    [2012/01/07 16:57:28 | 000,000,187 | ---- | C] () -- C:\Windows\PrintCon.INI
    [2012/01/07 14:51:15 | 000,135,168 | ---- | C] () -- C:\Windows\System32\MSFIXGRD.dll
    [2012/01/07 14:51:14 | 003,980,800 | ---- | C] () -- C:\Windows\System32\COMCTI32.dll
    [2011/05/18 16:41:32 | 000,001,940 | ---- | C] () -- C:\Users\Lisa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/17 19:07:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/03/09 04:16:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2011/02/01 22:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/01/14 19:49:56 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/01/14 19:49:56 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7B34700598.sys
    [2011/01/13 03:03:20 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2010/10/07 13:13:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010/10/07 13:13:30 | 000,000,256 | ---- | C] () -- C:\Windows\Sierra.ini
    [2010/09/29 18:01:13 | 000,008,704 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/18 08:45:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/07/15 10:17:34 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
    [2010/07/07 19:29:42 | 000,000,092 | ---- | C] () -- C:\Users\Lisa\AppData\Local\fusioncache.dat

    ========== LOP Check ==========

    [2010/10/10 08:58:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/01/09 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
    [2010/06/22 10:35:46 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Epson
    [2012/02/13 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FileZilla
    [2010/09/15 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FinalTorrent
    [2010/03/02 08:42:56 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GetRightToGo
    [2011/06/07 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Notepad++
    [2010/03/02 18:51:55 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\proDAD
    [2011/06/17 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Serif
    [2010/06/02 09:05:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Softland
    [2012/03/22 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Tific
    [2012/01/07 17:45:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\YCanPDF
    [2012/03/26 19:06:57 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Thanks :)

    Now, there are some more files I'd like you to upload as you did before. You can reply to your original thread there ;)

    So, using the same suspicious file packer that you have, can you upload these:

    Let me know when they're uploaded :)

    -----------

    Whilst you're doing that, can you go to AddRemove Programs and uninstall this:

    Ask Toolbar

    Then, do the following:

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Unknown] -- C:\username123\mbr.sys -- (mbr)
      DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys -- (catchme)
      IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2233703
      IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERM...l&geo=US&ver=4
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2233703
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
      O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


    eddie
     
  9. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    Thank you - I'll get this done as soon as I get home. I was gone for a couple of days ... not ignoring you :)
     
  10. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    HI - thanks again for your help. I've uploaded the file to the other site, and I'm pasting the copy of the report below as asked for. However, I was not able to uninstall the ASK toolbar; even though I am the only user and administrator, a message appears that I am not authorized to remove the program, that I should sign out and then re-sign in as administrator. I'll keep trying that one. :)

    You are WONDERFUL!

    All processes killed
    ========== OTL ==========
    Error: No service named mbr was found to stop!
    Service\Driver key mbr not found.
    File C:\username123\mbr.sys not found.
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\Users\Lisa\AppData\Local\Temp\catchme.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Classes\.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Classes\ComFile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Lisa\Desktop\cmd.bat deleted successfully.
    C:\Users\Lisa\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Temp folder emptied: 2722494 bytes
    ->Temporary Internet Files folder emptied: 287811262 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 730 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 373422 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 277.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Lisa
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Lisa
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 04032012_184738
    Files\Folders moved on Reboot...
    Registry entries deleted on Reboot...
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Thanks for the files (y)

    They're from the same virus as the ones we removed earlier, so we'll get rid of them :)

    How did the uninstall of Ask toolbar go, did it work?

    ----

    Can you run a scan of the following:

    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
      • C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    • Click on the Upload button
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.




    ------------

    Also, can you run this for me:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
      c:\windows\system32\Macromed\Flash\FlashUtil11e_Active X.exe
      :dir
      C:\w /sub
      C:\skins /sub
      C:\e /sub
      C:\Data /sub
      :filefind
      *MyWebSearch
      *System Check
      :folderfind
      *Ask.com
      *MyWebSearch
      *System Check
      :regfind
      *MyWebSearch
      *System Check
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt


    ----------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    eddie
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
    Its okay, Easter is coming up this weekend, so I completly understand :)
     
  13. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    Here is the first report ...

    VirSCAN.org Scanned Report :
    Scanned time : 2012/04/04 17:55:21 (CDT)
    Scanner results: Scanners did not find malware!
    File Name : nppdf32.dll
    File Size : 103864 byte
    File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
    MD5 : 4393dcb856a2a109e266e6f59e2ef31a
    SHA1 : b974bd5db987b943773194a0d85ca59f5776ce2f
    Online report : http://r.virscan.org/9cc61759bd7506a02829d82f6ac72b44
    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.4 20120404220528 2012-04-04 10.86 -
    AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 4.22 -
    AntiVir 8.2.10.24 7.11.25.222 2012-03-22 0.17 -
    Antiy 2.0.18 2.0.18. 0002-18-00 0.27 -
    Arcavir 2011 201204010133 2012-04-01 3.87 -
    Authentium 5.1.1 201204041716 2012-04-04 1.45 -
    AVAST! 4.7.4 120404-0 2012-04-04 0.18 -
    AVG 12.0.1782 2409/4914 2012-04-04 0.25 -
    BitDefender 7.90123.7040340 7.41762 2012-04-05 3.59 -
    ClamAV 0.97.3 14742 2012-04-04 0.19 -
    Comodo 5.1 11993 2012-04-04 3.03 -
    CP Secure 1.3.0.5 2012.04.05 2012-04-05 0.22 -
    Dr.Web 7.0.1.2210 2012.04.02 2012-04-02 13.45 -
    F-Prot 4.6.2.117 20120404 2012-04-04 0.83 -
    F-Secure 7.02.73807 2012.02.07.03 2012-02-07 2.29 -
    Fortinet 4.3.392 15.383 2012-04-04 0.28 -
    GData 22.4518 20120405 2012-04-05 9.17 -
    ViRobot 20120404 2012.04.04 2012-04-04 0.63 -
    Ikarus T3.1.32.20.0 2012.04.04.80873 2012-04-04 4.95 -
    JiangMin 13.0.900 2012.04.04 2012-04-04 2.98 -
    Kaspersky 5.5.10 2012.04.04 2012-04-04 0.28 -
    KingSoft 2009.2.5.15 2012.4.4.9 2012-04-04 4.54 -
    McAfee 5400.1158 6670 2012-04-04 8.86 -
    Microsoft 1.8202 2012.04.04 2012-04-04 12.68 -
    NOD32 3.0.21 7028 2012-04-04 0.18 -
    Panda 9.05.01 2012.04.04 2012-04-04 10.79 -
    Trend Micro 9.500-1005 8.886.06 2012-04-04 0.19 -
    Quick Heal 11.00 2012.04.04 2012-04-04 2.10 -
    Rising 20.0 24.03.06.01 2012-04-01 5.51 -
    Sophos 3.30.0 4.76 2012-04-05 4.57 -
    Sunbelt 3.9.2533.2 11752 2012-04-04 3.93 -
    Symantec 1.3.0.24 20120403.022 2012-04-03 0.66 -
    nProtect 20120404.01 11077008 2012-04-04 0.00 -
    The Hacker 6.7.0.1 v00438 2012-04-03 1.14 -
    VBA32 3.12.16.4 20120404.0916 2012-04-04 3.32 -
    VirusBuster 5.5.0.2 14.2.11.0/8262559 2012-04-04 0.18 -
     
  14. farmerlisa

    farmerlisa Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    13
    Here is the combofix report .. thank you again! (I sure seem to say that a lot, but I really DO mean it!)

    ComboFix 12-04-04.02 - Lisa 04/04/2012 18:26:04.2.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1565 [GMT -5:00]
    Running from: c:\users\Lisa\Desktop\username123.exe
    Command switches used :: c:\users\Lisa\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\programdata\cl6MFSXX.exe.b"
    "c:\programdata\cl6MFSXX.exe_.b"
    "c:\windows\System32\2k3BdWRS.exe.b"
    "c:\windows\System32\2k3BdWRS.exe_.b"
    "c:\windows\System32\yUuBM1gl.exe.b"
    "c:\windows\System32\yUuBM1gl.exe_.b"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\cl6MFSXX.exe.b
    c:\programdata\cl6MFSXX.exe_.b
    c:\windows\System32\2k3BdWRS.exe.b
    c:\windows\System32\2k3BdWRS.exe_.b
    c:\windows\System32\yUuBM1gl.exe.b
    c:\windows\System32\yUuBM1gl.exe_.b
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-04 23:40 . 2012-04-04 23:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-04-04 23:40 . 2012-04-04 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-03 23:47 . 2012-04-03 23:47 -------- d-----w- C:\_OTL
    2012-03-28 08:03 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-28 08:03 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-28 08:03 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-28 08:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-28 08:03 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-28 08:03 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-28 06:07 . 2012-03-28 06:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
    2012-03-28 06:06 . 2012-03-28 06:07 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-03-28 06:06 . 2012-03-28 06:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-03-28 03:23 . 2012-03-28 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-28 03:23 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-28 02:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-27 00:43 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-27 00:43 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-26 23:59 . 2012-03-26 23:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-23 21:59 . 2012-03-23 22:18 -------- d-----w- c:\windows\system32\drivers\N360\0601020.00A
    2012-03-23 15:15 . 2012-03-23 22:15 -------- d-----w- C:\w
    2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\skins
    2012-03-23 15:15 . 2012-03-27 00:27 -------- d-----w- C:\e
    2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\Data
    2012-03-23 04:05 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-23 03:26 . 2012-03-23 21:43 -------- d-----w- c:\users\Lisa\AppData\Local\NPE
    2012-03-23 03:18 . 2012-03-23 04:18 -------- d-----w- c:\users\Lisa\AppData\Local\LogMeIn Rescue Applet
    2012-03-23 00:44 . 2012-03-23 00:44 -------- d-----w- c:\users\Lisa\AppData\Roaming\Tific
    2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
    2012-03-20 01:56 . 2012-03-28 05:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
    2012-03-19 20:01 . 2012-03-19 20:01 -------- d-----w- c:\program files\RealNetworks
    2012-03-06 17:00 . 2012-03-06 17:00 -------- d-----w- c:\users\Lisa\AppData\Roaming\RealNetworks
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-27 00:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-03-23 02:29 . 2010-12-05 21:15 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-19 18:55 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-02-19 18:55 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-01-10 03:11 . 2011-05-18 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-04 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-19 296056]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-10 247968]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601020.00A\SYMDS.SYS [2011-08-16 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS [2011-11-24 905336]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-17 820856]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601020.00A\ccSetx86.sys [2011-11-04 132744]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120404.002\IDSvix86.sys [2012-03-22 368248]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601020.00A\Ironx86.SYS [2011-11-17 149624]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS [2011-11-17 318584]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
    S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 106104]
    S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
    .
    2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: microsoft.com\oas.support
    Trusted Zone: microsoft.com\support
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
    34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
    6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:60,ad,6a,bf,91,08,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-04-04 18:42:55
    ComboFix-quarantined-files.txt 2012-04-04 23:42
    ComboFix2.txt 2012-03-29 23:32
    .
    Pre-Run: 225,049,972,736 bytes free
    Post-Run: 224,993,095,680 bytes free
    .
    - - End Of File - - 695AE9C63321018153078C885F23E3E1
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,769
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1046571