1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Norton- System infected: Tidserv Activity 2

Discussion in 'Virus & Other Malware Removal' started by rainswirls, Oct 12, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    hi, I need some help.
    I will try to give you as much information as I can.
    I seem to have a infection on my computer but I don't know how to get rid of it....I have tried following norton's suggestion of a removal tool, but everytime I download the tool then reboot my computer nothing has changed and the warning message is still there. this is what the warning says exactly:
    Threat requiring manual removal detected:System Infected: Tidserv Activity 2

    Also when I try to open webpages sometimes, a warning window pops up titled "Chrome.exe-bad image" and it says the following:
    \\.\globalroot\systemroot\assembly\tmp\U\80000032.@ is either not designed to run on Windows or it contains
    an error. Try installing the program again using the original installation media or contact your
    system administrator or the software vendor for support.

    another thing I have noticed is that i cannot use my mozilla browser anymore for some reason, this is what it tells me
    The proxy server is refusing connections
    Firefox is configured to use a proxy server that is refusing connections.


    Check the proxy settings to make sure that they are correct.
    Contact your network administrator to make sure the proxy server is
    working.

    If anyone could help me, It would be greatly appreciated. I can't seem to figure anything out.:confused:
    Thanks,
    Yvonne
     
  2. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    Also I wanted to add that I am running Norton and AVG free
     
  3. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    i understand I need to be patient but I don't want my post getting lost of page 2. Please help..
     
  4. Ried

    Ried Malware Specialist

    Joined:
    Jan 18, 2009
    Messages:
    121
    Hello Yvonne,

    Your machine is infected with Zero Access, which is quite nasty. Before we begin removal procedures, I will require a comprehensive set of logs. Please follow the instructions in the sticky topic here --> http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html for running dds.scr.

    I do not want to see a HijackThis log, or gmer log. Just dds.txt and the Attach.txt it produces.

    I'd also like for you to download aswMBR.exe and save it to your desktop.

    Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.
    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

    In summary, please include the following in your next reply:

    • Contents of dds.txt <-- posted directly into reply box.
    • Contents of aswmbr.txt <-- posted directly into reply box.
    • Mbr.zip and Attach.txt <--attached to your next reply.
     
  5. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    Thank you so much for helping me!
    I did as you requested, the only thing I could not figure out is the MBR file that you wanted zipped. It never appeared on my desktop.
    Here are the dds logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Yvonne at 15:07:08 on 2011-10-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.540 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
    C:\Users\Yvonne\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Yvonne\Downloads\aswMBR.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:61071
    mWinlogon: Userinit=userinit.exe
    uWinlogon: Shell=explorer.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    uRun: [attcm.exe] C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm.exe
    uRun: [Google Update] "C:\Users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Facebook Update] "C:\Users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
    mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{08D93DD1-6057-41AE-9622-1EB1374E7C66} : NameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{669F8350-15F5-496D-9997-BAABC446679B} : NameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{7A31A08B-F04A-4A89-B775-A968B553984A} : DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{A8C36A0B-9183-49C0-8244-629114C0C1A1} : DhcpNameServer = 66.199.48.6 66.199.50.6
    TCP: Interfaces\{A8C36A0B-9183-49C0-8244-629114C0C1A1}\141757160556E6765796E6D27657563747 : DhcpNameServer = 209.55.5.10 209.55.5.11 192.168.33.1
    TCP: Interfaces\{A8C36A0B-9183-49C0-8244-629114C0C1A1}\34865627F64756C643 : DhcpNameServer = 151.164.11.201 151.164.160.201
    TCP: Interfaces\{A8C36A0B-9183-49C0-8244-629114C0C1A1}\355707562783 : DhcpNameServer = 10.1.10.1
    TCP: Interfaces\{A8C36A0B-9183-49C0-8244-629114C0C1A1}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{BB76605B-C752-4689-AF62-6E37F108003C} : NameServer = 172.26.38.1 172.26.38.2
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    BHO-X64: StartNow Toolbar Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
    mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\8e0uxps1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z160&install_date=20111016
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20111016&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61071
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Yvonne\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001_eb9\BHDrvx64.sys [2011-9-29 1152632]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111014.031_f69\IDSviA64.sys [2011-10-14 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-8 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-4 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-8 1817088]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-9-10 130008]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 SMSI Device Launch Service;Clearwire Device Launch Service;C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-5-25 107856]
    R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]
    S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
    S3 CACLEARWIRE;Clearwire Con App Svc;C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-5-25 124240]
    S3 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-4-19 399872]
    S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-5-25 120144]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-2 136824]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-10-16 06:10:32 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\enchant
    2011-10-16 06:09:23 -------- d-----w- C:\Users\Yvonne\AbiSuite
    2011-10-16 06:06:32 -------- d-----w- C:\Program Files (x86)\AbiWord
    2011-10-16 06:06:06 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
    2011-10-16 05:56:03 -------- d-----w- C:\Users\Yvonne\AppData\Local\ElevatedDiagnostics
    2011-10-16 00:56:17 -------- d-----w- C:\Users\Yvonne\AppData\Local\Facebook
    2011-10-15 17:51:07 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Tific
    2011-10-15 17:50:42 -------- d-----w- C:\Users\Yvonne\AppData\Local\Symantec
    2011-10-11 03:12:41 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\FixTDSS
    2011-10-03 22:00:07 -------- d--h--w- C:\$AVG
    2011-10-03 05:28:30 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-10-02 21:22:45 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\mEL9gjYkrOPSi3G
    2011-10-02 21:22:45 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\aamH6sWJ7E
    2011-10-02 21:14:16 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-10-02 21:07:03 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\RPP00yccS1iD3nF
    2011-10-02 20:37:06 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\sfRRLL9gTXqjCeI
    2011-10-02 20:31:25 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\DffRRL99hTX
    2011-10-02 20:26:16 2400768 ----a-w- C:\Users\Yvonne\AppData\Roaming\java.exe
    2011-10-02 20:06:15 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\UbD33nGGamH6WJ
    2011-10-02 20:06:15 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\HYYCCkIIrlONPuS
    2011-10-02 20:06:01 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\viibbD3nGamHsfL
    2011-10-02 20:06:00 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\SmH66sWJfELgZ
    2011-10-02 20:01:34 -------- d-----we C:\Windows\system64
    2011-10-01 02:54:13 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-30 21:37:12 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20D298DA-70CC-4418-904B-3E2216F004A9}\mpengine.dll
    2011-09-29 23:09:55 -------- d--h--w- C:\ProgramData\Common Files
    2011-09-29 23:09:09 -------- d-----w- C:\ProgramData\AVG2012
    2011-09-29 23:07:23 -------- d-----w- C:\Program Files (x86)\AVG
    2011-09-29 22:43:44 -------- d-----w- C:\ProgramData\MFAData
    2011-09-28 18:49:23 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
    2011-09-26 03:27:34 -------- d-----w- C:\Users\Yvonne\AppData\Local\{3D37B5BE-5ED3-4938-88E6-31A71354AA61}
    2011-09-26 03:27:24 -------- d-----w- C:\Users\Yvonne\AppData\Local\{C6B7149C-CFD2-43EA-94DF-800B84E64DAE}
    2011-09-26 03:13:05 -------- d-----w- C:\Users\Yvonne\AppData\Local\{79C85B34-6A91-4710-82EE-097069F31C87}
    2011-09-26 03:12:54 -------- d-----w- C:\Users\Yvonne\AppData\Local\{A3DAE226-57F6-44FA-B61F-F1029F6E2718}
    2011-09-25 23:47:12 -------- d-----w- C:\Users\Yvonne\AppData\Local\{6259D416-223D-4C81-870D-592F57C5D993}
    2011-09-25 23:44:43 -------- d-----w- C:\Users\Yvonne\AppData\Local\{DD87A2D7-DCE8-45A5-A5B0-8E3F97E41202}
    2011-09-25 23:44:42 -------- d-----w- C:\Users\Yvonne\AppData\Local\{70DC937D-B1FB-4B48-9A5A-1EDE421810D7}
    2011-09-23 07:03:46 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\iWin
    2011-09-21 04:32:54 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\WildTangentv1001
    2011-09-21 04:03:01 -------- d-----w- C:\ProgramData\Sony Online Entertainment
    2011-09-18 05:45:31 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\WildTangentv1002
    2011-09-17 20:11:27 -------- d-----w- C:\Users\Yvonne\AppData\Roaming\Flood Light Games
    2011-09-17 20:11:27 -------- d-----w- C:\ProgramData\Flood Light Games
    .
    ==================== Find3M ====================
    .
    2011-09-10 05:23:45 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-08-08 11:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 15:09:53.89 ===============

    Also here are the logs for aswmbr


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-17 15:03:50
    -----------------------------
    15:03:50.574 OS Version: Windows x64 6.1.7601 Service Pack 1
    15:03:50.575 Number of processors: 2 586 0x100
    15:03:50.578 ComputerName: YVONNE-HP UserName: Yvonne
    15:03:58.699 Initialize success
    15:08:33.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
    15:08:33.768 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 11
    15:08:35.823 Disk 0 MBR read successfully
    15:08:35.831 Disk 0 MBR scan
    15:08:35.842 Disk 0 Windows 7 default MBR code
    15:08:35.855 Service scanning
    15:08:40.675 Modules scanning
    15:08:40.689 Disk 0 trace - called modules:
    15:08:40.733 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    15:08:40.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800244a6a0]
    15:08:40.764 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800232ca30]
    15:08:40.780 5 amd_xata.sys[fffff88001102900] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8002327060]
    15:08:40.796 Scan finished successfully
    15:09:00.646 Disk 0 MBR has been saved successfully to "C:\Users\Yvonne\Desktop\MBR.dat"
    15:09:00.693 The log file has been saved successfully to "C:\Users\Yvonne\Desktop\aswMBR.txt"
     

    Attached Files:

  6. Ried

    Ried Malware Specialist

    Joined:
    Jan 18, 2009
    Messages:
    121
    You're welcome. :)

    The file should be there on your desktop, named MBR.dat. If you don't have file extensions set to be viewable, you would see the file as just MBR.

    This will take more than 1 round to clean, so please stay with me until given the 'all clear' even if symptoms seem to abate.


    Download ComboFix from one of these locations:
    Link 1
    Link 2

    * IMPORTANT- Save ComboFix.exe to your Desktop
    ====================================================

    Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications
    ====================================================

    Double click on combofix.exe & follow the prompts.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
     
  7. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    I dowloaded it and turned off my norton like it asked but it still says my norton is running.
    also i can download it but it does not give me an option to save to my desktop.
    I don't have an MBR file on my desktop :/
    It's doing the autoscan right now.
     
  8. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    Its been over an hour and the scan is just stuck at "completed stage 48"
    found the MBR and i compressed it and attached.
     

    Attached Files:

    • MBR.zip
      File size:
      580 bytes
      Views:
      0
  9. Ried

    Ried Malware Specialist

    Joined:
    Jan 18, 2009
    Messages:
    121
    Thank you for the attachment. :)

    Try running ComboFix from Safe Mode with networking. Reboot your computer into Safe Mode with networking. To do this:

    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Use the up arrow key to highlight Safe Mode with networking and press Enter.
    5) Login with your usual account.

    Double click ComboFix.exe and follow all prompts. Post the C:\ComboFix.txt when it has completed.
     
  10. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    okay i started it in safe mode with networking but it still said norton was running, BUT it did finally give me a log.
    here ya go!

    ComboFix 11-10-17.02 - Yvonne 10/20/2011 14:38:56.3.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.843 [GMT -5:00]
    Running from: c:\users\Yvonne\Downloads\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files (x86)\StartNow Toolbar\ToOLbar32.dll
    c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\users\Yvonne\AppData\Roaming\5486.CD5
    c:\users\Yvonne\AppData\Roaming\aamH6sWJ7EOpen Cloud AV.ico
    c:\users\Yvonne\AppData\Roaming\java.exe
    c:\users\Yvonne\AppData\Roaming\UbD33nGGamH6WJOpen Cloud AV.ico
    c:\windows\assembly\tmp\U
    c:\windows\assembly\tmp\U\00000001.@
    c:\windows\assembly\tmp\U\000000c0.@
    c:\windows\assembly\tmp\U\000000cb.@
    c:\windows\assembly\tmp\U\000000cf.@
    c:\windows\assembly\tmp\U\80000000.@
    c:\windows\assembly\tmp\U\80000032.@
    c:\windows\assembly\tmp\U\80000064.@
    c:\windows\assembly\tmp\U\800000c0.@
    c:\windows\assembly\tmp\U\800000cb.@
    c:\windows\assembly\tmp\U\800000cf.@
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-20 19:53 . 2011-10-20 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-19 05:04 . 2011-10-19 05:05 -------- d-----w- c:\program files (x86)\WildTangent Games
    2011-10-18 17:29 . 2011-09-01 02:30 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
    2011-10-18 17:29 . 2011-09-01 05:19 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-10-17 20:47 . 2011-10-17 20:47 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Yahoo!
    2011-10-17 20:46 . 2011-10-20 19:30 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Skype
    2011-10-17 20:46 . 2011-10-17 20:46 -------- d-----r- c:\program files (x86)\Skype
    2011-10-17 20:46 . 2011-10-17 20:46 -------- d-----w- c:\programdata\Skype
    2011-10-17 20:28 . 2011-10-17 20:28 -------- d-----w- c:\programdata\Yahoo!
    2011-10-17 20:24 . 2011-10-17 20:28 -------- d-----w- c:\program files (x86)\Yahoo!
    2011-10-17 18:35 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-17 18:35 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-17 18:35 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-17 18:35 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-17 18:34 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-17 18:34 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-10-17 18:34 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-17 18:34 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-16 06:10 . 2011-10-16 06:10 -------- d-----w- c:\users\Yvonne\AppData\Roaming\enchant
    2011-10-16 06:09 . 2011-10-16 07:11 -------- d-----w- c:\users\Yvonne\AbiSuite
    2011-10-16 06:06 . 2011-10-16 06:07 -------- d-----w- c:\program files (x86)\AbiWord
    2011-10-16 05:56 . 2011-10-16 05:56 -------- d-----w- c:\users\Yvonne\AppData\Local\ElevatedDiagnostics
    2011-10-16 00:56 . 2011-10-16 00:56 -------- d-----w- c:\users\Yvonne\AppData\Local\Facebook
    2011-10-15 17:51 . 2011-10-15 17:51 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Tific
    2011-10-15 17:50 . 2011-10-15 17:50 -------- d-----w- c:\users\Yvonne\AppData\Local\Symantec
    2011-10-15 09:07 . 2011-10-15 09:07 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-10-13 22:15 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-11 03:12 . 2011-10-11 03:12 -------- d-----w- c:\users\Yvonne\AppData\Roaming\FixTDSS
    2011-10-03 22:00 . 2011-10-03 22:00 -------- d-----w- C:\$AVG
    2011-10-03 05:28 . 2011-10-15 11:36 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-02 21:22 . 2011-10-02 21:22 -------- d-----w- c:\users\Yvonne\AppData\Roaming\mEL9gjYkrOPSi3G
    2011-10-02 21:22 . 2011-10-02 21:22 -------- d-----w- c:\users\Yvonne\AppData\Roaming\aamH6sWJ7E
    2011-10-02 21:14 . 2011-10-15 11:32 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2011-10-02 21:07 . 2011-10-02 21:07 -------- d-----w- c:\users\Yvonne\AppData\Roaming\RPP00yccS1iD3nF
    2011-10-02 20:37 . 2011-10-02 20:37 -------- d-----w- c:\users\Yvonne\AppData\Roaming\sfRRLL9gTXqjCeI
    2011-10-02 20:31 . 2011-10-02 20:31 -------- d-----w- c:\users\Yvonne\AppData\Roaming\DffRRL99hTX
    2011-10-02 20:06 . 2011-10-02 20:06 -------- d-----w- c:\users\Yvonne\AppData\Roaming\UbD33nGGamH6WJ
    2011-10-02 20:06 . 2011-10-02 20:06 -------- d-----w- c:\users\Yvonne\AppData\Roaming\HYYCCkIIrlONPuS
    2011-10-02 20:06 . 2011-10-02 21:29 -------- d-----w- c:\users\Yvonne\AppData\Roaming\viibbD3nGamHsfL
    2011-10-02 20:06 . 2011-10-02 20:06 -------- d-----w- c:\users\Yvonne\AppData\Roaming\SmH66sWJfELgZ
    2011-10-01 02:54 . 2011-10-17 20:28 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-30 21:37 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20D298DA-70CC-4418-904B-3E2216F004A9}\mpengine.dll
    2011-09-29 23:09 . 2011-09-29 23:09 -------- d--h--w- c:\programdata\Common Files
    2011-09-29 23:09 . 2011-10-15 11:36 -------- d-----w- c:\programdata\AVG2012
    2011-09-29 23:07 . 2011-09-29 23:07 -------- d-----w- c:\program files (x86)\AVG
    2011-09-29 22:43 . 2011-10-15 11:32 -------- d-----w- c:\programdata\MFAData
    2011-09-28 18:49 . 2011-09-28 18:49 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
    2011-09-23 07:03 . 2011-09-23 07:03 -------- d-----w- c:\users\Yvonne\AppData\Roaming\iWin
    2011-09-21 04:32 . 2011-09-30 23:39 -------- d-----w- c:\users\Yvonne\AppData\Roaming\WildTangentv1001
    2011-09-21 04:03 . 2011-09-21 04:03 -------- d-----w- c:\programdata\Sony Online Entertainment
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-18 18:00 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-09-10 05:23 . 2011-05-08 12:48 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-08-08 11:08 . 2011-08-08 11:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-16 137536]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2010-05-26 54608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
    R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-05-26 124240]
    R3 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-04-19 399872]
    R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-05-26 120144]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111019.030\IDSvia64.sys [2011-10-15 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-05-26 107856]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-02 136824]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001Core.job
    - c:\users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-16 00:56]
    .
    2011-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001UA.job
    - c:\users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-16 00:56]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001Core.job
    - c:\users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 20:05]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001UA.job
    - c:\users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 20:05]
    .
    2011-09-28 c:\windows\Tasks\HPCeeScheduleForYvonne.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "combofix"="c:\combofix\CF7414.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:61071
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    TCP: Interfaces\{08D93DD1-6057-41AE-9622-1EB1374E7C66}: NameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{669F8350-15F5-496D-9997-BAABC446679B}: NameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{BB76605B-C752-4689-AF62-6E37F108003C}: NameServer = 172.26.38.1 172.26.38.2
    FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\8e0uxps1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z160&install_date=20111016
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20111016&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61071
    FF - prefs.js: network.proxy.type - 1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-attcm.exe - c:\program files (x86)\AT&T\AT&T Communication Manager\attcm.exe
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-20 15:08:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-20 20:08
    .
    Pre-Run: 195,344,343,040 bytes free
    Post-Run: 195,020,070,912 bytes free
    .
    - - End Of File - - 0D7171FFAB0FFDFACCA35764CE50F4F5

    and so far no pesky pop ups! or alerts.:D
     
  11. Ried

    Ried Malware Specialist

    Joined:
    Jan 18, 2009
    Messages:
    121
    Well done. :)

    Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

    ***************************************************
    Open notepad and copy/paste the text in the quote box below into it:
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    ***************************************************

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    ***************************************************

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply.

    =========================================


    After running ComboFix, it's important to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.
     
  12. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    ComboFix 11-10-17.02 - Yvonne 10/21/2011 0:14.6.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.1244 [GMT -5:00]
    Running from: c:\users\Yvonne\Downloads\ComboFix.exe
    Command switches used :: c:\users\Yvonne\Desktop\CFScript.txt
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-21 05:27 . 2011-10-21 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-21 04:06 . 2011-10-21 04:06 -------- d-----w- c:\program files (x86)\ESET
    2011-10-21 01:06 . 2009-08-19 21:49 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS
    2011-10-21 01:04 . 2011-10-21 01:21 -------- d-----w- C:\Netgear
    2011-10-19 05:04 . 2011-10-19 05:05 -------- d-----w- c:\program files (x86)\WildTangent Games
    2011-10-18 17:29 . 2011-09-01 02:30 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
    2011-10-18 17:29 . 2011-09-01 05:19 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2011-10-17 20:47 . 2011-10-17 20:47 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Yahoo!
    2011-10-17 20:46 . 2011-10-21 05:00 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Skype
    2011-10-17 20:46 . 2011-10-17 20:46 -------- d-----r- c:\program files (x86)\Skype
    2011-10-17 20:46 . 2011-10-17 20:46 -------- d-----w- c:\programdata\Skype
    2011-10-17 20:28 . 2011-10-17 20:28 -------- d-----w- c:\programdata\Yahoo!
    2011-10-17 20:24 . 2011-10-17 20:28 -------- d-----w- c:\program files (x86)\Yahoo!
    2011-10-17 18:35 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-17 18:35 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-17 18:35 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-17 18:35 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-17 18:34 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-17 18:34 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-10-17 18:34 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-17 18:34 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-16 06:10 . 2011-10-16 06:10 -------- d-----w- c:\users\Yvonne\AppData\Roaming\enchant
    2011-10-16 06:09 . 2011-10-16 07:11 -------- d-----w- c:\users\Yvonne\AbiSuite
    2011-10-16 06:06 . 2011-10-16 06:07 -------- d-----w- c:\program files (x86)\AbiWord
    2011-10-16 05:56 . 2011-10-16 05:56 -------- d-----w- c:\users\Yvonne\AppData\Local\ElevatedDiagnostics
    2011-10-16 00:56 . 2011-10-16 00:56 -------- d-----w- c:\users\Yvonne\AppData\Local\Facebook
    2011-10-15 17:51 . 2011-10-15 17:51 -------- d-----w- c:\users\Yvonne\AppData\Roaming\Tific
    2011-10-15 17:50 . 2011-10-15 17:50 -------- d-----w- c:\users\Yvonne\AppData\Local\Symantec
    2011-10-15 09:07 . 2011-10-15 09:07 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-10-13 22:15 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-11 03:12 . 2011-10-11 03:12 -------- d-----w- c:\users\Yvonne\AppData\Roaming\FixTDSS
    2011-10-03 22:00 . 2011-10-03 22:00 -------- d-----w- C:\$AVG
    2011-10-03 05:28 . 2011-10-15 11:36 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-02 21:14 . 2011-10-15 11:32 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2011-10-01 02:54 . 2011-10-17 20:28 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-30 21:37 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20D298DA-70CC-4418-904B-3E2216F004A9}\mpengine.dll
    2011-09-29 23:09 . 2011-09-29 23:09 -------- d--h--w- c:\programdata\Common Files
    2011-09-29 23:09 . 2011-10-15 11:36 -------- d-----w- c:\programdata\AVG2012
    2011-09-29 23:07 . 2011-09-29 23:07 -------- d-----w- c:\program files (x86)\AVG
    2011-09-29 22:43 . 2011-10-15 11:32 -------- d-----w- c:\programdata\MFAData
    2011-09-28 18:49 . 2011-09-28 18:49 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
    2011-09-23 07:03 . 2011-09-23 07:03 -------- d-----w- c:\users\Yvonne\AppData\Roaming\iWin
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-18 18:00 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-09-10 05:23 . 2011-05-08 12:48 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-08-08 11:08 . 2011-08-08 11:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-20_19.58.33 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-21 03:09 . 2011-10-20 21:14 30710 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-10-21 04:40 47172 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2011-09-09 22:21 . 2011-10-20 19:35 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-09-09 22:21 . 2011-10-21 02:57 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-09-09 22:21 . 2011-10-20 19:35 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-09-09 22:21 . 2011-10-21 02:57 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-20 19:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-21 02:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2011-10-20 20:06 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-09-09 22:47 . 2011-10-21 04:40 9262 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3247187366-1554929785-146752643-1001_UserData.bin
    + 2011-10-21 01:21 . 2011-10-21 01:21 9560 c:\windows\system32\NetworkList\Icons\{22A3B62C-3102-4308-B8AF-8D8A48B037D0}_48.bin
    + 2011-10-21 01:21 . 2011-10-21 01:21 4280 c:\windows\system32\NetworkList\Icons\{22A3B62C-3102-4308-B8AF-8D8A48B037D0}_32.bin
    + 2011-10-21 01:21 . 2011-10-21 01:21 2456 c:\windows\system32\NetworkList\Icons\{22A3B62C-3102-4308-B8AF-8D8A48B037D0}_24.bin
    - 2011-10-20 19:54 . 2011-10-20 19:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-10-21 02:56 . 2011-10-21 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-10-21 02:56 . 2011-10-21 05:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-20 19:54 . 2011-10-20 19:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-09-09 23:37 . 2011-10-21 05:00 337084 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 02:36 . 2011-10-21 04:43 624622 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-10-18 18:07 624622 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-10-21 04:43 106708 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-10-18 18:07 106708 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-10-20 19:22 229540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-10-21 02:54 229540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-09-29 19:37 . 2011-10-20 19:22 731948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3247187366-1554929785-146752643-1001-12288.dat
    + 2011-09-29 19:37 . 2011-10-21 01:44 731948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3247187366-1554929785-146752643-1001-12288.dat
    - 2011-10-20 19:23 . 2011-10-20 19:23 1317648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-10-20 19:23 . 2011-10-21 02:54 1317648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-09-11 16:14 . 2011-10-20 19:22 9860478 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3247187366-1554929785-146752643-1001-8192.dat
    + 2011-09-11 16:14 . 2011-10-21 02:54 9860478 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3247187366-1554929785-146752643-1001-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-16 137536]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2010-05-26 54608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
    R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111019.030\IDSvia64.sys [2011-10-15 488568]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
    R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-05-26 107856]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
    R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-05-26 124240]
    R3 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-04-19 399872]
    R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-05-26 120144]
    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-02 136824]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
    R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001Core.job
    - c:\users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-16 00:56]
    .
    2011-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001UA.job
    - c:\users\Yvonne\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-16 00:56]
    .
    2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001Core.job
    - c:\users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 20:05]
    .
    2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247187366-1554929785-146752643-1001UA.job
    - c:\users\Yvonne\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 20:05]
    .
    2011-09-28 c:\windows\Tasks\HPCeeScheduleForYvonne.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{08D93DD1-6057-41AE-9622-1EB1374E7C66}: NameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{669F8350-15F5-496D-9997-BAABC446679B}: NameServer = 172.26.38.1 172.26.38.2
    TCP: Interfaces\{BB76605B-C752-4689-AF62-6E37F108003C}: NameServer = 172.26.38.1 172.26.38.2
    FF - ProfilePath - c:\users\Yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\8e0uxps1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z160&install_date=20111016
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20111016&q=
    FF - prefs.js: network.proxy.type - 1
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-10-21 00:31:51
    ComboFix-quarantined-files.txt 2011-10-21 05:31
    ComboFix2.txt 2011-10-21 03:55
    ComboFix3.txt 2011-10-20 20:08
    .
    Pre-Run: 194,334,425,088 bytes free
    Post-Run: 194,039,996,416 bytes free
    .
    - - End Of File - - 88B120D461550A1F511E93BED2006281
     
  13. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    export text file


    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application
    C:\Qoobox\Quarantine\C\Users\Yvonne\AppData\Roaming\java.exe.vir a variant of Win32/Kryptik.TOL trojan
    C:\Users\Yvonne\Downloads\AbiWord_Setup.exe a variant of Win32/Adware.iBryte.A application
     
  14. Ried

    Ried Malware Specialist

    Joined:
    Jan 18, 2009
    Messages:
    121
    Hello Yvonne,

    My apologies for the delay, I was away this weekend.

    The items in Qoobox are backups created during the course of this fix and will be deleted when we are through and uninstall ComboFix.

    Do you recall where you downloaded AbiWord from?
     
  15. rainswirls

    rainswirls Thread Starter

    Joined:
    Oct 12, 2011
    Messages:
    12
    I don't remember where I downloaded it at. I was looking for a microsoft word starter 2010 because the one on my computer had stopped working for some reason ( maybe bc of the virus) and I had a paper to turn in for school.
    I attached what it shows me on my screen when I try to open my microsoft word starter.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1021842