# Missing dll file, empty folders, crashes after removing virus with Norton



## farmerlisa (Mar 24, 2012)

After having Norton tech support remove a virus from computer using their NPC, the home screen comes up with message There was a problem starting C:\Windows\Temp The specified module could not be found. Clicking on the START button (Windows 7 Home Premium) produces the FORM, but no information or links are listed. Clicking on the Desktop>> link on the bottom of the page shows the desktop items, but shows all folders and disks as empty. There IS information on them (i.e., programs, etc) but they are not accessible. I am assuming there is still some sort of virus on this computer; it crashes intermittently, and I cannot load the AdAware program; it comes up with a message that the system administrator has set policies to prevent this installation. I was also unable to run the 3rd recommended download from your "before you post" directions, it runs it partway through and then crashes. Do you think there's any help for this, or do I have a new anchor? Any assistance or suggestions would be VERY appreciated!!! I'm attaching / copying the reports as requested in the instructions. Thank you, and hope you're having a good day 

Lisa

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:44:14 PM, on 3/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\Windows\TEMP\E_S8BFD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Lisa\AppData\Local\Temp\E_SFE6D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_SD5B2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10816 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by Lisa at 15:26:44 on 2012-03-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1949 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.1.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.1.2.10\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.1.2.10\coIEPlg.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No File
uRun: [EPSON Stylus Photo R260 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibna.exe /fu "c:\windows\temp\E_S8BFD.tmp" /EF "HKCU"
uRun: [EPSON Stylus Photo RX595 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\users\lisa\appdata\local\temp\E_SFE6D.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_SD5B2.tmp" /EF "HKCU"
uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Update] rundll32.exe "c:\windows\temp\",DllRegisterServer
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [Update] rundll32.exe "c:\windows\temp\",DllRegisterServer
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F58A5EB7-E1C0-4317-BA2D-8D7E8AF53A35} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0601020.00a\symds.sys [2012-3-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0601020.00a\symefa.sys [2012-3-23 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-17 820856]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0601020.00a\ccsetx86.sys [2012-3-23 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120323.002\IDSvix86.sys [2012-3-23 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0601020.00a\ironx86.sys [2012-3-23 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0601020.00a\symnets.sys [2012-3-23 318584]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.1.2.10\ccsvchst.exe [2012-3-23 138232]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-15 106104]
R3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\drivers\xcbdaV.sys [2009-6-10 157568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-17 39272]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-26 135664]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]
.
=============== Created Last 30 ================
.
2012-03-24 03:14:39 84992 ----a-w- c:\windows\system32\yUuBM1gl.exe
2012-03-24 03:14:39 84992 ----a-w- c:\windows\system32\2k3BdWRS.exe
2012-03-24 03:14:32 84992 ----a-w- c:\programdata\cl6MFSXX.exe
2012-03-23 22:00:24 905336 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\symefa.sys
2012-03-23 22:00:24 574584 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\srtsp.sys
2012-03-23 22:00:24 340088 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\symds.sys
2012-03-23 22:00:24 32888 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\srtspx.sys
2012-03-23 22:00:24 318584 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\symnets.sys
2012-03-23 22:00:24 149624 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\ironx86.sys
2012-03-23 22:00:23 132744 ----a-r- c:\windows\system32\drivers\n360\0601020.00a\ccsetx86.sys
2012-03-23 21:59:59 4782 ----a-w- c:\windows\system32\drivers\n360\0601020.00a\symvtcer.dat
2012-03-23 21:59:59 -------- d-----w- c:\windows\system32\drivers\n360\0601020.00A
2012-03-23 15:15:09 -------- d-----w- C:\w
2012-03-23 15:15:08 -------- d-----w- C:\skins
2012-03-23 15:15:05 -------- d-----w- C:\e
2012-03-23 15:15:04 -------- d-----w- C:\Data
2012-03-23 04:05:30 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 03:26:46 -------- d--h--w- c:\users\lisa\appdata\local\NPE
2012-03-23 03:18:33 -------- d--h--w- c:\users\lisa\appdata\local\LogMeIn Rescue Applet
2012-03-23 01:13:40 84992 ----a-w- c:\windows\system32\j4W3MpaK3.com
2012-03-23 01:09:56 84992 ----a-w- c:\windows\system32\j4W3MpaK3.com_
2012-03-23 00:44:59 -------- d--h--w- c:\users\lisa\appdata\roaming\Tific
2012-03-19 20:01:15 -------- d-----w- c:\program files\RealNetworks
2012-03-06 17:00:51 -------- d--h--w- c:\users\lisa\appdata\roaming\RealNetworks
.
==================== Find3M ====================
.
2012-03-23 02:29:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-19 18:55:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-19 18:55:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-10 03:11:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 -> 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8709D49F]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870a4740]; MOV EAX, [0x870a48b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E8852A] -> \Device\Harddisk0\DR0[0x86A28948]
3 CLASSPNP[0x8B97759E] -> ntkrnlpa!IofCallDriver[0x82E8852A] -> [0x862C5450]
5 ACPI[0x8359D3D4] -> ntkrnlpa!IofCallDriver[0x82E8852A] -> \00000063[0x862C5030]
\Driver\nvstor[0x870AF088] -> IRP_MJ_CREATE -> 0x8709D49F
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000063 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-00YGA#4&1b498b83&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:33:54.44 ===============


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Can you firstly do this for me, as you have some files that I need to look at further:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> c:\windows\system32\yUuBM1gl.exe
> c:\windows\system32\2k3BdWRS.exe
> c:\programdata\cl6MFSXX.exe
> c:\windows\system32\j4W3MpaK3.com
> c:\windows\system32\j4W3MpaK3.com_


Let me know when they're uploaded 

===================

After doing that, can you run this tool for me:

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

eddie


----------



## farmerlisa (Mar 24, 2012)

Thank you so much for your response. I have done the requested tasks; compressed file is uploaded to the other site, and I ran the TDSSKiller application. The report from it is as follows (before rebooting computer, if that makes a difference):

18:56:30.0151 5908 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:56:31.0169 5908 ============================================================
18:56:31.0169 5908 Current date / time: 2012/03/26 18:56:31.0169
18:56:31.0169 5908 SystemInfo:
18:56:31.0169 5908 
18:56:31.0169 5908 OS Version: 6.1.7601 ServicePack: 1.0
18:56:31.0169 5908 Product type: Workstation
18:56:31.0169 5908 ComputerName: LISA-PC
18:56:31.0169 5908 UserName: Lisa
18:56:31.0169 5908 Windows directory: C:\Windows
18:56:31.0169 5908 System windows directory: C:\Windows
18:56:31.0169 5908 Processor architecture: Intel x86
18:56:31.0169 5908 Number of processors: 4
18:56:31.0169 5908 Page size: 0x1000
18:56:31.0170 5908 Boot type: Normal boot
18:56:31.0170 5908 ============================================================
18:56:35.0661 5908 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:56:35.0661 5908 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:56:35.0675 5908 \Device\Harddisk0\DR0:
18:56:35.0675 5908 MBR used
18:56:35.0675 5908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x160025D
18:56:35.0675 5908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160029C, BlocksNum 0x38D85594
18:56:35.0675 5908 \Device\Harddisk1\DR1:
18:56:35.0675 5908 MBR used
18:56:35.0675 5908 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
18:56:35.0796 5908 Initialize success
18:56:35.0796 5908 ============================================================
18:57:24.0616 6016 ============================================================
18:57:24.0616 6016 Scan started
18:57:24.0616 6016 Mode: Manual; SigCheck; TDLFS; 
18:57:24.0616 6016 ============================================================
18:57:27.0321 6016 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:57:27.0462 6016 1394ohci - ok
18:57:27.0529 6016 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:57:27.0549 6016 ACPI - ok
18:57:27.0604 6016 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:57:27.0717 6016 AcpiPmi - ok
18:57:27.0829 6016 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
18:57:27.0857 6016 AdobeActiveFileMonitor8.0 - ok
18:57:27.0922 6016 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:27.0963 6016 adp94xx - ok
18:57:27.0993 6016 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:57:28.0013 6016 adpahci - ok
18:57:28.0038 6016 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:57:28.0055 6016 adpu320 - ok
18:57:28.0082 6016 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:57:28.0131 6016 AeLookupSvc - ok
18:57:28.0327 6016 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:57:28.0426 6016 AFD - ok
18:57:28.0471 6016 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:57:28.0489 6016 agp440 - ok
18:57:28.0543 6016 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:57:28.0557 6016 aic78xx - ok
18:57:28.0654 6016 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:57:28.0709 6016 ALG - ok
18:57:28.0787 6016 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:57:28.0801 6016 aliide - ok
18:57:28.0886 6016 AMD External Events Utility (abcb0bf67188cb26702bdad21e54ff00) C:\Windows\system32\atiesrxx.exe
18:57:28.0959 6016 AMD External Events Utility - ok
18:57:28.0991 6016 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:57:29.0014 6016 amdagp - ok
18:57:29.0034 6016 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:57:29.0053 6016 amdide - ok
18:57:29.0094 6016 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:57:29.0142 6016 AmdK8 - ok
18:57:29.0379 6016 amdkmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
18:57:29.0620 6016 amdkmdag - ok
18:57:29.0704 6016 amdkmdap (655053f7c0a3b551da84db7417a10e15) C:\Windows\system32\DRIVERS\atikmpag.sys
18:57:29.0756 6016 amdkmdap - ok
18:57:29.0850 6016 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:57:29.0898 6016 AmdPPM - ok
18:57:29.0973 6016 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:57:29.0995 6016 amdsata - ok
18:57:30.0027 6016 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:30.0045 6016 amdsbs - ok
18:57:30.0082 6016 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:57:30.0096 6016 amdxata - ok
18:57:30.0161 6016 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:57:30.0278 6016 AppID - ok
18:57:30.0305 6016 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:57:30.0355 6016 AppIDSvc - ok
18:57:30.0413 6016 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:57:30.0464 6016 Appinfo - ok
18:57:30.0600 6016 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:30.0627 6016 Apple Mobile Device - ok
18:57:30.0714 6016 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:57:30.0729 6016 arc - ok
18:57:30.0765 6016 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:57:30.0791 6016 arcsas - ok
18:57:30.0866 6016 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:57:30.0884 6016 aspnet_state - ok
18:57:30.0943 6016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:31.0050 6016 AsyncMac - ok
18:57:31.0136 6016 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:57:31.0156 6016 atapi - ok
18:57:31.0438 6016 atikmdag (ad77d5d46857ce0d9469e7e670ec4d34) C:\Windows\system32\DRIVERS\atikmdag.sys
18:57:31.0564 6016 atikmdag - ok
18:57:31.0682 6016 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:57:31.0767 6016 AudioEndpointBuilder - ok
18:57:31.0782 6016 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:57:31.0833 6016 Audiosrv - ok
18:57:31.0906 6016 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:57:32.0010 6016 AxInstSV - ok
18:57:32.0076 6016 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:57:32.0163 6016 b06bdrv - ok
18:57:32.0267 6016 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:57:32.0301 6016 b57nd60x - ok
18:57:32.0375 6016 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:57:32.0448 6016 BDESVC - ok
18:57:32.0503 6016 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:57:32.0571 6016 Beep - ok
18:57:32.0646 6016 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:57:32.0712 6016 BFE - ok
18:57:32.0991 6016 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
18:57:33.0125 6016 BHDrvx86 - ok
18:57:33.0386 6016 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:57:33.0515 6016 BITS - ok
18:57:33.0540 6016 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:33.0584 6016 blbdrive - ok
18:57:33.0712 6016 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:57:33.0749 6016 Bonjour Service - ok
18:57:33.0819 6016 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:57:33.0871 6016 bowser - ok
18:57:33.0894 6016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:33.0960 6016 BrFiltLo - ok
18:57:33.0981 6016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:34.0023 6016 BrFiltUp - ok
18:57:34.0051 6016 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:57:34.0084 6016 Browser - ok
18:57:34.0140 6016 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:57:34.0193 6016 Brserid - ok
18:57:34.0215 6016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:34.0246 6016 BrSerWdm - ok
18:57:34.0263 6016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:34.0292 6016 BrUsbMdm - ok
18:57:34.0311 6016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:34.0346 6016 BrUsbSer - ok
18:57:34.0365 6016 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:34.0395 6016 BTHMODEM - ok
18:57:34.0459 6016 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:57:34.0506 6016 bthserv - ok
18:57:34.0729 6016 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
18:57:34.0787 6016 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
18:57:34.0787 6016 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
18:57:34.0892 6016 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0601020.00A\ccSetx86.sys
18:57:34.0916 6016 ccSet_N360 - ok
18:57:34.0979 6016 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:57:35.0033 6016 cdfs - ok
18:57:35.0098 6016 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:57:35.0126 6016 cdrom - ok
18:57:35.0175 6016 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:57:35.0221 6016 CertPropSvc - ok
18:57:35.0259 6016 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:57:35.0293 6016 circlass - ok
18:57:35.0331 6016 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:57:35.0357 6016 CLFS - ok
18:57:35.0434 6016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:35.0448 6016 clr_optimization_v2.0.50727_32 - ok
18:57:35.0527 6016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:35.0555 6016 clr_optimization_v4.0.30319_32 - ok
18:57:35.0581 6016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:35.0606 6016 CmBatt - ok
18:57:35.0703 6016 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:57:35.0726 6016 cmdide - ok
18:57:35.0767 6016 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:57:35.0816 6016 CNG - ok
18:57:35.0831 6016 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:57:35.0844 6016 Compbatt - ok
18:57:35.0904 6016 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:57:35.0929 6016 CompositeBus - ok
18:57:35.0955 6016 COMSysApp - ok
18:57:35.0983 6016 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:36.0004 6016 crcdisk - ok
18:57:36.0069 6016 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:57:36.0139 6016 CryptSvc - ok
18:57:36.0183 6016 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:57:36.0261 6016 DcomLaunch - ok
18:57:36.0296 6016 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:57:36.0370 6016 defragsvc - ok
18:57:36.0395 6016 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:57:36.0457 6016 DfsC - ok
18:57:36.0493 6016 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:57:36.0542 6016 Dhcp - ok
18:57:36.0563 6016 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:57:36.0607 6016 discache - ok
18:57:36.0686 6016 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:57:36.0711 6016 Disk - ok
18:57:36.0755 6016 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:57:36.0805 6016 Dnscache - ok
18:57:36.0842 6016 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:57:36.0897 6016 dot3svc - ok
18:57:36.0923 6016 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:57:36.0980 6016 DPS - ok
18:57:37.0024 6016 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:57:37.0052 6016 drmkaud - ok
18:57:37.0120 6016 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:57:37.0166 6016 DXGKrnl - ok
18:57:37.0186 6016 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:57:37.0233 6016 EapHost - ok
18:57:37.0313 6016 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:57:37.0431 6016 ebdrv - ok
18:57:37.0545 6016 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:57:37.0565 6016 eeCtrl - ok
18:57:37.0606 6016 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:57:37.0655 6016 EFS - ok
18:57:37.0756 6016 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:57:37.0860 6016 ehRecvr - ok
18:57:37.0938 6016 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:57:37.0965 6016 ehSched - ok
18:57:38.0107 6016 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:57:38.0151 6016 elxstor - ok
18:57:38.0289 6016 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
18:57:38.0349 6016 EPSON_EB_RPCV4_01 - ok
18:57:38.0393 6016 EPSON_PM_RPCV4_01 (cdca791afa0483f44bba576dbfafd04d) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
18:57:38.0460 6016 EPSON_PM_RPCV4_01 - ok
18:57:38.0500 6016 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:57:38.0545 6016 ErrDev - ok
18:57:38.0618 6016 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:57:38.0692 6016 EventSystem - ok
18:57:38.0746 6016 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:57:38.0790 6016 exfat - ok
18:57:38.0817 6016 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:57:38.0862 6016 fastfat - ok
18:57:38.0940 6016 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:57:39.0043 6016 Fax - ok
18:57:39.0058 6016 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:57:39.0090 6016 fdc - ok
18:57:39.0112 6016 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:57:39.0165 6016 fdPHost - ok
18:57:39.0184 6016 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:57:39.0233 6016 FDResPub - ok
18:57:39.0252 6016 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:57:39.0267 6016 FileInfo - ok
18:57:39.0286 6016 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:57:39.0322 6016 Filetrace - ok
18:57:39.0415 6016 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:57:39.0461 6016 FLEXnet Licensing Service - ok
18:57:39.0476 6016 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:39.0515 6016 flpydisk - ok
18:57:39.0558 6016 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:57:39.0575 6016 FltMgr - ok
18:57:39.0629 6016 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:57:39.0759 6016 FontCache - ok
18:57:39.0854 6016 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:57:39.0881 6016 FontCache3.0.0.0 - ok
18:57:39.0935 6016 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:57:39.0950 6016 FsDepends - ok
18:57:39.0992 6016 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:57:40.0005 6016 fssfltr - ok
18:57:40.0025 6016 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:57:40.0040 6016 Fs_Rec - ok
18:57:40.0099 6016 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:57:40.0123 6016 fvevol - ok
18:57:40.0177 6016 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:40.0207 6016 gagp30kx - ok
18:57:40.0278 6016 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:57:40.0297 6016 GEARAspiWDM - ok
18:57:40.0341 6016 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:57:40.0408 6016 gpsvc - ok
18:57:40.0506 6016 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:57:40.0520 6016 gupdate - ok
18:57:40.0580 6016 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:57:40.0594 6016 gupdatem - ok
18:57:40.0674 6016 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:57:40.0691 6016 gusvc - ok
18:57:40.0747 6016 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:57:40.0795 6016 hcw85cir - ok
18:57:40.0854 6016 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:57:40.0892 6016 HdAudAddService - ok
18:57:40.0949 6016 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:57:40.0981 6016 HDAudBus - ok
18:57:41.0024 6016 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:57:41.0057 6016 HidBatt - ok
18:57:41.0076 6016 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:57:41.0113 6016 HidBth - ok
18:57:41.0136 6016 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:57:41.0177 6016 HidIr - ok
18:57:41.0214 6016 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:57:41.0271 6016 hidserv - ok
18:57:41.0318 6016 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:57:41.0352 6016 HidUsb - ok
18:57:41.0393 6016 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:57:41.0447 6016 hkmsvc - ok
18:57:41.0479 6016 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:57:41.0531 6016 HomeGroupListener - ok
18:57:41.0560 6016 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:57:41.0606 6016 HomeGroupProvider - ok
18:57:41.0665 6016 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:57:41.0691 6016 HpSAMD - ok
18:57:41.0771 6016 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:57:41.0865 6016 HSF_DPV - ok
18:57:41.0911 6016 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
18:57:41.0955 6016 HSXHWBS2 - ok
18:57:42.0010 6016 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:57:42.0078 6016 HTTP - ok
18:57:42.0117 6016 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:57:42.0130 6016 hwpolicy - ok
18:57:42.0202 6016 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:57:42.0236 6016 i8042prt - ok
18:57:42.0356 6016 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:57:42.0384 6016 iaStorV - ok
18:57:42.0483 6016 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:57:42.0533 6016 idsvc - ok
18:57:42.0775 6016 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120323.002\IDSvix86.sys
18:57:42.0795 6016 IDSVix86 - ok
18:57:42.0838 6016 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:57:42.0853 6016 iirsp - ok
18:57:42.0948 6016 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:57:43.0021 6016 IKEEXT - ok
18:57:43.0049 6016 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:57:43.0065 6016 intelide - ok
18:57:43.0120 6016 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:57:43.0155 6016 intelppm - ok
18:57:43.0201 6016 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:57:43.0242 6016 IPBusEnum - ok
18:57:43.0260 6016 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:43.0309 6016 IpFilterDriver - ok
18:57:43.0403 6016 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:57:43.0454 6016 iphlpsvc - ok
18:57:43.0485 6016 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:57:43.0511 6016 IPMIDRV - ok
18:57:43.0537 6016 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:57:43.0581 6016 IPNAT - ok
18:57:43.0695 6016 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:57:43.0740 6016 iPod Service - ok
18:57:43.0790 6016 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:57:43.0864 6016 IRENUM - ok
18:57:43.0894 6016 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:57:43.0908 6016 isapnp - ok
18:57:43.0946 6016 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:57:43.0965 6016 iScsiPrt - ok
18:57:44.0002 6016 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:57:44.0017 6016 kbdclass - ok
18:57:44.0061 6016 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:57:44.0104 6016 kbdhid - ok
18:57:44.0128 6016 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:57:44.0157 6016 KeyIso - ok
18:57:44.0171 6016 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:57:44.0196 6016 KSecDD - ok
18:57:44.0244 6016 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:57:44.0261 6016 KSecPkg - ok
18:57:44.0301 6016 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:57:44.0367 6016 KtmRm - ok
18:57:44.0463 6016 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:57:44.0548 6016 LanmanServer - ok
18:57:44.0592 6016 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:57:44.0696 6016 LanmanWorkstation - ok
18:57:44.0760 6016 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:57:44.0828 6016 lltdio - ok
18:57:44.0856 6016 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:57:44.0903 6016 lltdsvc - ok
18:57:44.0950 6016 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:57:45.0052 6016 lmhosts - ok
18:57:45.0093 6016 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:57:45.0112 6016 LSI_FC - ok
18:57:45.0136 6016 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:57:45.0163 6016 LSI_SAS - ok
18:57:45.0202 6016 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:57:45.0223 6016 LSI_SAS2 - ok
18:57:45.0245 6016 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:57:45.0262 6016 LSI_SCSI - ok
18:57:45.0285 6016 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:57:45.0341 6016 luafv - ok
18:57:45.0402 6016 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
18:57:45.0436 6016 MarvinBus - ok
18:57:45.0474 6016 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:57:45.0494 6016 Mcx2Svc - ok
18:57:45.0543 6016 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:57:45.0558 6016 mdmxsdk - ok
18:57:45.0579 6016 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:57:45.0602 6016 megasas - ok
18:57:45.0652 6016 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:57:45.0683 6016 MegaSR - ok
18:57:45.0709 6016 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:57:45.0775 6016 MMCSS - ok
18:57:45.0785 6016 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:57:45.0831 6016 Modem - ok
18:57:45.0872 6016 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:57:45.0905 6016 monitor - ok
18:57:45.0969 6016 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:57:45.0998 6016 mouclass - ok
18:57:46.0061 6016 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:57:46.0098 6016 mouhid - ok
18:57:46.0168 6016 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:57:46.0187 6016 mountmgr - ok
18:57:46.0262 6016 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:57:46.0279 6016 mpio - ok
18:57:46.0317 6016 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:57:46.0406 6016 mpsdrv - ok
18:57:46.0471 6016 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:57:46.0535 6016 MpsSvc - ok
18:57:46.0558 6016 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:57:46.0580 6016 MRxDAV - ok
18:57:46.0623 6016 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:46.0662 6016 mrxsmb - ok
18:57:46.0688 6016 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:46.0708 6016 mrxsmb10 - ok
18:57:46.0759 6016 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:46.0776 6016 mrxsmb20 - ok
18:57:46.0806 6016 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:57:46.0820 6016 msahci - ok
18:57:46.0852 6016 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:57:46.0869 6016 msdsm - ok
18:57:46.0896 6016 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:57:46.0923 6016 MSDTC - ok
18:57:46.0961 6016 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:57:46.0993 6016 Msfs - ok
18:57:47.0035 6016 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:57:47.0067 6016 mshidkmdf - ok
18:57:47.0123 6016 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:57:47.0155 6016 msisadrv - ok
18:57:47.0212 6016 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:57:47.0278 6016 MSiSCSI - ok
18:57:47.0288 6016 MSIServer - ok
18:57:47.0334 6016 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:57:47.0400 6016 MSKSSRV - ok
18:57:47.0443 6016 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:47.0491 6016 MSPCLOCK - ok
18:57:47.0513 6016 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:57:47.0545 6016 MSPQM - ok
18:57:47.0562 6016 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:57:47.0581 6016 MsRPC - ok
18:57:47.0616 6016 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:57:47.0631 6016 mssmbios - ok
18:57:47.0661 6016 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:57:47.0695 6016 MSTEE - ok
18:57:47.0711 6016 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:57:47.0744 6016 MTConfig - ok
18:57:47.0766 6016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:57:47.0781 6016 Mup - ok
18:57:47.0962 6016 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
18:57:47.0977 6016 N360 - ok
18:57:48.0008 6016 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:57:48.0073 6016 napagent - ok
18:57:48.0120 6016 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:57:48.0146 6016 NativeWifiP - ok
18:57:48.0368 6016 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120326.002\NAVENG.SYS
18:57:48.0393 6016 NAVENG - ok
18:57:48.0457 6016 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120326.002\NAVEX15.SYS
18:57:48.0543 6016 NAVEX15 - ok
18:57:48.0584 6016 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:57:48.0643 6016 NDIS - ok
18:57:48.0686 6016 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:57:48.0737 6016 NdisCap - ok
18:57:48.0760 6016 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:48.0829 6016 NdisTapi - ok
18:57:48.0889 6016 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:48.0929 6016 Ndisuio - ok
18:57:48.0960 6016 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:48.0992 6016 NdisWan - ok
18:57:49.0032 6016 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:57:49.0077 6016 NDProxy - ok
18:57:49.0118 6016 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:57:49.0194 6016 NetBIOS - ok
18:57:49.0230 6016 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:57:49.0288 6016 NetBT - ok
18:57:49.0348 6016 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:57:49.0376 6016 Netlogon - ok
18:57:49.0442 6016 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:57:49.0508 6016 Netman - ok
18:57:49.0535 6016 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:57:49.0582 6016 netprofm - ok
18:57:49.0658 6016 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:57:49.0683 6016 NetTcpPortSharing - ok
18:57:49.0761 6016 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:57:49.0785 6016 nfrd960 - ok
18:57:49.0822 6016 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:57:49.0900 6016 NlaSvc - ok
18:57:49.0925 6016 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:57:49.0973 6016 Npfs - ok
18:57:49.0988 6016 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:57:50.0027 6016 nsi - ok
18:57:50.0043 6016 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:57:50.0094 6016 nsiproxy - ok
18:57:50.0155 6016 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:57:50.0255 6016 Ntfs - ok
18:57:50.0272 6016 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:57:50.0318 6016 Null - ok
18:57:50.0408 6016 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
18:57:50.0445 6016 NVENETFD - ok
18:57:50.0514 6016 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
18:57:50.0556 6016 NVNET - ok
18:57:50.0633 6016 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:57:50.0660 6016 nvraid - ok
18:57:50.0707 6016 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:57:50.0722 6016 nvstor - ok
18:57:50.0768 6016 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:57:50.0784 6016 nv_agp - ok
18:57:50.0898 6016 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:57:50.0941 6016 odserv - ok
18:57:50.0970 6016 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:57:51.0006 6016 ohci1394 - ok
18:57:51.0054 6016 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:51.0079 6016 ose - ok
18:57:51.0112 6016 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:57:51.0155 6016 p2pimsvc - ok
18:57:51.0215 6016 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:57:51.0274 6016 p2psvc - ok
18:57:51.0302 6016 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:57:51.0329 6016 Parport - ok
18:57:51.0363 6016 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:57:51.0379 6016 partmgr - ok
18:57:51.0399 6016 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:57:51.0427 6016 Parvdm - ok
18:57:51.0452 6016 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:57:51.0477 6016 PcaSvc - ok
18:57:51.0515 6016 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:57:51.0533 6016 pci - ok
18:57:51.0566 6016 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:57:51.0581 6016 pciide - ok
18:57:51.0600 6016 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:57:51.0620 6016 pcmcia - ok
18:57:51.0642 6016 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:57:51.0656 6016 pcw - ok
18:57:51.0680 6016 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:57:51.0764 6016 PEAUTH - ok
18:57:51.0839 6016 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:57:51.0944 6016 pla - ok
18:57:52.0004 6016 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:57:52.0069 6016 PlugPlay - ok
18:57:52.0104 6016 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:57:52.0142 6016 PNRPAutoReg - ok
18:57:52.0190 6016 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:57:52.0216 6016 PNRPsvc - ok
18:57:52.0245 6016 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:57:52.0304 6016 PolicyAgent - ok
18:57:52.0357 6016 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:57:52.0397 6016 Power - ok
18:57:52.0436 6016 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:57:52.0487 6016 PptpMiniport - ok
18:57:52.0509 6016 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:57:52.0531 6016 Processor - ok
18:57:52.0582 6016 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:57:52.0637 6016 ProfSvc - ok
18:57:52.0659 6016 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:57:52.0677 6016 ProtectedStorage - ok
18:57:52.0728 6016 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:57:52.0800 6016 Psched - ok
18:57:52.0834 6016 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
18:57:52.0855 6016 PxHelp20 - ok
18:57:52.0933 6016 QBCFMonitorService (0f1f42c39ab2b16db957a7a1756feffb) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:57:52.0946 6016 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
18:57:52.0946 6016 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
18:57:52.0991 6016 QBFCService (92aa40e2b692e8637d45fb2d01137d17) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:57:53.0003 6016 QBFCService ( UnsignedFile.Multi.Generic ) - warning
18:57:53.0004 6016 QBFCService - detected UnsignedFile.Multi.Generic (1)
18:57:53.0052 6016 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:57:53.0129 6016 ql2300 - ok
18:57:53.0159 6016 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:57:53.0175 6016 ql40xx - ok
18:57:53.0228 6016 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:57:53.0290 6016 QWAVE - ok
18:57:53.0312 6016 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:57:53.0341 6016 QWAVEdrv - ok
18:57:53.0366 6016 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:57:53.0401 6016 RasAcd - ok
18:57:53.0454 6016 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:57:53.0504 6016 RasAgileVpn - ok
18:57:53.0524 6016 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:57:53.0576 6016 RasAuto - ok
18:57:53.0600 6016 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:53.0652 6016 Rasl2tp - ok
18:57:53.0716 6016 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:57:53.0798 6016 RasMan - ok
18:57:53.0823 6016 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:53.0883 6016 RasPppoe - ok
18:57:53.0932 6016 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:57:53.0990 6016 RasSstp - ok
18:57:54.0022 6016 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:57:54.0084 6016 rdbss - ok
18:57:54.0107 6016 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:57:54.0139 6016 rdpbus - ok
18:57:54.0171 6016 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:54.0221 6016 RDPCDD - ok
18:57:54.0277 6016 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:57:54.0339 6016 RDPENCDD - ok
18:57:54.0364 6016 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:57:54.0439 6016 RDPREFMP - ok
18:57:54.0473 6016 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:57:54.0534 6016 RDPWD - ok
18:57:54.0591 6016 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:57:54.0620 6016 rdyboost - ok
18:57:54.0651 6016 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:57:54.0721 6016 RemoteAccess - ok
18:57:54.0752 6016 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:57:54.0822 6016 RemoteRegistry - ok
18:57:54.0863 6016 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:57:54.0921 6016 RpcEptMapper - ok
18:57:54.0944 6016 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:57:54.0975 6016 RpcLocator - ok
18:57:55.0012 6016 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:57:55.0054 6016 RpcSs - ok
18:57:55.0073 6016 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:57:55.0123 6016 rspndr - ok
18:57:55.0148 6016 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:57:55.0164 6016 SamSs - ok
18:57:55.0215 6016 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:57:55.0240 6016 sbp2port - ok
18:57:55.0251 6016 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:57:55.0311 6016 SCardSvr - ok
18:57:55.0337 6016 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:57:55.0379 6016 scfilter - ok
18:57:55.0452 6016 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:57:55.0552 6016 Schedule - ok
18:57:55.0602 6016 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:57:55.0641 6016 SCPolicySvc - ok
18:57:55.0683 6016 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:57:55.0740 6016 SDRSVC - ok
18:57:55.0822 6016 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:57:55.0852 6016 SeaPort - ok
18:57:55.0902 6016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:57:55.0948 6016 secdrv - ok
18:57:56.0016 6016 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:57:56.0091 6016 seclogon - ok
18:57:56.0133 6016 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:57:56.0190 6016 SENS - ok
18:57:56.0216 6016 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:57:56.0256 6016 SensrSvc - ok
18:57:56.0275 6016 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:57:56.0294 6016 Serenum - ok
18:57:56.0313 6016 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:57:56.0333 6016 Serial - ok
18:57:56.0359 6016 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:57:56.0391 6016 sermouse - ok
18:57:56.0433 6016 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:57:56.0476 6016 SessionEnv - ok
18:57:56.0504 6016 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:57:56.0531 6016 sffdisk - ok
18:57:56.0551 6016 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:57:56.0568 6016 sffp_mmc - ok
18:57:56.0583 6016 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:57:56.0609 6016 sffp_sd - ok
18:57:56.0629 6016 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:57:56.0655 6016 sfloppy - ok
18:57:56.0685 6016 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:57:56.0734 6016 SharedAccess - ok
18:57:56.0766 6016 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:57:56.0806 6016 ShellHWDetection - ok
18:57:56.0838 6016 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:57:56.0854 6016 sisagp - ok
18:57:56.0905 6016 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:57:56.0919 6016 SiSRaid2 - ok
18:57:56.0942 6016 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:57:56.0957 6016 SiSRaid4 - ok
18:57:57.0008 6016 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:57:57.0049 6016 Smb - ok
18:57:57.0113 6016 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:57:57.0138 6016 SNMPTRAP - ok
18:57:57.0156 6016 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:57:57.0171 6016 spldr - ok
18:57:57.0206 6016 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:57:57.0263 6016 Spooler - ok
18:57:57.0375 6016 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:57:57.0519 6016 sppsvc - ok
18:57:57.0562 6016 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:57:57.0612 6016 sppuinotify - ok
18:57:57.0715 6016 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\N360\0601020.00A\SRTSP.SYS
18:57:57.0760 6016 SRTSP - ok
18:57:57.0804 6016 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\N360\0601020.00A\SRTSPX.SYS
18:57:57.0820 6016 SRTSPX - ok
18:57:57.0850 6016 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:57:57.0899 6016 srv - ok
18:57:57.0940 6016 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:57:57.0962 6016 srv2 - ok
18:57:58.0018 6016 SrvHsfPCI (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
18:57:58.0056 6016 SrvHsfPCI - ok
18:57:58.0091 6016 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:57:58.0150 6016 SrvHsfV92 - ok
18:57:58.0202 6016 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:57:58.0251 6016 SrvHsfWinac - ok
18:57:58.0286 6016 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:57:58.0304 6016 srvnet - ok
18:57:58.0353 6016 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:57:58.0398 6016 SSDPSRV - ok
18:57:58.0425 6016 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:57:58.0472 6016 SstpSvc - ok
18:57:58.0503 6016 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:57:58.0518 6016 stexstor - ok
18:57:58.0609 6016 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:57:58.0675 6016 StiSvc - ok
18:57:58.0695 6016 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:57:58.0716 6016 swenum - ok
18:57:58.0854 6016 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:57:58.0918 6016 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:57:58.0918 6016 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:57:58.0953 6016 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:57:59.0016 6016 swprv - ok
18:57:59.0138 6016 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0601020.00A\SYMDS.SYS
18:57:59.0168 6016 SymDS - ok
18:57:59.0236 6016 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS
18:57:59.0287 6016 SymEFA - ok
18:57:59.0406 6016 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:57:59.0430 6016 SymEvent - ok
18:57:59.0483 6016 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0601020.00A\Ironx86.SYS
18:57:59.0507 6016 SymIRON - ok
18:57:59.0561 6016 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS
18:57:59.0601 6016 SymNetS - ok
18:57:59.0744 6016 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:57:59.0802 6016 SysMain - ok
18:57:59.0836 6016 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:57:59.0870 6016 TabletInputService - ok
18:57:59.0895 6016 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:57:59.0949 6016 TapiSrv - ok
18:57:59.0977 6016 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:58:00.0025 6016 TBS - ok
18:58:00.0115 6016 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:58:00.0186 6016 Tcpip - ok
18:58:00.0252 6016 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:58:00.0287 6016 TCPIP6 - ok
18:58:00.0325 6016 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:58:00.0365 6016 tcpipreg - ok
18:58:00.0398 6016 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:58:00.0435 6016 TDPIPE - ok
18:58:00.0466 6016 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:58:00.0504 6016 TDTCP - ok
18:58:00.0544 6016 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:58:00.0595 6016 tdx - ok
18:58:00.0677 6016 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:58:00.0693 6016 TermDD - ok
18:58:00.0736 6016 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:58:00.0784 6016 TermService - ok
18:58:00.0823 6016 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:58:00.0856 6016 Themes - ok
18:58:00.0879 6016 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:58:00.0915 6016 THREADORDER - ok
18:58:00.0930 6016 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:58:00.0980 6016 TrkWks - ok
18:58:01.0024 6016 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:58:01.0071 6016 TrustedInstaller - ok
18:58:01.0089 6016 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:58:01.0130 6016 tssecsrv - ok
18:58:01.0177 6016 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:58:01.0223 6016 TsUsbFlt - ok
18:58:01.0284 6016 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:58:01.0331 6016 tunnel - ok
18:58:01.0363 6016 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:58:01.0377 6016 uagp35 - ok
18:58:01.0414 6016 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:58:01.0458 6016 udfs - ok
18:58:01.0512 6016 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:58:01.0543 6016 UI0Detect - ok
18:58:01.0576 6016 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:58:01.0590 6016 uliagpkx - ok
18:58:01.0646 6016 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:58:01.0685 6016 umbus - ok
18:58:01.0741 6016 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:58:01.0776 6016 UmPass - ok
18:58:01.0839 6016 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:58:01.0924 6016 upnphost - ok
18:58:01.0965 6016 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:58:01.0991 6016 usbccgp - ok
18:58:02.0062 6016 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:58:02.0095 6016 usbcir - ok
18:58:02.0121 6016 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:58:02.0137 6016 usbehci - ok
18:58:02.0162 6016 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:58:02.0223 6016 usbhub - ok
18:58:02.0259 6016 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
18:58:02.0293 6016 usbohci - ok
18:58:02.0347 6016 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:58:02.0372 6016 usbprint - ok
18:58:02.0426 6016 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:58:02.0467 6016 usbscan - ok
18:58:02.0492 6016 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:58:02.0535 6016 USBSTOR - ok
18:58:02.0560 6016 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:58:02.0576 6016 usbuhci - ok
18:58:02.0608 6016 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:58:02.0654 6016 UxSms - ok
18:58:02.0675 6016 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:58:02.0693 6016 VaultSvc - ok
18:58:02.0754 6016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:58:02.0769 6016 vdrvroot - ok
18:58:02.0818 6016 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:58:02.0870 6016 vds - ok
18:58:02.0892 6016 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:58:02.0929 6016 vga - ok
18:58:02.0953 6016 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:58:02.0984 6016 VgaSave - ok
18:58:03.0019 6016 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:58:03.0038 6016 vhdmp - ok
18:58:03.0093 6016 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:58:03.0108 6016 viaagp - ok
18:58:03.0118 6016 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:58:03.0151 6016 ViaC7 - ok
18:58:03.0171 6016 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:58:03.0185 6016 viaide - ok
18:58:03.0222 6016 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:58:03.0251 6016 volmgr - ok
18:58:03.0273 6016 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:58:03.0293 6016 volmgrx - ok
18:58:03.0337 6016 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:58:03.0356 6016 volsnap - ok
18:58:03.0409 6016 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:58:03.0425 6016 vsmraid - ok
18:58:03.0513 6016 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:58:03.0649 6016 VSS - ok
18:58:03.0699 6016 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:58:03.0732 6016 vwifibus - ok
18:58:03.0762 6016 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:58:03.0815 6016 W32Time - ok
18:58:03.0841 6016 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:58:03.0872 6016 WacomPen - ok
18:58:03.0907 6016 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:03.0949 6016 WANARP - ok
18:58:03.0954 6016 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:58:03.0985 6016 Wanarpv6 - ok
18:58:04.0087 6016 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:58:04.0148 6016 WatAdminSvc - ok
18:58:04.0205 6016 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:58:04.0282 6016 wbengine - ok
18:58:04.0302 6016 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:58:04.0334 6016 WbioSrvc - ok
18:58:04.0367 6016 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:58:04.0403 6016 wcncsvc - ok
18:58:04.0421 6016 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:58:04.0461 6016 WcsPlugInService - ok
18:58:04.0507 6016 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:58:04.0524 6016 Wd - ok
18:58:04.0583 6016 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
18:58:04.0599 6016 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
18:58:04.0602 6016 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
18:58:04.0602 6016 Wdf01000 - detected Virus.Win32.Rloader.a (0)
18:58:04.0627 6016 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:58:04.0717 6016 WdiServiceHost - ok
18:58:04.0724 6016 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:58:04.0754 6016 WdiSystemHost - ok
18:58:04.0785 6016 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:58:04.0870 6016 WebClient - ok
18:58:04.0893 6016 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:58:04.0931 6016 Wecsvc - ok
18:58:04.0956 6016 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:58:04.0998 6016 wercplsupport - ok
18:58:05.0062 6016 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:58:05.0120 6016 WerSvc - ok
18:58:05.0158 6016 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:58:05.0210 6016 WfpLwf - ok
18:58:05.0222 6016 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:58:05.0243 6016 WIMMount - ok
18:58:05.0307 6016 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:58:05.0361 6016 winachsf - ok
18:58:05.0419 6016 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:58:05.0491 6016 WinDefend - ok
18:58:05.0502 6016 WinHttpAutoProxySvc - ok
18:58:05.0550 6016 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:58:05.0584 6016 Winmgmt - ok
18:58:05.0655 6016 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:58:05.0801 6016 WinRM - ok
18:58:05.0885 6016 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:58:05.0949 6016 Wlansvc - ok
18:58:06.0069 6016 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:58:06.0184 6016 wlidsvc - ok
18:58:06.0238 6016 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:58:06.0254 6016 WmiAcpi - ok
18:58:06.0282 6016 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:58:06.0315 6016 wmiApSrv - ok
18:58:06.0428 6016 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:58:06.0521 6016 WMPNetworkSvc - ok
18:58:06.0541 6016 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:58:06.0568 6016 WPCSvc - ok
18:58:06.0603 6016 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:58:06.0655 6016 WPDBusEnum - ok
18:58:06.0676 6016 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:58:06.0725 6016 ws2ifsl - ok
18:58:06.0745 6016 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:58:06.0771 6016 wscsvc - ok
18:58:06.0780 6016 WSearch - ok
18:58:06.0864 6016 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:58:06.0986 6016 wuauserv - ok
18:58:07.0042 6016 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:58:07.0112 6016 WudfPf - ok
18:58:07.0164 6016 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:58:07.0212 6016 WUDFRd - ok
18:58:07.0247 6016 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:58:07.0296 6016 wudfsvc - ok
18:58:07.0322 6016 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:58:07.0349 6016 WwanSvc - ok
18:58:07.0383 6016 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
18:58:07.0398 6016 XAudio - ok
18:58:07.0459 6016 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
18:58:07.0484 6016 XAudioService - ok
18:58:07.0543 6016 xcbdaNtscV (d697099edc21307965518f7db5972eb9) C:\Windows\system32\DRIVERS\xcbdaV.sys
18:58:07.0571 6016 xcbdaNtscV - ok
18:58:07.0714 6016 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:58:07.0777 6016 YahooAUService - ok
18:58:07.0809 6016 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
18:58:07.0843 6016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:58:07.0844 6016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:58:07.0933 6016 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:58:07.0933 6016 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:58:07.0942 6016 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
18:58:08.0005 6016 \Device\Harddisk1\DR1 - ok
18:58:08.0010 6016 Boot (0x1200) (4f723df9f9c821b066920f98bcbeaf70) \Device\Harddisk0\DR0\Partition0
18:58:08.0012 6016 \Device\Harddisk0\DR0\Partition0 - ok
18:58:08.0043 6016 Boot (0x1200) (1cd8aaa5183ee978ed79200862ac6e00) \Device\Harddisk0\DR0\Partition1
18:58:08.0044 6016 \Device\Harddisk0\DR0\Partition1 - ok
18:58:08.0050 6016 Boot (0x1200) (a3df845520e479427bfe9cd5f1ce8c99) \Device\Harddisk1\DR1\Partition0
18:58:08.0052 6016 \Device\Harddisk1\DR1\Partition0 - ok
18:58:08.0053 6016 ============================================================
18:58:08.0053 6016 Scan finished
18:58:08.0053 6016 ============================================================
18:58:08.0067 2280 Detected object count: 7
18:58:08.0067 2280 Actual detected object count: 7
18:59:52.0496 2280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:52.0497 2280 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:52.0497 2280 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:52.0497 2280 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:52.0500 2280 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:52.0500 2280 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:52.0502 2280 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:52.0502 2280 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:59:52.0631 2280 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
18:59:52.0848 2280 Backup copy not found, trying to cure infected file..
18:59:52.0852 2280 Cure success, using it..
18:59:53.0063 2280 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
18:59:53.0063 2280 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure 
18:59:53.0095 2280 \Device\Harddisk0\DR0\# - copied to quarantine
18:59:53.0096 2280 \Device\Harddisk0\DR0 - copied to quarantine
18:59:53.0122 2280 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:59:53.0131 2280 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:59:53.0136 2280 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:59:53.0141 2280 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:59:53.0148 2280 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:59:53.0160 2280 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:59:53.0168 2280 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:59:53.0172 2280 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:59:53.0175 2280 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:59:53.0178 2280 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:59:53.0183 2280 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:59:53.0187 2280 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:59:53.0214 2280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:59:53.0215 2280 \Device\Harddisk0\DR0 - ok
18:59:53.0834 2280 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
18:59:53.0835 2280 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:59:53.0835 2280 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Thank you again for your assistance! YOU ARE WONDERFUL


----------



## eddie5659 (Mar 19, 2001)

Thanks, got the files, and look like they are rootkit files. Could be already removed, but they are useful for further analysis :up:

Okay, can you run the following tools now:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-----------------

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## farmerlisa (Mar 24, 2012)

Finally done with today's tasks ... thank you again for your help! Here is the information you requested:

ASWMBR REPORT:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 22:02:23
-----------------------------
22:02:23.358 OS Version: Windows 6.1.7601 Service Pack 1
22:02:23.358 Number of processors: 4 586 0x202
22:02:23.358 ComputerName: LISA-PC UserName: Lisa
22:02:46.354 Initialize success
22:03:25.087 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
22:03:25.087 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
22:03:25.087 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064
22:03:25.102 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
22:03:25.102 Disk 0 MBR read successfully
22:03:25.118 Disk 0 MBR scan
22:03:25.118 Disk 0 Windows 7 default MBR code
22:03:25.134 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 11264 MB offset 63
22:03:25.149 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 465674 MB offset 23069340
22:03:25.165 Disk 0 scanning sectors +976771120
22:03:25.227 Disk 0 scanning C:\Windows\system32\drivers
22:03:31.764 Service scanning
22:03:45.008 Modules scanning
22:04:04.960 Disk 0 trace - called modules:
22:04:04.992 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys 
22:04:04.992 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866283a8]
22:04:05.007 3 CLASSPNP.SYS[8b9ad59e] -> nt!IofCallDriver -> [0x863be9f0]
22:04:05.007 5 ACPI.sys[8b1a53d4] -> nt!IofCallDriver -> \Device\00000063[0x85f008a0]
22:04:05.023 Scan finished successfully
22:04:36.145 Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
22:04:36.160 The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"

MBAM LOG:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.27.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Lisa :: LISA-PC [administrator]
3/27/2012 10:24:50 PM
mbam-log-2012-03-27 (22-24-50).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 604621
Time elapsed: 2 hour(s), 32 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\ProgramData\cl6MFSXX.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\System32\2k3BdWRS.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
C:\Windows\System32\j4W3MpaK3.com (Trojan.VirTool) -> Delete on reboot.
C:\Windows\System32\j4W3MpaK3.com_ (Trojan.VirTool) -> Delete on reboot.
C:\Windows\System32\yUuBM1gl.exe (Trojan.VirTool) -> Quarantined and deleted successfully.
(end)

SUPERANTISPYWARE SCAN LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/28/2012 at 05:31 AM
Application Version : 5.0.1146
Core Rules Database Version : 8389
Trace Rules Database Version: 6201
Scan type : Complete Scan
Total Scan Time : 04:18:34
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 678
Memory threats detected : 0
Registry items scanned : 34860
Registry threats detected : 116
File items scanned : 372869
File threats detected : 129
PUP.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1742908884-2609549574-1285964605-1001\SOFTWARE\FunWebProducts
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
Adware.Tracking Cookie
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\UG11BAZF.txt [ /media6degrees.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\OD95V943.txt [ /adxpose.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FL3QK29M.txt [ /www.mynortonaccount.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\HEB9OUWN.txt [ /apmebf.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FSNQBVME.txt [ /ru4.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\XT5JMKYC.txt [ /yieldmanager.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\RDSY0GZE.txt [ /247realmedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\VKQ8SZYM.txt [ /mediaplex.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\L065RMRR.txt [ /liveperson.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\QG8RY66F.txt [ /mynortonaccount.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\22T13LCN.txt [ /adbrite.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\B4NV9JBW.txt [ /account.norton.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\8BOMN901.txt [ /doubleclick.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\ZGP73I7R.txt [ /atdmt.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\H1I8T7L9.txt [ /ad.yieldmanager.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\Y4K9EJAX.txt [ /revsci.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\PD4M09NL.txt [ /pro-market.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\LB64CSJC.txt [ /casalemedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\34OT63HZ.txt [ /account.norton.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\NONB4MS6.txt [ /c1.atdmt.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\K5T48553.txt [ /serving-sys.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\601O7QZN.txt [ /2o7.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\ZVKMPK4X.txt [ /lucidmedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\0AWMRV27.txt [ /liveperson.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\48P5G10J.txt [ /bizzclick.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\QYKWW8GN.txt [ /invitemedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\TMCDYC10.txt [ /tribalfusion.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\C2MW39CW.txt [ /questionmarket.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\J8Y38TXF.txt [ /ads.undertone.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\CHRVR427.txt [ /fastclick.net ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZW4ALJR.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3T86F3LQ.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SY3M4E5O.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/tracking/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8WVA7XH8.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLOCPMPF.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected].com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DXBX1A02.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PSGG4B23.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUWR1FDU.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\60SUM99R.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\H3W7ZESH.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/theindependent.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KHU8860.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A5H7MJ3A.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G15OK3JH.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9A1YEXOE.txt [ Cookie:[email protected]/cgi-bin/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D66S84GU.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P5U49WTF.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B4141XI.txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XH5INDNM.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IHTKVEPF.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\D0E0BVE7.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XEBYDDP.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7R1HWWH4.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MQ8X2GD.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0STKN4SK.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LTLNU40X.txt [ Cookie:[email protected]/accounts/recovery/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EH1R1YRK.txt [ Cookie:[email protected]/accounts ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\VI500OVP.txt [ Cookie:[email protected]/pagead/conversion/1072690309/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BWW5XROD.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2VQREU0J.txt [ Cookie:[email protected]/advertpro ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\EDTJ85E6.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJFOV51C.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YPU2201.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OB9ULRSR.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0TQ8CDIU.txt [ Cookie:[email protected]/adserving ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7A13DJI.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IQFB6HN.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\X1OJ6BGY.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RXX4DMXZ.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2LLM4FJ.txt [ Cookie:[email protected]/pagead/conversion/999933429/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WR42E6P5.txt [ Cookie:[email protected]sing.sheknows.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZKONWEI.txt [ Cookie:[email protected]/livestats/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MTL2CRU.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9H6G4JUI.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JSS7VGT.txt [ Cookie:[email protected]/accounts ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PY8SYCF5.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ERFB5W8.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\S3AMP9BK.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4J673RU0.txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6JUJUTY1.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\W6PYQ5XU.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PTF21TPQ.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BCVIS6U0.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUJPPB9R.txt [ Cookie:[email protected]/pagead/conversion/1072530749/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHQ4QTQR.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7W6J4BT8.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DDIDCHHX.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IX5WAUF.txt [ Cookie:[email protected]/pagead/conversion/1069095226/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROIRH035.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LQVFG413.txt [ Cookie:[email protected]/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZMEMAH7.txt [ Cookie:[email protected]/pagead/conversion/1046367831/ ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADS.FOODBUZZ ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /ADS.JOONBUG ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /ADTRACKRS ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /C.GIGCOUNT ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /CLICKAIDER ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /CLICKBOOTH ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /JMP.CLICKBOOTH ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SIBLEYCOUNTYFAIR ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /SUPPORT.ECSTATS ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /VA.PX.INVITEMEDIA ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WEB-TRAFFIC-ANALYSIS ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\[email protected][2].TXT [ /WWW.MEDIACOMTODAY ]
Trojan.Agent/Gen-ZAccess
C:\TDSSKILLER_QUARANTINE\26.03.2012_18.56.31\MBR0000\TDLFS0000\TSK0005.DTA

NEW HIJACK THIS REPORT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:19:23 PM, on 3/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Users\Lisa\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coIEPlg.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\Windows\TEMP\E_S8BFD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\Users\Lisa\AppData\Local\Temp\E_SFE6D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_SD5B2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Windows\TEMP\",DllRegisterServer (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11184 bytes

Thank you again, and have a wonderful day!


----------



## eddie5659 (Mar 19, 2001)

Looks like the files were removed 

Okay, can you run these two for me, and post the 3 logs they produce 

------------------

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

------------------------------------

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## farmerlisa (Mar 24, 2012)

Thank you once again ... here is the requested information:

ComboFix 12-03-29.02 - Lisa 03/29/2012 17:55:43.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1586 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\username123.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~NiA8EJOQCvIgdO
c:\programdata\~NiA8EJOQCvIgdOr
c:\programdata\NiA8EJOQCvIgdO
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\odbcad32.exe
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 23:14 . 2012-03-29 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 08:03 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-28 08:03 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-28 08:03 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-28 08:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-28 08:03 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-28 08:03 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-28 06:07 . 2012-03-28 06:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2012-03-28 06:06 . 2012-03-28 06:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 06:06 . 2012-03-28 06:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-28 03:23 . 2012-03-28 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 03:23 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 02:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-27 00:43 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-27 00:43 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 23:59 . 2012-03-26 23:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 21:59 . 2012-03-23 22:18 -------- d-----w- c:\windows\system32\drivers\N360\0601020.00A
2012-03-23 15:15 . 2012-03-23 22:15 -------- d-----w- C:\w
2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\skins
2012-03-23 15:15 . 2012-03-27 00:27 -------- d-----w- C:\e
2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\Data
2012-03-23 04:05 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 03:26 . 2012-03-23 21:43 -------- d--h--w- c:\users\Lisa\AppData\Local\NPE
2012-03-23 03:18 . 2012-03-23 04:18 -------- d--h--w- c:\users\Lisa\AppData\Local\LogMeIn Rescue Applet
2012-03-23 00:44 . 2012-03-23 00:44 -------- d--h--w- c:\users\Lisa\AppData\Roaming\Tific
2012-03-20 01:56 . 2012-03-28 05:17 -------- d--h--w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2012-03-19 20:01 . 2012-03-19 20:01 -------- d-----w- c:\program files\RealNetworks
2012-03-06 17:00 . 2012-03-06 17:00 -------- d--h--w- c:\users\Lisa\AppData\Roaming\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 00:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-23 02:29 . 2010-12-05 21:15 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-19 18:55 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-19 18:55 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-10 03:11 . 2011-05-18 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58 . 2012-02-16 02:56 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 22:28 1174920 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ---ha-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-04 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-19 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-10 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601020.00A\SYMDS.SYS [2011-08-16 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS [2011-11-24 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-17 820856]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601020.00A\ccSetx86.sys [2011-11-04 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120328.002\IDSvix86.sys [2012-03-22 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601020.00A\Ironx86.SYS [2011-11-17 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS [2011-11-17 318584]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 106104]
S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 192.168.1.1
DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
HKCU-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
HKCU-Run-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
SafeBoot-67834180.sys
AddRemove-Pinnacle HFX Volume 1 - c:\windows\unvise32.exe \unvol1log
AddRemove-Pinnacle HFX Volume 2 - c:\windows\unvise32.exe \unvol2log
AddRemove-ShapeCollage - c:\program files\Shape Collage\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,ad,6a,bf,91,08,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-29 18:32:52
ComboFix-quarantined-files.txt 2012-03-29 23:32
.
Pre-Run: 228,811,272,192 bytes free
Post-Run: 228,789,010,432 bytes free
.
- - End Of File - - D08E2F785CF824464B016422E2BBE979

OTL Extras logfile created on: 3/29/2012 6:53:40 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lisa\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 54.58% Memory free
6.00 Gb Paging File | 4.85 Gb Available in Paging File | 80.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.76 Gb Total Space | 213.14 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 163.19 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
Drive E: | 11.00 Gb Total Space | 3.13 Gb Free Space | 28.47% Space Free | Partition Type: NTFS

Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06ADD09E-3ED4-4224-B308-CDFBBCCD1092}" = DaisyTrail Be My Valentine Digikit
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0838C0E7-2D7E-41B7-88A1-42DD9F6B6414}" = DaisyTrail Easter 2010 Digikit
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E2FBF64-9411-4429-9ED1-6B80EEB91DA1}" = DaisyTrail Easter DigiKit
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC5D98-8076-41D3-A28C-A9B0367BB99F}" = Serif Digital Scrapbook Artist Photobook, New Baby
"{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{344A1884-A298-4740-8B7A-3DC3F17F652C}" = Serif WebPlus Starter Edition
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A31F76B-A6C2-495A-ABEB-553ED70CDC22}" = Digital Image Update
"{4BE17802-5214-4B16-B3FD-ED83A33D11DA}" = DaisyTrail Sparkle Sky Digikit
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62292998-4C9E-4D10-97D2-77AEE95FAFAA}" = DaisyTrail Serif Christmas Card 2009 Digikit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6AE9D936-BA5C-449D-BDA4-22BE6DD7CE8B}" = DaisyTrail Playground Digikit
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72369EBF-06F8-41A8-AADB-1622094A7E77}" = DaisyTrail Spooktacular Digikit
"{72F6E0E4-76B4-4C15-8C78-0F098F8FAAC6}" = Serif Christmas Card 2008 DigiKit
"{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist Compact
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789DE23F-A8B4-40B1-9BE4-66C0730377DE}" = DaisyTrail Mexican Wave Digikit
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7EABB767-5B74-469B-86AD-E542986A0DA5}" = DaisyTrail Independence Day Digikit
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B59F5CA-E7F9-45BF-B2A9-BDA2F01C28EA}" = DaisyTrail American Holidays 2010 Digikit
"{8C1D4735-84E4-41E2-A1DB-70EADE27633C}" = Adobe Photoshop Lightroom 3.3
"{8EECBEA8-6DCD-4572-8BDA-5A063D945326}" = Serif Digital Scrapbook Artist Photobook, Contemporary
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85E2E0D-A116-4F39-A571-2FE83B4BF4F2}" = Serif Digital Scrapbook Artist Photobook, Holiday
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6F59547-7A1C-4A98-BDA7-7D5CD096E9BF}" = DaisyTrail Fishing DigiKit
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D64EE99C-9D04-409A-B041-CEB9C6D6B675}" = DaisyTrail Mothers Day DigiKit
"{D73DA7BC-958C-4E10-AB13-AF5A1EB62666}" = Serif Digital Scrapbook Artist Photobook, No Frames
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EFF4CF7F-8A33-4DE7-9E20-39F2894CA1CA}" = DaisyTrail Materials Digikit
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8FD0A90-60FD-4037-B0EA-C8C37877E6B3}" = Serif Digital Scrapbook Artist Photobook, Wedding
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"A-PDF Thumbnailer_is1" = A-PDF Thumbnailer 1.6
"Birdie DOC2PDF Converter_is1" = Birdie DOC2PDF Converter
"Bookworm" = Bookworm (remove only)
"Boxoft PDF to JPG (freeware)_is1" = Boxoft PDF to JPG (freeware)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DIAEUpdate" = Microsoft Digital Image Suite 2006 (Anniversary Edition Update)
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Image to PDF Converter Free_is1" = Image to PDF Converter Free 3.0
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PDF To JPG Converter_is1" = PDF To JPG Converter 2.0.2
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"PrintConductor_is1" = PrintConductor
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"RealPlayer 15.0" = RealPlayer
"STANDARDR" = Microsoft Office Standard 2007
"stax-Pinnacle_is1" = SureThing Express Labeler
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2012 8:15:18 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x64842921
Faulting
process id: 0x1524 Faulting application start time: 0x01cd0a1c58275860 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
Report
Id: 9994a460-760f-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:15:48 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll, version: 5.5.0.145,
time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x000c2921 Faulting
process id: 0x16c0 Faulting application start time: 0x01cd0a1c65c473e0 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\Ask.com\GenericAskToolbar.dll Report Id: ab9ede00-760f-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:16:18 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e2111c0 Exception code: 0xe06d7363 Fault offset: 0x0000d36f Faulting
process id: 0x1af0 Faulting application start time: 0x01cd0a1c7e9a8008 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: bd7edf08-760f-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:16:40 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x64842921
Faulting
process id: 0x1f48 Faulting application start time: 0x01cd0a1c8b2ee5e8 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
Report
Id: cae9cec8-760f-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:17:56 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll, version: 5.5.0.145,
time stamp: 0x4a57dc86 Exception code: 0xc0000409 Fault offset: 0x000c2935 Faulting
process id: 0xebc Faulting application start time: 0x01cd0a1cb11496b8 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\Ask.com\GenericAskToolbar.dll Report Id: f833e4b8-760f-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:18:19 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725, 
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00053341 Faulting
process id: 0x1ea4 Faulting application start time: 0x01cd0a1cbec00a18 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 05dde500-7610-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:19:09 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x64842921
Faulting
process id: 0x1e98 Faulting application start time: 0x01cd0a1cd0904be0 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
Report
Id: 235f1630-7610-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:19:52 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x62972921
Faulting
process id: 0x428 Faulting application start time: 0x01cd0a1cfc5a8448 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
Report
Id: 3d53ffd8-7610-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:20:43 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll, version: 5.5.0.145,
time stamp: 0x4a57dc86 Exception code: 0xc0000409 Fault offset: 0x000c2935 Faulting
process id: 0x1984 Faulting application start time: 0x01cd0a1d15e313a8 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\Ask.com\GenericAskToolbar.dll Report Id: 5b7ec718-7610-11e1-abe5-001e906fdca9

Error - 3/24/2012 8:20:58 PM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, 
time stamp: 0x4d76255d Faulting module name: GenericAskToolbar.dll_unloaded, version:
0.0.0.0, time stamp: 0x4a57dc86 Exception code: 0xc0000005 Fault offset: 0x62972921
Faulting
process id: 0xc78 Faulting application start time: 0x01cd0a1d1f3b8098 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: GenericAskToolbar.dll
Report
Id: 648d9460-7610-11e1-abe5-001e906fdca9

[ Media Center Events ]
Error - 2/14/2010 9:31:56 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 7:31:49 PM - Error connecting to the internet. 7:31:49 PM - Unable
to contact server..

Error - 2/14/2010 10:32:45 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 8:32:45 PM - Error connecting to the internet. 8:32:45 PM - Unable
to contact server..

Error - 2/14/2010 10:33:21 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 8:33:14 PM - Error connecting to the internet. 8:33:14 PM - Unable
to contact server..

Error - 2/15/2010 7:06:29 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 5:06:29 AM - Error connecting to the internet. 5:06:29 AM - Unable
to contact server..

Error - 2/15/2010 7:07:04 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 5:06:58 AM - Error connecting to the internet. 5:06:58 AM - Unable
to contact server..

Error - 2/15/2010 7:16:00 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 5:16:00 PM - Error connecting to the internet. 5:16:00 PM - Unable
to contact server..

Error - 2/15/2010 7:16:36 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 5:16:29 PM - Error connecting to the internet. 5:16:29 PM - Unable
to contact server..

Error - 3/7/2010 7:28:47 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 5:28:40 PM - Failed to retrieve EpgListings (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/5/2010 7:43:53 AM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 6:43:47 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 4/23/2010 7:37:38 PM | Computer Name = Lisa-PC | Source = MCUpdate | ID = 0
Description = 6:37:38 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 3/27/2012 11:06:51 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly. 
It has done this 1 time(s).

Error - 3/28/2012 4:01:17 AM | Computer Name = Lisa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows 7 (KB2621440).

Error - 3/28/2012 4:01:17 AM | Computer Name = Lisa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows 7 (KB2667402).

Error - 3/28/2012 10:11:39 PM | Computer Name = Lisa-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:08:40 PM on ?3/?28/?2012 was unexpected.

Error - 3/29/2012 6:50:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
Description = The EPSON V5 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/29/2012 6:50:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 3/29/2012 6:54:34 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7034
Description = The XAudioService service terminated unexpectedly. It has done this
1 time(s).

Error - 3/29/2012 6:55:12 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/29/2012 7:02:04 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/29/2012 7:14:43 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >

OTL logfile created on: 3/29/2012 6:53:40 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lisa\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 54.58% Memory free
6.00 Gb Paging File | 4.85 Gb Available in Paging File | 80.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.76 Gb Total Space | 213.14 Gb Free Space | 46.87% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 163.19 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
Drive E: | 11.00 Gb Total Space | 3.13 Gb Free Space | 28.47% Space Free | Partition Type: NTFS

Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 18:51:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
PRC - [2012/02/19 13:55:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.1.2.10\ccsvchst.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/09 04:53:20 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/02/20 13:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe -- (N360)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/09 04:52:56 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/06/04 19:24:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/13 03:00:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\username123\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/22 21:29:25 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/22 15:52:12 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120328.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/03/22 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120328.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/22 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/22 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120328.021\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/17 02:15:00 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/03 21:51:54 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/23 21:23:47 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\symefa.sys -- (SymEFA)
DRV - [2011/11/23 20:50:26 | 000,574,584 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\srtsp.sys -- (SRTSP)
DRV - [2011/11/23 20:50:26 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 22:37:59 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\symnets.sys -- (SymNetS)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\ironx86.sys -- (SymIRON)
DRV - [2011/11/04 18:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0601020.00A\symds.sys -- (SymDS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 09:21:36 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/09 04:17:26 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/08/24 23:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/13 17:54:14 | 000,157,568 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbdaV.sys -- (xcbdaNtscV) ViXS Tuner Card (NTSC)
DRV - [2009/07/13 17:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (SrvHsfPCI)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 99 F3 6C 0F A8 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2CCDC4CA-9022-416F-B65F-1A900081AB49}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20100938,6686,0,8,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2233703
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Lisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/03/22 22:35:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/03/29 17:45:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/22 18:30:42 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.65\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Lisa\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/03/29 18:14:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.1.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} http://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab (JamShellLinkX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58A5EB7-E1C0-4317-BA2D-8D7E8AF53A35}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 18:51:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2012/03/29 18:32:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/29 18:32:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/29 17:53:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/29 17:53:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/29 17:53:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/29 17:53:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/29 17:50:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 17:47:39 | 004,448,838 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\username123.exe
[2012/03/28 01:07:50 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/28 01:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/28 01:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/28 01:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/28 01:04:36 | 015,614,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Lisa\Desktop\SUPERAntiSpyware.exe
[2012/03/27 22:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/27 22:23:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/27 22:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/27 22:21:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/27 22:06:11 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\TFC.exe
[2012/03/27 22:01:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2012/03/26 18:59:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/26 18:54:26 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2012/03/26 18:38:50 | 000,518,656 | ---- | C] (Safer Networking Limited) -- C:\Users\Lisa\Desktop\sfp.exe
[2012/03/25 14:46:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\backups
[2012/03/25 14:32:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\dds.com
[2012/03/25 14:31:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lisa\Desktop\HijackThis.exe
[2012/03/23 10:15:09 | 000,000,000 | ---D | C] -- C:\w
[2012/03/23 10:15:08 | 000,000,000 | ---D | C] -- C:\skins
[2012/03/23 10:15:05 | 000,000,000 | ---D | C] -- C:\e
[2012/03/23 10:15:04 | 000,000,000 | ---D | C] -- C:\Data
[2012/03/22 22:26:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\NPE
[2012/03/22 22:18:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\LogMeIn Rescue Applet
[2012/03/22 19:44:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Tific
[2012/03/19 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/03/06 12:00:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\RealNetworks

========== Files - Modified Within 30 Days ==========

[2012/05/23 15:57:38 | 000,755,380 | ---- | M] () -- C:\Users\Lisa\DSC08188.JPG
[2012/03/29 18:51:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2012/03/29 18:16:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/29 18:14:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/29 17:53:13 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 17:53:13 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 17:47:49 | 004,448,838 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\username123.exe
[2012/03/29 17:45:47 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/29 17:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/29 17:45:29 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 01:06:50 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/28 01:05:22 | 015,614,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Lisa\Desktop\SUPERAntiSpyware.exe
[2012/03/27 22:23:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/27 22:21:55 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/27 22:06:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\TFC.exe
[2012/03/27 22:04:36 | 000,000,512 | ---- | M] () -- C:\Users\Lisa\Desktop\MBR.dat
[2012/03/27 22:01:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2012/03/27 21:18:45 | 000,635,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/27 21:18:45 | 000,111,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/26 19:43:59 | 001,439,299 | ---- | M] () -- C:\Windows\System32\drivers\N360\0601020.00A\Cat.DB
[2012/03/26 18:55:53 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2012/03/26 18:39:25 | 000,350,380 | ---- | M] () -- C:\Users\Lisa\Desktop\requested-files[2012-03-26_18_39].cab
[2012/03/26 18:37:48 | 000,264,875 | ---- | M] () -- C:\Users\Lisa\Desktop\sfp.zip
[2012/03/25 23:23:49 | 492,315,529 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/25 14:32:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\dds.com
[2012/03/25 14:31:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lisa\Desktop\HijackThis.exe
[2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\yUuBM1gl.exe_.b
[2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\yUuBM1gl.exe.b
[2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\2k3BdWRS.exe_.b
[2012/03/23 22:14:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\2k3BdWRS.exe.b
[2012/03/23 22:14:33 | 000,000,001 | ---- | M] () -- C:\ProgramData\cl6MFSXX.exe_.b
[2012/03/23 22:14:33 | 000,000,001 | ---- | M] () -- C:\ProgramData\cl6MFSXX.exe.b
[2012/03/23 17:19:21 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/03/23 17:18:49 | 000,008,727 | ---- | M] () -- C:\Windows\System32\drivers\N360\0601020.00A\VT20120301.009
[2012/03/23 17:15:02 | 000,001,096 | ---- | M] () -- C:\tmsgr_s0.bmp
[2012/03/23 17:15:02 | 000,001,028 | ---- | M] () -- C:\tmsgr_s1.bmp
[2012/03/23 17:15:02 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2012/03/23 17:15:02 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2012/03/23 17:15:02 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2012/03/23 17:15:01 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2012/03/23 10:15:27 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2012/03/23 10:15:25 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2012/03/23 10:15:25 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2012/03/23 10:15:24 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2012/03/23 10:15:24 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2012/03/23 10:15:21 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2012/03/23 10:15:21 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2012/03/23 10:15:21 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2012/03/23 10:15:21 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2012/03/23 10:15:20 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2012/03/23 10:15:20 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2012/03/23 10:15:20 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2012/03/23 10:15:20 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2012/03/23 10:15:20 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2012/03/23 10:15:19 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2012/03/23 10:15:09 | 000,001,028 | ---- | M] () -- C:\msgr_on.bmp
[2012/03/22 23:28:16 | 000,001,393 | ---- | M] () -- C:\Users\Lisa\Desktop\iexplore.exe - Shortcut.lnk
[2012/03/22 23:16:02 | 004,247,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/22 22:49:08 | 000,000,884 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/03/22 22:31:22 | 000,001,260 | ---- | M] () -- C:\Users\Lisa\Desktop\Norton Installation Files.lnk
[2012/03/22 22:28:41 | 007,201,475 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\SMRBackup250.dat
[2012/03/22 21:29:25 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/22 21:29:25 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/22 21:29:25 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/22 20:13:59 | 000,000,112 | ---- | M] () -- C:\ProgramData\73b5h28.dat
[2012/03/19 23:42:46 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0601020.00A\isolate.ini
[2012/03/16 18:40:38 | 000,163,572 | ---- | M] () -- C:\Users\Lisa\Documents\Little Sister Hat.pdf

========== Files Created - No Company Name ==========

[2012/03/29 17:53:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/29 17:53:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/29 17:53:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/29 17:53:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/29 17:53:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/28 01:06:50 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/27 22:23:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/27 22:04:36 | 000,000,512 | ---- | C] () -- C:\Users\Lisa\Desktop\MBR.dat
[2012/03/26 18:39:25 | 000,350,380 | ---- | C] () -- C:\Users\Lisa\Desktop\requested-files[2012-03-26_18_39].cab
[2012/03/26 18:37:47 | 000,264,875 | ---- | C] () -- C:\Users\Lisa\Desktop\sfp.zip
[2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\yUuBM1gl.exe_.b
[2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\yUuBM1gl.exe.b
[2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\2k3BdWRS.exe_.b
[2012/03/23 22:14:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\2k3BdWRS.exe.b
[2012/03/23 22:14:33 | 000,000,001 | ---- | C] () -- C:\ProgramData\cl6MFSXX.exe_.b
[2012/03/23 22:14:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\cl6MFSXX.exe.b
[2012/03/23 17:15:02 | 000,001,096 | ---- | C] () -- C:\tmsgr_s0.bmp
[2012/03/23 17:15:02 | 000,001,028 | ---- | C] () -- C:\tmsgr_s1.bmp
[2012/03/23 17:15:02 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2012/03/23 17:15:02 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2012/03/23 17:15:02 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2012/03/23 17:15:01 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2012/03/23 10:15:26 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2012/03/23 10:15:25 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2012/03/23 10:15:24 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2012/03/23 10:15:24 | 000,000,113 | ---- | C] () -- C:\del_1.gif
[2012/03/23 10:15:21 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2012/03/23 10:15:21 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2012/03/23 10:15:21 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2012/03/23 10:15:21 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2012/03/23 10:15:21 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2012/03/23 10:15:20 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2012/03/23 10:15:20 | 000,000,131 | ---- | C] () -- C:\srch_loc_1.gif
[2012/03/23 10:15:20 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2012/03/23 10:15:20 | 000,000,112 | ---- | C] () -- C:\srch_vid_1.gif
[2012/03/23 10:15:19 | 000,000,235 | ---- | C] () -- C:\srch_1.gif
[2012/03/23 10:15:19 | 000,000,112 | ---- | C] () -- C:\srch_img_1.gif
[2012/03/23 10:15:08 | 000,001,028 | ---- | C] () -- C:\msgr_on.bmp
[2012/03/22 23:28:16 | 000,001,393 | ---- | C] () -- C:\Users\Lisa\Desktop\iexplore.exe - Shortcut.lnk
[2012/03/22 22:31:11 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/03/22 22:28:18 | 007,201,475 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\SMRBackup250.dat
[2012/03/22 20:58:33 | 000,001,260 | ---- | C] () -- C:\Users\Lisa\Desktop\Norton Installation Files.lnk
[2012/03/22 20:01:54 | 000,000,112 | ---- | C] () -- C:\ProgramData\73b5h28.dat
[2012/03/16 18:40:36 | 000,163,572 | ---- | C] () -- C:\Users\Lisa\Documents\Little Sister Hat.pdf
[2012/01/07 16:57:28 | 000,000,187 | ---- | C] () -- C:\Windows\PrintCon.INI
[2012/01/07 14:51:15 | 000,135,168 | ---- | C] () -- C:\Windows\System32\MSFIXGRD.dll
[2012/01/07 14:51:14 | 003,980,800 | ---- | C] () -- C:\Windows\System32\COMCTI32.dll
[2011/05/18 16:41:32 | 000,001,940 | ---- | C] () -- C:\Users\Lisa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 19:07:47 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/03/09 04:16:26 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/02/01 22:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/14 19:49:56 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/14 19:49:56 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7B34700598.sys
[2011/01/13 03:03:20 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/10/07 13:13:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/07 13:13:30 | 000,000,256 | ---- | C] () -- C:\Windows\Sierra.ini
[2010/09/29 18:01:13 | 000,008,704 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 08:45:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/15 10:17:34 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2010/07/07 19:29:42 | 000,000,092 | ---- | C] () -- C:\Users\Lisa\AppData\Local\fusioncache.dat

========== LOP Check ==========

[2010/10/10 08:58:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/09 22:10:56 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
[2010/06/22 10:35:46 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Epson
[2012/02/13 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FileZilla
[2010/09/15 19:19:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FinalTorrent
[2010/03/02 08:42:56 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GetRightToGo
[2011/06/07 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Notepad++
[2010/03/02 18:51:55 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\proDAD
[2011/06/17 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Serif
[2010/06/02 09:05:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Softland
[2012/03/22 19:44:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Tific
[2012/01/07 17:45:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\YCanPDF
[2012/03/26 19:06:57 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Thanks 

Now, there are some more files I'd like you to upload as you did before. You can reply to your original thread there 

So, using the same suspicious file packer that you have, can you upload these:



> *
> C:\Windows\System32\yUuBM1gl.exe_.b
> C:\Windows\System32\yUuBM1gl.exe.b
> C:\Windows\System32\2k3BdWRS.exe_.b
> ...


Let me know when they're uploaded 

-----------

Whilst you're doing that, can you go to AddRemove Programs and uninstall this:

*Ask Toolbar*

Then, do the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\username123\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2233703
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERM...l&geo=US&ver=4
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2233703
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] h.com: C:\Program Files\MyWebSearch\bar\1.bin
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

eddie


----------



## farmerlisa (Mar 24, 2012)

Thank you - I'll get this done as soon as I get home. I was gone for a couple of days ... not ignoring you


----------



## farmerlisa (Mar 24, 2012)

HI - thanks again for your help. I've uploaded the file to the other site, and I'm pasting the copy of the report below as asked for. However, I was not able to uninstall the ASK toolbar; even though I am the only user and administrator, a message appears that I am not authorized to remove the program, that I should sign out and then re-sign in as administrator. I'll keep trying that one. 

You are WONDERFUL!

All processes killed
========== OTL ==========
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\username123\mbr.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Lisa\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] h.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lisa\Desktop\cmd.bat deleted successfully.
C:\Users\Lisa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lisa
->Temp folder emptied: 2722494 bytes
->Temporary Internet Files folder emptied: 287811262 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 730 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 373422 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 277.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lisa
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lisa
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04032012_184738
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Thanks for the files :up:

They're from the same virus as the ones we removed earlier, so we'll get rid of them 

How did the uninstall of Ask toolbar go, did it work?

----

Can you run a scan of the following:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

------------

Also, can you run this for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
c:\windows\system32\Macromed\Flash\FlashUtil11e_Active X.exe
:dir
C:\w /sub
C:\skins /sub
C:\e /sub
C:\Data /sub
:filefind
*MyWebSearch
*System Check
:folderfind
*Ask.com
*MyWebSearch
*System Check
:regfind
*MyWebSearch
*System Check
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

----------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> File::
> C:\Windows\System32\yUuBM1gl.exe_.b
> C:\Windows\System32\yUuBM1gl.exe.b
> C:\Windows\System32\2k3BdWRS.exe_.b
> ...


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

eddie


----------



## eddie5659 (Mar 19, 2001)

farmerlisa said:


> Thank you - I'll get this done as soon as I get home. I was gone for a couple of days ... not ignoring you


Its okay, Easter is coming up this weekend, so I completly understand


----------



## farmerlisa (Mar 24, 2012)

Here is the first report ...

VirSCAN.org Scanned Report :
Scanned time : 2012/04/04 17:55:21 (CDT)
Scanner results: Scanners did not find malware!
File Name : nppdf32.dll
File Size : 103864 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 4393dcb856a2a109e266e6f59e2ef31a
SHA1 : b974bd5db987b943773194a0d85ca59f5776ce2f
Online report : http://r.virscan.org/9cc61759bd7506a02829d82f6ac72b44
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120404220528 2012-04-04 10.86 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 4.22 -
AntiVir 8.2.10.24 7.11.25.222 2012-03-22 0.17 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.27 -
Arcavir 2011 201204010133 2012-04-01 3.87 -
Authentium 5.1.1 201204041716 2012-04-04 1.45 -
AVAST! 4.7.4 120404-0 2012-04-04 0.18 -
AVG 12.0.1782 2409/4914 2012-04-04 0.25 -
BitDefender 7.90123.7040340 7.41762 2012-04-05 3.59 -
ClamAV 0.97.3 14742 2012-04-04 0.19 -
Comodo 5.1 11993 2012-04-04 3.03 -
CP Secure 1.3.0.5 2012.04.05 2012-04-05 0.22 -
Dr.Web 7.0.1.2210 2012.04.02 2012-04-02 13.45 -
F-Prot 4.6.2.117 20120404 2012-04-04 0.83 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 2.29 -
Fortinet 4.3.392 15.383 2012-04-04 0.28 -
GData 22.4518 20120405 2012-04-05 9.17 -
ViRobot 20120404 2012.04.04 2012-04-04 0.63 -
Ikarus T3.1.32.20.0 2012.04.04.80873 2012-04-04 4.95 -
JiangMin 13.0.900 2012.04.04 2012-04-04 2.98 -
Kaspersky 5.5.10 2012.04.04 2012-04-04 0.28 -
KingSoft 2009.2.5.15 2012.4.4.9 2012-04-04 4.54 -
McAfee 5400.1158 6670 2012-04-04 8.86 -
Microsoft 1.8202 2012.04.04 2012-04-04 12.68 -
NOD32 3.0.21 7028 2012-04-04 0.18 -
Panda 9.05.01 2012.04.04 2012-04-04 10.79 -
Trend Micro 9.500-1005 8.886.06 2012-04-04 0.19 -
Quick Heal 11.00 2012.04.04 2012-04-04 2.10 -
Rising 20.0 24.03.06.01 2012-04-01 5.51 -
Sophos 3.30.0 4.76 2012-04-05 4.57 -
Sunbelt 3.9.2533.2 11752 2012-04-04 3.93 -
Symantec 1.3.0.24 20120403.022 2012-04-03 0.66 -
nProtect 20120404.01 11077008 2012-04-04 0.00 -
The Hacker 6.7.0.1 v00438 2012-04-03 1.14 -
VBA32 3.12.16.4 20120404.0916 2012-04-04 3.32 -
VirusBuster 5.5.0.2 14.2.11.0/8262559 2012-04-04 0.18 -


----------



## farmerlisa (Mar 24, 2012)

Here is the combofix report .. thank you again! (I sure seem to say that a lot, but I really DO mean it!)

ComboFix 12-04-04.02 - Lisa 04/04/2012 18:26:04.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1565 [GMT -5:00]
Running from: c:\users\Lisa\Desktop\username123.exe
Command switches used :: c:\users\Lisa\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\cl6MFSXX.exe.b"
"c:\programdata\cl6MFSXX.exe_.b"
"c:\windows\System32\2k3BdWRS.exe.b"
"c:\windows\System32\2k3BdWRS.exe_.b"
"c:\windows\System32\yUuBM1gl.exe.b"
"c:\windows\System32\yUuBM1gl.exe_.b"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cl6MFSXX.exe.b
c:\programdata\cl6MFSXX.exe_.b
c:\windows\System32\2k3BdWRS.exe.b
c:\windows\System32\2k3BdWRS.exe_.b
c:\windows\System32\yUuBM1gl.exe.b
c:\windows\System32\yUuBM1gl.exe_.b
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 23:40 . 2012-04-04 23:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-04 23:40 . 2012-04-04 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 23:47 . 2012-04-03 23:47 -------- d-----w- C:\_OTL
2012-03-28 08:03 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-28 08:03 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-28 08:03 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-28 08:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-28 08:03 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-28 08:03 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-28 06:07 . 2012-03-28 06:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\SUPERAntiSpyware.com
2012-03-28 06:06 . 2012-03-28 06:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-28 06:06 . 2012-03-28 06:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-28 03:23 . 2012-03-28 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-28 03:23 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 02:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-27 00:43 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-27 00:43 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 23:59 . 2012-03-26 23:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 21:59 . 2012-03-23 22:18 -------- d-----w- c:\windows\system32\drivers\N360\0601020.00A
2012-03-23 15:15 . 2012-03-23 22:15 -------- d-----w- C:\w
2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\skins
2012-03-23 15:15 . 2012-03-27 00:27 -------- d-----w- C:\e
2012-03-23 15:15 . 2012-03-23 15:15 -------- d-----w- C:\Data
2012-03-23 04:05 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-23 03:26 . 2012-03-23 21:43 -------- d-----w- c:\users\Lisa\AppData\Local\NPE
2012-03-23 03:18 . 2012-03-23 04:18 -------- d-----w- c:\users\Lisa\AppData\Local\LogMeIn Rescue Applet
2012-03-23 00:44 . 2012-03-23 00:44 -------- d-----w- c:\users\Lisa\AppData\Roaming\Tific
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-20 01:56 . 2012-03-28 05:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2012-03-19 20:01 . 2012-03-19 20:01 -------- d-----w- c:\program files\RealNetworks
2012-03-06 17:00 . 2012-03-06 17:00 -------- d-----w- c:\users\Lisa\AppData\Roaming\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 00:07 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-23 02:29 . 2010-12-05 21:15 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-19 18:55 . 2003-03-19 02:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-02-19 18:55 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-10 03:11 . 2011-05-18 00:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-04 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-19 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-10 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 135664]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0601020.00A\SYMDS.SYS [2011-08-16 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0601020.00A\SYMEFA.SYS [2011-11-24 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [2012-03-17 820856]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0601020.00A\ccSetx86.sys [2011-11-04 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120404.002\IDSvix86.sys [2012-03-22 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0601020.00A\Ironx86.SYS [2011-11-17 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0601020.00A\SYMNETS.SYS [2011-11-17 318584]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-22 106104]
S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 192.168.1.1
DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitebuilder.websitewelcome.com/applet/SWHTTPUploaderProj.cab
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,ad,6a,bf,91,08,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,1c,cd,04,d0,ee,5a,4d,99,16,15,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-04 18:42:55
ComboFix-quarantined-files.txt 2012-04-04 23:42
ComboFix2.txt 2012-03-29 23:32
.
Pre-Run: 225,049,972,736 bytes free
Post-Run: 224,993,095,680 bytes free
.
- - End Of File - - 695AE9C63321018153078C885F23E3E1


----------



## eddie5659 (Mar 19, 2001)

When you do come back, can you post the SystemLookUp log, from this part:

http://forums.techguy.org/8310391-post11.html

Just after the virus scan request


----------



## farmerlisa (Mar 24, 2012)

Sorry!!! I ran it, but forgot to include it.  Here it is ... and Happy Easter!

SystemLook 30.07.11 by jpshortstuff
Log created at 18:02 on 04/04/2012 by Lisa
Administrator - Elevation successful
========== file ==========
C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - File found and opened.
MD5: 4393DCB856A2A109E266E6F59E2EF31A
Created at 17:35 on 07/06/2011
Modified at 17:35 on 07/06/2011
Size: 103864 bytes
Attributes: --a----
FileDescription: Adobe PDF Plug-In For Firefox and Netscape "9.4.5"
FileVersion: 9.4.5.236
ProductVersion: 9.4.5.236
OriginalFilename: NPPDF32.DLL
ProductName: Adobe Acrobat
CompanyName: Adobe Systems Inc.
LegalCopyright: Copyright 2003-2010 Adobe Systems Incorporated and its licensors. All rights reserved.
c:\windows\system32\Macromed\Flash\FlashUtil11e_Active X.exe - Unable to find/read file.
========== dir ==========
C:\w - Parameters: "/sub"
---Files---
wea_01_spc_s20.png --a---- 900 bytes [15:15 23/03/2012] [15:15 23/03/2012]
wea_01_spc_s28.png --a---- 1163 bytes [22:15 23/03/2012] [22:15 23/03/2012]
wea_01_spc_s30.png --a---- 1163 bytes [22:15 23/03/2012] [22:15 23/03/2012]
No folders found.
C:\skins - Parameters: "/sub"
---Files---
noskin_vtoggle.png --a---- 314 bytes [15:15 23/03/2012] [15:15 23/03/2012]
noskin_vtoggle_h.png --a---- 374 bytes [15:15 23/03/2012] [15:15 23/03/2012]
No folders found.
C:\e - Parameters: "/sub"
---Files---
add_grp.png --a---- 161 bytes [15:15 23/03/2012] [15:15 23/03/2012]
add_grp_h.png --a---- 194 bytes [15:15 23/03/2012] [15:15 23/03/2012]
ebay27_spc.png --a---- 768 bytes [15:15 23/03/2012] [15:15 23/03/2012]
ecap_s0.png --a---- 163 bytes [00:15 24/03/2012] [00:15 24/03/2012]
ecap_s0_h.png --a---- 140 bytes [15:15 23/03/2012] [15:15 23/03/2012]
ecap_s1.png --a---- 168 bytes [15:15 23/03/2012] [15:15 23/03/2012]
ecap_s1_h.png --a---- 139 bytes [15:15 23/03/2012] [15:15 23/03/2012]
mess_01_spc_s0.png --a---- 1199 bytes [15:15 23/03/2012] [15:15 23/03/2012]
mess_01_spc_s1.png --a---- 1199 bytes [22:15 23/03/2012] [22:15 23/03/2012]
sbx.png --a---- 193 bytes [15:15 23/03/2012] [15:15 23/03/2012]
sbx_h.png --a---- 209 bytes [15:15 23/03/2012] [15:15 23/03/2012]
sset_02_s0.png --a---- 598 bytes [15:15 23/03/2012] [15:15 23/03/2012]
sset_02_s1.png --a---- 666 bytes [00:27 27/03/2012] [00:27 27/03/2012]
tb_face_s.png --a---- 778 bytes [22:15 23/03/2012] [22:15 23/03/2012]
tb_fac_burst3.png --a---- 1155 bytes [15:15 23/03/2012] [15:15 23/03/2012]
ybang_200908276_h.png --a---- 425 bytes [15:15 23/03/2012] [15:15 23/03/2012]
ybang_pp.png --a---- 2051 bytes [15:15 23/03/2012] [15:15 23/03/2012]
No folders found.
C:\Data - Parameters: "/sub"
---Files---
None found.
C:\Data\default d------ [15:15 23/03/2012]
alrt_204.data --a---- 41 bytes [22:15 23/03/2012] [22:15 23/03/2012]
feed4.data --a---- 37144 bytes [15:15 23/03/2012] [22:15 23/03/2012]
us_p_c.data --a---- 40414 bytes [15:15 23/03/2012] [15:15 23/03/2012]
us_sres.data --a---- 1573 bytes [15:15 23/03/2012] [15:15 23/03/2012]
us_yb_c.data --a---- 32790 bytes [15:15 23/03/2012] [22:15 23/03/2012]
========== filefind ==========
Searching for "*MyWebSearch"
No files found.
Searching for "*System Check"
No files found.
========== folderfind ==========
Searching for "*Ask.com"
C:\Program Files\Ask.com d------ [02:40 16/04/2010]
C:\_OTL\MovedFiles\04032012_184738\C_Program Files\Ask.com d------ [23:47 03/04/2012]
Searching for "*MyWebSearch"
C:\Users\Lisa\AppData\LocalLow\MyWebSearch d------ [01:52 05/01/2011]
Searching for "*System Check"
C:\Qoobox\Quarantine\C\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check d------ [23:13 29/03/2012]
========== regfind ==========
Searching for "*MyWebSearch"
No data found.
Searching for "*System Check"
No data found.
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

That's okay and hope you have had a Happy Easter as well 

Please *download* *OTM* 

 *Save* it to your *desktop*. 
 Please double-click *OTM* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*). 
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Users\Lisa\AppData\LocalLow\MyWebSearch
C:\Program Files\Ask.com
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[CREATERESTOREPOINT] 
[EMPTYFLASH] 
[Reboot]
```

Return to OTM, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button. 
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply. 
Close *OTM* and reboot your PC. 
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post

================================

Then, can you run this for me:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

------------

And finally this:

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC Now* button. 
A new window will open...click the *Scan Now* button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) 
If it wants to run an AddOn component allow it.
It should now start scanning.
When the scan completes, if anything malicious is detected, click the *See Report* button, then Save Report by clicking on *Export To icon* and save it to a convenient location. Post the contents of the ActiveScan report.

eddie


----------



## farmerlisa (Mar 24, 2012)

OK ... thank you  Here is the OTM report:

All processes killed
========== FILES ==========
C:\Users\Lisa\AppData\LocalLow\MyWebSearch\bar\Settings folder moved successfully.
C:\Users\Lisa\AppData\LocalLow\MyWebSearch\bar\Message\COMMON folder moved successfully.
C:\Users\Lisa\AppData\LocalLow\MyWebSearch\bar\Message folder moved successfully.
C:\Users\Lisa\AppData\LocalLow\MyWebSearch\bar\History folder moved successfully.
C:\Users\Lisa\AppData\LocalLow\MyWebSearch\bar\Cache folder moved successfully.
C:\Users\Lisa\AppData\LocalLow\MyWebSearch\bar folder moved successfully.
C:\Users\Lisa\AppData\LocalLow\MyWebSearch folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lisa
->Temp folder emptied: 1088 bytes
->Temporary Internet Files folder emptied: 7812047 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2065 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lisa
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 04092012_135019
Files moved on Reboot...
Registry entries deleted on Reboot...

AND HERE IS THE SECURITY CHECKUP REPORT ...
Results of screen317's Security Check version 0.99.32 
Windows 7 Service Pack 1 x86 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
Norton 360 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
SUPERAntiSpyware 
Java(TM) 6 Update 26 
*Java version out of date!* 
Adobe Reader 9 *Adobe Reader out of date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Norton ccSvcHst.exe 
*``````````End of Log````````````*

AND HERE IS THE ACTIVE SCAN REPORT:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-04-09 18:24:51
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\avbsb6gn.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\dttwgjzr.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\38txtnax.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\npz0dg4c.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\pj5pg8wx.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\razdpex9.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\d11t4u8g.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\1i903l29.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\ixd0s04r.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\vae4183t.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\06mpjm6t.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\kxu0cbc5.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\2gtgrrq1.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\cq9v2cp8.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\huhpnla1.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\1bze0db5.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\uad12e8j.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\1cyxj15h.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\7e08jx8h.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\23zihwph.txt
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\l9md78hh.txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\6crsry17.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\0ceg89hb.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\1livqgon.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\ife1ndho.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\bjry90fj.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\u8o7acza.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\frojfyao.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\jb5giebr.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\27ik4k9z.txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\rzo2rh8c.txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\g93xogg9.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\kdf43n7w.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\72ysxnsw.txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\967ytowz.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\pm6h9109.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\0ligw0ju.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\d71gkzr6.txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\zn5wq9qv.txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\uf2u7q16.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\55hn8vum.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\w4j0w8vj.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\eaa0krk4.txt
00172221 Cookie/Zedo  TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\njpunz2y.txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\low\5azzziwn.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\lisa\appdata\roaming\microsoft\windows\cookies\3qykaf5b.txt
09348528 Rootkit/Agent.HKR HackTools No 0 Yes No c:\tdsskiller_quarantine\26.03.2012_18.56.31\rtkt0000\svc0000\tsk0000.dta
10326804 Generic Malware Virus/Trojan No 0 No No c:\users\lisa\desktop\requested-files[2012-03-26_18_39].cab[c:\windows\system32\2k3bdwrs.exe]
10326804 Generic Malware Virus/Trojan No 0 No No c:\users\lisa\desktop\requested-files[2012-03-26_18_39].cab[c:\programdata\cl6mfsxx.exe]
10326804 Generic Malware Virus/Trojan No 0 No No c:\users\lisa\desktop\requested-files[2012-03-26_18_39].cab[c:\windows\system32\j4w3mpak3.com]
10326804 Generic Malware Virus/Trojan No 0 No No c:\users\lisa\desktop\requested-files[2012-03-26_18_39].cab[c:\windows\system32\j4w3mpak3.com_]
10326804 Generic Malware Virus/Trojan No 0 No No c:\users\lisa\desktop\requested-files[2012-03-26_18_39].cab[c:\windows\system32\yuubm1gl.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\users\lisa\desktop\aswmbr.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Thanks again!


----------



## eddie5659 (Mar 19, 2001)

Okay, that's all looking good, so can you do this, and we're nearly there 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

eddie


----------



## farmerlisa (Mar 24, 2012)

HI - sorry if I've been doing things wrong ...  Hopefully this is right ... thank you for your patience! I've run the report, made sure the "wordwrap" was NOT selected, and have attached the txt report.


----------



## eddie5659 (Mar 19, 2001)

Its loaded fine :up:

So, here we go 

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
YY -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie


----------



## farmerlisa (Mar 24, 2012)

Here's the report ...

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN not found.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 04122012_181555

THANK YOU!!!!!!


----------



## eddie5659 (Mar 19, 2001)

Okay, that's looking better 

How's the computer now, are the original problems still happening?

If all okay, we'll update some programs and remove the tools we've used, but I'll wait for your reply 

eddie


----------



## farmerlisa (Mar 24, 2012)

Everything is running wonderfully! Quicker than ever. :up:


----------



## eddie5659 (Mar 19, 2001)

Excellent 

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 3 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u3-windows-i586.exe* and select "Run as an Administrator.")

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
TDSSKiller
aswMBR
SystemLook
Security Check
*
==============================

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Create Restore Point (Win7)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------

