Bigdadsearch - pc novice needs help removing

Its taken over my internet, and now pages aren't loading. its taken over my firefox. For some reason Chrome will not install or run on this computer, and I don't use IE.

Any step by step instructions on how to save my computer would be great. I have to use it for work, and my work site isn't even loading now. It says the page is unavailable, but I can load it from my laptop. This is happening on lots of pages. Malwarebytes isn't picking anything up.

My hijack this logfile (surprised I figured out how to do this)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:14 PM, on 8/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Melissa\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\Symantec\SYMANT~2\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Melissa\My Documents\Downloads\HijackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gacela-Reporting-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Reporting.exe
O23 - Service: Gacela-Update-Service - Unknown owner - C:\Program Files\Gacela\Gacela-Updater.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~2\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFME (WDFMEService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRules (WDRulesService) - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

--
End of file - 15077 bytes

Hello!

ComboFix

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.
  

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:
  

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Thank you for replying and I will give this a try! Working on it now.

here is my ComboFix log.


ComboFix 12-08-13.01 - Melissa 08/13/2012 13:33:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1280 [GMT -4:00]
Running from: c:\documents and settings\Melissa\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Melissa\My Documents\~WRL0001.tmp
c:\documents and settings\Melissa\My Documents\~WRL0002.tmp
c:\documents and settings\Melissa\My Documents\~WRL0003.tmp
c:\documents and settings\Melissa\My Documents\~WRL0004.tmp
c:\documents and settings\Melissa\My Documents\~WRL0005.tmp
c:\documents and settings\Melissa\My Documents\~WRL0006.tmp
c:\documents and settings\Melissa\My Documents\~WRL0007.tmp
c:\documents and settings\Melissa\My Documents\~WRL0008.tmp
c:\documents and settings\Melissa\My Documents\~WRL0502.tmp
c:\documents and settings\Melissa\My Documents\~WRL1640.tmp
c:\documents and settings\Melissa\My Documents\~WRL1827.tmp
c:\documents and settings\Melissa\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET3D8.tmp
c:\windows\system32\SET465.tmp
c:\windows\system32\SETA01.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\w32time.dll.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-11 20:40 . 2012-08-11 20:41 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-01 15:55 . 2012-08-01 15:55 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-07-29 02:32 . 2012-07-29 02:35 -------- d-----w- c:\documents and settings\Melissa\Application Data\calibre
2012-07-29 02:31 . 2012-07-29 02:32 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:40 . 2012-03-31 18:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:40 . 2011-05-20 18:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 19:13 . 2009-06-09 17:28 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-03 17:46 . 2009-04-25 15:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-26 07:00 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-07-31 00:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-07-31 00:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-31 00:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-12-16 01:32 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2007-12-16 01:32 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-12-16 01:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-21 02:59 . 2010-12-01 17:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-21 02:59 . 2012-05-21 02:59 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-16 15:08 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-06 14:41 . 2011-10-04 00:11 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-03-07 13:48 4886136 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 18:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-06-04 13:31 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 11:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 14:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 14:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 17:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2005-05-19 12:54 1345520 ----a-w- c:\windows\system32\CTMBHA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 13:19 13680640 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2004-12-22 21:40 24576 ----a-w- c:\windows\MIDIDEF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-18 21:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-17 01:38 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 11:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Melissa\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/3/2012 10:11 PM 101112]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 4:19 AM 169408]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2009 11:26 AM 655944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2012 9:57 PM 106656]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2/4/2012 5:35 PM 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2009 11:26 AM 22344]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Gacela-Reporting-Service;Gacela-Reporting-Service;c:\program files\Gacela\Gacela-Reporting.exe [1/24/2011 11:36 AM 102400]
S2 Gacela-Update-Service;Gacela-Update-Service;c:\program files\Gacela\Gacela-Updater.exe [1/24/2011 11:36 AM 180224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:51 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 2:13 PM 250056]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:51 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 11:43 AM 113120]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 4:18 AM 14336]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/13/2008 3:11 PM 29522]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 AM 6784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILDRV11220
*NewlyCreated* - PBFILTER
*Deregistered* - EraserUtilDrv11220
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:41]
.
2012-08-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-DD9CMPB1-Melissa.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 07:25]
.
2012-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:51]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:51]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527215789-1701368317-3731378144-1006Core.job
- c:\documents and settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-18 19:33]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527215789-1701368317-3731378144-1006UA.job
- c:\documents and settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-18 19:33]
.
2012-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2527215789-1701368317-3731378144-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2012-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2527215789-1701368317-3731378144-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Search
FF - user.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-Symantec Antvirus
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AmazonGSDownloaderTray - c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSConfigStartUp-Creative Detector - c:\program files\Creative\MediaSource\Detector\CTDetect.exe
MSConfigStartUp-DLA - c:\windows\System32\DLA\DLACTRLW.EXE
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Melissa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 13:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
.
Completion time: 2012-08-13 13:52:54
ComboFix-quarantined-files.txt 2012-08-13 17:52
.
Pre-Run: 244,922,675,200 bytes free
Post-Run: 245,312,663,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0D553F709975FACB067DA6894A3B1E98

ComboFix Script

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  DDS::
  FF - prefs.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
  FF - prefs.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
  FF - user.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
  FF - user.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
  
  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
• Close the program window, and delete the program from your Desktop.

here is my CFScript log


ComboFix 12-08-14.02 - Melissa 08/14/2012 12:10:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1307 [GMT -4:00]
Running from: c:\documents and settings\Melissa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Melissa\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-11 20:40 . 2012-08-11 20:41 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-01 15:55 . 2012-08-01 15:55 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-07-29 02:32 . 2012-07-29 02:35 -------- d-----w- c:\documents and settings\Melissa\Application Data\calibre
2012-07-29 02:31 . 2012-07-29 02:32 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 23:40 . 2012-03-31 18:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:40 . 2011-05-20 18:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 19:13 . 2009-06-09 17:28 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-03 17:46 . 2009-04-25 15:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-26 07:00 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-07-31 00:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-07-31 00:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-31 00:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-12-16 01:32 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2007-12-16 01:32 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-12-16 01:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-21 02:59 . 2010-12-01 17:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-21 02:59 . 2012-05-21 02:59 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-06 14:41 . 2011-10-04 00:11 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-03-07 13:48 4886136 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 18:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-06-04 13:31 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 11:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 14:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 14:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 17:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2005-05-19 12:54 1345520 ----a-w- c:\windows\system32\CTMBHA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 13:19 13680640 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2004-12-22 21:40 24576 ----a-w- c:\windows\MIDIDEF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-18 21:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-17 01:38 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 11:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Melissa\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/3/2012 10:11 PM 101112]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 4:19 AM 169408]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2009 11:26 AM 655944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2012 9:57 PM 106656]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2/4/2012 5:35 PM 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2009 11:26 AM 22344]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Gacela-Reporting-Service;Gacela-Reporting-Service;c:\program files\Gacela\Gacela-Reporting.exe [1/24/2011 11:36 AM 102400]
S2 Gacela-Update-Service;Gacela-Update-Service;c:\program files\Gacela\Gacela-Updater.exe [1/24/2011 11:36 AM 180224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:51 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 2:13 PM 250056]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:51 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 11:43 AM 113120]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 4:18 AM 14336]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/13/2008 3:11 PM 29522]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 AM 6784]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ERASERUTILDRV11220
*NewlyCreated* - PBFILTER
*Deregistered* - EraserUtilDrv11220
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:41]
.
2012-08-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-DD9CMPB1-Melissa.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 07:25]
.
2012-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:51]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:51]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527215789-1701368317-3731378144-1006Core.job
- c:\documents and settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-18 19:33]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527215789-1701368317-3731378144-1006UA.job
- c:\documents and settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-18 19:33]
.
2012-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2527215789-1701368317-3731378144-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2012-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2527215789-1701368317-3731378144-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Search
FF - user.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 12:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1264)
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
.
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WININET.dll
c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
.
Completion time: 2012-08-14 12:30:19
ComboFix-quarantined-files.txt 2012-08-14 16:30
ComboFix2.txt 2012-08-13 17:52
.
Pre-Run: 244,787,601,408 bytes free
Post-Run: 244,760,592,384 bytes free
.
- - End Of File - - 329DFAFAA85D9559274BA35035BF4496

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Melissa at 12:33:11 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1293 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
{5ca3d70e-1895-11cf-8e15-001234567890}
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{E7ED8C82-C866-4268-AE1E-98F1534779BE} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\melissa\application data\mozilla\firefox\profiles\1jlll0ge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\melissa\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\melissa\application data\mozilla\firefox\profiles\1jlll0ge.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\melissa\application data\mozilla\firefox\profiles\1jlll0ge.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\melissa\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Search
FF - user.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-5-3 101112]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-6 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-6 108392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-25 655944]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2007-9-6 2177464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-4 106656]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2012-2-4 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-25 22344]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120813.003\NAVENG.SYS [2012-8-13 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120813.003\NAVEX15.SYS [2012-8-13 1589752]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Gacela-Reporting-Service;Gacela-Reporting-Service;c:\program files\gacela\Gacela-Reporting.exe [2011-1-24 102400]
S2 Gacela-Update-Service;Gacela-Update-Service;c:\program files\gacela\Gacela-Updater.exe [2011-1-24 180224]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-8-16 14336]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2008-1-13 29522]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-25 6784]
S4 vsdatant;vsdatant;a --> a [?]
.
=============== Created Last 30 ================
.
2012-08-13 17:13:19 -------- d-sha-r- C:\cmdcons
2012-08-13 16:53:30 98816 ----a-w- c:\windows\sed.exe
2012-08-13 16:53:30 518144 ----a-w- c:\windows\SWREG.exe
2012-08-13 16:53:30 256000 ----a-w- c:\windows\PEV.exe
2012-08-13 16:53:30 208896 ----a-w- c:\windows\MBR.exe
2012-08-11 20:40:08 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-01 15:55:27 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-07-29 02:32:27 -------- d-----w- c:\documents and settings\melissa\application data\calibre
2012-07-29 02:31:29 -------- d-----w- c:\program files\Calibre2
.
==================== Find3M ====================
.
2012-08-02 23:40:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 23:40:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 19:13:49 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-21 02:59:03 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-21 02:59:01 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
.
============= FINISH: 12:34:00.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/18/2007 3:10:21 PM
System Uptime: 8/10/2012 9:59:50 PM (87 hours ago)
.
Motherboard: Dell Inc. | | 0FJ030
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 293 GiB total, 227.989 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 931 GiB total, 359.402 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_04A9&PID_1729&MI_02\6&2F7294AC&0&0002
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_04A9&PID_1729&MI_02\6&2F7294AC&0&0002
Service: USBSTOR
.
==== System Restore Points ===================
.
RP1566: 5/14/2012 11:59:32 AM - Software Distribution Service 3.0
RP1567: 5/15/2012 2:43:43 PM - System Checkpoint
RP1568: 5/16/2012 9:12:05 PM - System Checkpoint
RP1569: 5/17/2012 9:50:06 PM - System Checkpoint
RP1570: 5/19/2012 12:27:25 PM - System Checkpoint
RP1571: 5/20/2012 2:28:36 PM - System Checkpoint
RP1572: 5/20/2012 10:58:48 PM - Installed Java(TM) 7 Update 4
RP1573: 5/20/2012 11:00:02 PM - Installed JavaFX 2.1.0
RP1574: 5/22/2012 12:29:42 PM - System Checkpoint
RP1575: 5/22/2012 3:24:28 PM - Software Distribution Service 3.0
RP1576: 5/23/2012 9:59:59 AM - Software Distribution Service 3.0
RP1577: 5/24/2012 10:53:37 AM - System Checkpoint
RP1578: 5/25/2012 11:53:34 AM - System Checkpoint
RP1579: 5/26/2012 12:12:01 PM - System Checkpoint
RP1580: 5/27/2012 2:44:26 PM - System Checkpoint
RP1581: 5/28/2012 3:27:58 PM - System Checkpoint
RP1582: 5/29/2012 11:36:12 PM - System Checkpoint
RP1583: 5/31/2012 11:53:17 AM - System Checkpoint
RP1584: 6/1/2012 6:05:57 PM - System Checkpoint
RP1585: 6/2/2012 10:26:27 PM - System Checkpoint
RP1586: 6/4/2012 4:42:02 PM - System Checkpoint
RP1587: 6/5/2012 2:36:42 PM - Software Distribution Service 3.0
RP1588: 6/6/2012 3:48:17 PM - System Checkpoint
RP1589: 6/7/2012 4:29:52 PM - System Checkpoint
RP1590: 6/8/2012 4:46:05 PM - System Checkpoint
RP1591: 6/10/2012 4:52:15 PM - System Checkpoint
RP1592: 6/11/2012 11:05:07 PM - System Checkpoint
RP1593: 6/13/2012 1:53:16 PM - System Checkpoint
RP1594: 6/14/2012 11:27:14 AM - Software Distribution Service 3.0
RP1595: 6/15/2012 12:07:11 PM - System Checkpoint
RP1596: 6/15/2012 11:45:09 PM - Removed Netflix Movie Viewer
RP1597: 6/15/2012 11:48:20 PM - Removed Roxio DLA
RP1598: 6/16/2012 11:09:34 AM - Software Distribution Service 3.0
RP1599: 6/17/2012 2:13:16 PM - System Checkpoint
RP1600: 6/20/2012 12:13:11 AM - Removed Java(TM) 6 Update 22
RP1601: 6/20/2012 1:43:55 AM - Removed Quarantine Console
RP1602: 6/21/2012 9:58:02 PM - System Checkpoint
RP1603: 6/25/2012 10:57:28 AM - System Checkpoint
RP1604: 6/26/2012 6:52:36 PM - System Checkpoint
RP1605: 6/30/2012 3:29:14 PM - System Checkpoint
RP1606: 7/2/2012 12:59:42 AM - System Checkpoint
RP1607: 7/3/2012 1:48:33 AM - System Checkpoint
RP1608: 7/4/2012 2:48:32 AM - System Checkpoint
RP1609: 7/5/2012 3:23:54 AM - System Checkpoint
RP1610: 7/6/2012 10:42:10 AM - System Checkpoint
RP1611: 7/7/2012 11:04:57 AM - System Checkpoint
RP1612: 7/8/2012 11:59:39 AM - System Checkpoint
RP1613: 7/9/2012 1:08:31 PM - System Checkpoint
RP1614: 7/11/2012 3:31:07 PM - Software Distribution Service 3.0
RP1615: 7/12/2012 6:55:15 PM - System Checkpoint
RP1616: 7/14/2012 3:54:27 PM - System Checkpoint
RP1617: 7/17/2012 8:57:12 PM - System Checkpoint
RP1618: 7/19/2012 1:23:38 PM - System Checkpoint
RP1619: 7/28/2012 10:31:20 PM - Installed calibre
RP1620: 8/1/2012 11:52:48 AM - Installed Garmin Lifetime Updater
RP1621: 8/1/2012 11:55:03 AM - Removed Garmin Lifetime Updater
RP1622: 8/3/2012 10:23:02 AM - System Checkpoint
RP1623: 8/7/2012 11:54:37 AM - System Checkpoint
RP1624: 8/8/2012 12:14:47 PM - System Checkpoint
RP1625: 8/9/2012 3:05:54 PM - System Checkpoint
RP1626: 8/10/2012 7:29:24 PM - System Checkpoint
RP1627: 8/10/2012 11:12:05 PM - Installed SpyHunter
RP1628: 8/11/2012 4:40:56 PM - Removed SpyHunter
RP1629: 8/11/2012 4:45:39 PM - Removed WD SmartWare
RP1630: 8/11/2012 4:48:24 PM - Removed WD Software Upgrader
RP1631: 8/12/2012 8:31:40 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.5.1
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
Amazon Send to Kindle
Andrea VoiceCenter
AnyDVD
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
Banctec Service Agreement
Big Kahuna Reef
Bonjour
calibre
Canon MP Navigator EX 1.0
Canon MX700 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
Cisco Connect
CloneDVD2
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Disney's Winnie the Pooh Kindergarten
DocProc
DocProcQFolder
Documentation & Support Launcher
Dropbox
Elements 9 Organizer
Elements STI Installer
ELIcon
Facebook Plug-In
Fishdom H2O Hidden Odyssey 1.00
Flickr Uploadr 3.0.5
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin USB Drivers
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
House of 1000 Doors - Family Secrets CE
House of 1000 Doors 2 The Palm of Zoroaster CE
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
Intuit SiteBuilder
iPhone Configuration Utility
IrfanView (remove only)
iTunes
iTunes Agent 1.3.4
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
Kindle Auto eBook Converter 0.4.50
LiveUpdate 3.3 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Resource Center
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mobipocket Creator 4.2
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
NVIDIA Drivers
NVIDIA PhysX
OCR Software by I.R.I.S 7.0
Otto
PDF Maker DLL
PDF Settings
PeerBlock 1.1 (r518)
Peggle Deluxe
Peggle Nights
Picasa 3
QuickTime
RealPlayer
RealUpgrade 1.0
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shadow Wolf Mysteries - Bane of the Family CE
Shadow Wolf Mysteries - Curse of the Full Moon
Shutterfly Plugin
Skype™ 5.3
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spelling Dictionaries Support For Adobe Reader 8
swMSM
Symantec Endpoint Protection
Symantec System Center
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.2
VoiceOver Kit
WebFldrs XP
WebReg
Windows Desktop Search 3.01
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Detect
.
==== End Of File ===========================

ComboFix Script

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::
  
  DDS::
  FF - prefs.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
  FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
  FF - prefs.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
  FF - user.js: yahoo.homepage.dontask - true
  FF - user.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
  FF - user.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
  
  Driver::
  vsdatant
  
  File::
  c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

ComboFix 12-08-25.04 - Melissa 08/27/2012 13:21:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1320 [GMT -4:00]
Running from: c:\documents and settings\Melissa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Melissa\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.
FILE ::
"c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vsdatant
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-16 03:52 . 2012-07-06 13:58 78336 ------w- c:\windows\system32\dllcache\browser.dll
2012-08-11 20:40 . 2012-08-11 20:41 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-01 15:55 . 2012-08-01 15:55 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-07-29 02:32 . 2012-07-29 02:35 -------- d-----w- c:\documents and settings\Melissa\Application Data\calibre
2012-07-29 02:31 . 2012-07-29 02:32 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:40 . 2012-03-31 18:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 02:40 . 2011-05-20 18:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 19:13 . 2009-06-09 17:28 230840 ----a-r- c:\windows\system32\cpnprt2.cid
2012-07-06 13:58 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-08-16 08:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2009-04-25 15:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2005-08-16 08:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2005-08-16 08:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2005-08-16 08:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2005-08-16 08:18 385024 ----a-w- c:\windows\system32\html.iec
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-08-26 07:00 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 08:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 08:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-07-31 00:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 08:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 08:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 08:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-07-31 00:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-07-31 00:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 08:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 08:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-07-31 00:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 08:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 08:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2007-12-16 01:32 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2007-12-16 01:32 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2007-12-16 01:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 08:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-08-06 14:41 . 2011-10-04 00:11 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_17.47.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-27 17:40 . 2012-08-27 17:40 16384 c:\windows\Temp\Perflib_Perfdata_ee4.dat
+ 2012-08-27 17:45 . 2012-08-27 17:45 16384 c:\windows\Temp\Perflib_Perfdata_ccc.dat
+ 2012-08-27 13:57 . 2012-08-27 13:57 16384 c:\windows\Temp\Perflib_Perfdata_9c8.dat
+ 2012-08-27 17:39 . 2012-08-27 17:39 16384 c:\windows\Temp\Perflib_Perfdata_954.dat
+ 2005-08-16 08:18 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2007-08-13 23:54 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-11 04:48 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-11 04:48 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2007-11-27 20:07 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-11-27 20:07 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-11-18 20:24 . 2012-07-11 19:40 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-16 13:38 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2007-12-02 17:24 . 2012-08-17 08:10 1984 c:\windows\system32\d3d9caps.dat
- 2007-12-02 17:24 . 2012-08-13 04:27 1984 c:\windows\system32\d3d9caps.dat
+ 2012-08-27 17:39 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2006-08-30 18:18 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2007-08-13 23:54 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
+ 2012-08-15 02:40 . 2012-08-15 02:40 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-15 01:41 . 2012-08-15 01:41 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 01:41 . 2012-08-15 01:41 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-03-31 18:13 . 2012-08-02 23:41 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-03-31 18:13 . 2012-08-15 02:40 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2005-08-16 08:18 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2005-08-16 08:18 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
- 2005-08-16 08:18 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2005-08-16 08:18 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
+ 2007-06-19 22:08 . 2011-07-08 20:44 167936 c:\windows\system32\drivers\WpsHelper.sys
- 2007-06-19 22:08 . 2011-06-22 23:05 167936 c:\windows\system32\drivers\WpsHelper.sys
+ 2005-08-16 08:18 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
- 2005-08-16 08:18 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-10 20:32 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2005-08-16 08:18 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-10-24 00:00 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-11-27 20:07 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2007-11-27 20:07 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
- 2012-06-13 17:11 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2012-06-13 17:11 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2009-06-11 04:48 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-11 04:48 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 21:00 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 21:00 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2005-08-16 08:18 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2005-08-16 08:18 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2005-08-16 08:18 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\28e8e74f.msp
- 2007-11-18 20:24 . 2012-07-11 19:40 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-04-22 18:26 . 2011-04-22 18:26 688128 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\JP2KLib.dll
+ 2009-01-18 21:00 . 2009-01-18 21:00 598016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AXSLE.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe
+ 2012-01-02 15:07 . 2012-01-02 15:07 843712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearm.exe
+ 2011-06-23 14:54 . 2011-06-23 14:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-16 13:38 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-16 13:38 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-16 13:38 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-16 13:38 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-16 13:38 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
- 2005-08-16 08:18 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
+ 2012-08-15 02:40 . 2012-08-15 02:40 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2007-08-13 23:34 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2005-08-16 08:27 . 2012-08-16 14:13 1666296 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 08:27 . 2012-07-11 22:45 1666296 c:\windows\system32\FNTCACHE.DAT
- 2008-10-14 23:47 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-10-14 23:47 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
- 2005-08-16 08:18 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2005-08-16 08:18 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
- 2007-11-27 20:07 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2007-11-27 20:07 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\28e8e77d.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 5009920 c:\windows\Installer\28e8e721.msp
+ 2012-07-31 16:18 . 2012-07-31 16:18 5018624 c:\windows\Installer\1cc48e.msp
+ 2007-11-18 20:24 . 2012-08-16 13:53 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-11-18 20:24 . 2012-08-16 13:53 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-11-18 20:24 . 2012-07-11 19:40 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-31 02:16 . 2011-01-31 02:16 5713408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AGM.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-16 13:38 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2007-11-21 01:52 . 2012-08-16 13:44 59884088 c:\windows\system32\MRT.exe
- 2007-08-13 23:54 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2012-07-03 03:19 11111424 c:\windows\system32\ieframe.dll
- 2007-11-27 20:07 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2007-11-27 20:07 . 2012-07-03 03:19 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\28e8e766.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\28e8e738.msp
+ 2011-08-04 00:53 . 2011-08-04 00:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-08-16 13:38 . 2012-05-12 00:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Melissa^Start Menu^Programs^Startup^Picaboo.lnk]
path=c:\documents and settings\Melissa\Start Menu\Programs\Startup\Picaboo.lnk
backup=c:\windows\pss\Picaboo.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-03-07 13:48 4886136 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 07:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 18:01 67584 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-06-04 13:31 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 11:56 139264 -c--a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 14:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 14:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 17:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2005-05-19 12:54 1345520 ----a-w- c:\windows\system32\CTMBHA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-15 13:19 13680640 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2004-12-22 21:40 24576 ----a-w- c:\windows\MIDIDEF.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-18 21:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-17 01:38 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 -c----w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 11:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Melissa\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/3/2012 10:11 PM 101112]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 4:19 AM 169408]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2009 11:26 AM 655944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/14/2012 8:54 PM 106656]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2/4/2012 5:35 PM 1034240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2009 11:26 AM 22344]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Gacela-Reporting-Service;Gacela-Reporting-Service;c:\program files\Gacela\Gacela-Reporting.exe [1/24/2011 11:36 AM 102400]
S2 Gacela-Update-Service;Gacela-Update-Service;c:\program files\Gacela\Gacela-Updater.exe [1/24/2011 11:36 AM 180224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:51 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 2:13 PM 250056]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 10:51 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 11:43 AM 113120]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/16/2005 4:18 AM 14336]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [1/13/2008 3:11 PM 29522]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 11:45 AM 6784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:40]
.
2012-08-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-DD9CMPB1-Melissa.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 07:25]
.
2012-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:51]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 02:51]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527215789-1701368317-3731378144-1006Core.job
- c:\documents and settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-18 19:33]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527215789-1701368317-3731378144-1006UA.job
- c:\documents and settings\Melissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-18 19:33]
.
2012-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2527215789-1701368317-3731378144-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
2012-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2527215789-1701368317-3731378144-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://www.bigdadsearch.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Search
FF - user.js: browser.search.defaulturl - hxxp://www.bigdadsearch.com/search.php?q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 13:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
.
- - - - - - - > 'explorer.exe'(5236)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\Melissa\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\cba\pds.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\progra~1\Symantec\SYMANT~2\NSCTOP.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\ams_ii\iao.exe
c:\windows\system32\MsgSys.EXE
c:\windows\system32\cba\xfr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\ams_ii\hndlrsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2012-08-27 13:51:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 17:51
ComboFix2.txt 2012-08-14 16:30
ComboFix3.txt 2012-08-13 17:52
.
Pre-Run: 244,831,752,192 bytes free
Post-Run: 244,625,707,008 bytes free
.
- - End Of File - - 725F14DF564689910D5FA084B091CAA7

"CURE" was not an option for me with TDSSKiller.


14:00:15.0361 4164 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:00:15.0689 4164 ============================================================
14:00:15.0689 4164 Current date / time: 2012/08/27 14:00:15.0689
14:00:15.0689 4164 SystemInfo:
14:00:15.0689 4164
14:00:15.0689 4164 OS Version: 5.1.2600 ServicePack: 3.0
14:00:15.0689 4164 Product type: Workstation
14:00:15.0689 4164 ComputerName: DD9CMPB1
14:00:15.0689 4164 UserName: Melissa
14:00:15.0689 4164 Windows directory: C:\WINDOWS
14:00:15.0689 4164 System windows directory: C:\WINDOWS
14:00:15.0689 4164 Processor architecture: Intel x86
14:00:15.0689 4164 Number of processors: 2
14:00:15.0689 4164 Page size: 0x1000
14:00:15.0689 4164 Boot type: Normal boot
14:00:15.0689 4164 ============================================================
14:00:16.0096 4164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:00:16.0283 4164 ============================================================
14:00:16.0283 4164 \Device\Harddisk0\DR0:
14:00:16.0283 4164 MBR partitions:
14:00:16.0283 4164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x24A867CB
14:00:16.0283 4164 ============================================================
14:00:16.0314 4164 C: <-> \Device\Harddisk0\DR0\Partition1
14:00:16.0314 4164 ============================================================
14:00:16.0314 4164 Initialize success
14:00:16.0314 4164 ============================================================
14:00:50.0065 4996 ============================================================
14:00:50.0065 4996 Scan started
14:00:50.0065 4996 Mode: Manual; SigCheck; TDLFS;
14:00:50.0065 4996 ============================================================
14:00:51.0847 4996 ================ Scan system memory ========================
14:00:52.0940 4996 System memory - ok
14:00:52.0940 4996 ================ Scan services =============================
14:00:53.0034 4996 Abiosdsk - ok
14:00:53.0065 4996 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:00:53.0331 4996 abp480n5 - ok
14:00:53.0378 4996 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:00:53.0534 4996 ACPI - ok
14:00:53.0550 4996 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:00:53.0737 4996 ACPIEC - ok
14:00:53.0862 4996 [ C004F38974F4D321B4C20A240E1175C0 ] AdobeActiveFileMonitor9.0 C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
14:00:53.0909 4996 AdobeActiveFileMonitor9.0 - ok
14:00:53.0987 4996 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:00:54.0003 4996 AdobeFlashPlayerUpdateSvc - ok
14:00:54.0050 4996 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:00:54.0206 4996 adpu160m - ok
14:00:54.0237 4996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:00:54.0425 4996 aec - ok
14:00:54.0456 4996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:00:54.0503 4996 AFD - ok
14:00:54.0534 4996 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:00:54.0706 4996 agp440 - ok
14:00:54.0722 4996 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:00:54.0847 4996 agpCPQ - ok
14:00:54.0878 4996 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:00:54.0956 4996 Aha154x - ok
14:00:54.0956 4996 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:00:55.0097 4996 aic78u2 - ok
14:00:55.0128 4996 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:00:55.0269 4996 aic78xx - ok
14:00:55.0300 4996 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:00:55.0441 4996 Alerter - ok
14:00:55.0456 4996 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:00:55.0534 4996 ALG - ok
14:00:55.0550 4996 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
14:00:55.0675 4996 AliIde - ok
14:00:55.0691 4996 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:00:55.0847 4996 alim1541 - ok
14:00:55.0878 4996 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:00:56.0003 4996 amdagp - ok
14:00:56.0019 4996 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
14:00:56.0081 4996 amsint - ok
14:00:56.0128 4996 [ 40C279A23BD43553BFBA6E88A9B38AE2 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
14:00:56.0159 4996 AnyDVD - ok
14:00:56.0222 4996 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:00:56.0253 4996 Apple Mobile Device - ok
14:00:56.0284 4996 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:00:56.0378 4996 AppMgmt - ok
14:00:56.0409 4996 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
14:00:56.0534 4996 asc - ok
14:00:56.0534 4996 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:00:56.0612 4996 asc3350p - ok
14:00:56.0628 4996 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:00:56.0753 4996 asc3550 - ok
14:00:56.0862 4996 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:00:56.0878 4996 aspnet_state - ok
14:00:56.0925 4996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:00:57.0081 4996 AsyncMac - ok
14:00:57.0097 4996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:00:57.0253 4996 atapi - ok
14:00:57.0253 4996 Atdisk - ok
14:00:57.0300 4996 [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:00:57.0331 4996 atksgt - ok
14:00:57.0347 4996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:00:57.0503 4996 Atmarpc - ok
14:00:57.0534 4996 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:00:57.0691 4996 AudioSrv - ok
14:00:57.0722 4996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:00:57.0863 4996 audstub - ok
14:00:57.0878 4996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:00:58.0019 4996 Beep - ok
14:00:58.0066 4996 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:00:58.0222 4996 BITS - ok
14:00:58.0300 4996 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:00:58.0331 4996 Bonjour Service - ok
14:00:58.0363 4996 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:00:58.0394 4996 Browser - ok
14:00:58.0409 4996 bvrp_pci - ok
14:00:58.0534 4996 catchme - ok
14:00:58.0550 4996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:00:58.0691 4996 cbidf - ok
14:00:58.0691 4996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:00:58.0831 4996 cbidf2k - ok
14:00:58.0863 4996 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:00:59.0034 4996 CCDECODE - ok
14:00:59.0097 4996 [ F3400128B744E6278ED3A9D4ECA239CB ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:00:59.0128 4996 ccEvtMgr - ok
14:00:59.0128 4996 [ F3400128B744E6278ED3A9D4ECA239CB ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:00:59.0144 4996 ccSetMgr - ok
14:00:59.0144 4996 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:00:59.0222 4996 cd20xrnt - ok
14:00:59.0253 4996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:00:59.0394 4996 Cdaudio - ok
14:00:59.0425 4996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:00:59.0581 4996 Cdfs - ok
14:00:59.0628 4996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:00:59.0753 4996 Cdrom - ok
14:00:59.0769 4996 Changer - ok
14:00:59.0800 4996 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:00:59.0941 4996 CiSvc - ok
14:00:59.0972 4996 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:01:00.0113 4996 ClipSrv - ok
14:01:00.0144 4996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:00.0175 4996 clr_optimization_v2.0.50727_32 - ok
14:01:00.0238 4996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:00.0253 4996 clr_optimization_v4.0.30319_32 - ok
14:01:00.0300 4996 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:01:00.0441 4996 CmdIde - ok
14:01:00.0472 4996 [ 6186B6B953BDC884F0F379B84B3E3A98 ] COH_Mon C:\WINDOWS\system32\Drivers\COH_Mon.sys
14:01:00.0488 4996 COH_Mon - ok
14:01:00.0488 4996 COMSysApp - ok
14:01:00.0519 4996 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:01:00.0659 4996 Cpqarray - ok
14:01:00.0691 4996 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
14:01:00.0706 4996 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:01:00.0706 4996 Creative Labs Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:01:00.0753 4996 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:01:00.0894 4996 CryptSvc - ok
14:01:00.0925 4996 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:01:01.0050 4996 dac2w2k - ok
14:01:01.0066 4996 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:01:01.0222 4996 dac960nt - ok
14:01:01.0253 4996 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:01:01.0316 4996 DcomLaunch - ok
14:01:01.0363 4996 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:01:01.0488 4996 Dhcp - ok
14:01:01.0519 4996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:01:01.0675 4996 Disk - ok
14:01:01.0675 4996 dmadmin - ok
14:01:01.0706 4996 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:01:01.0878 4996 dmboot - ok
14:01:01.0910 4996 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:01:02.0050 4996 dmio - ok
14:01:02.0066 4996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:01:02.0206 4996 dmload - ok
14:01:02.0253 4996 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:01:02.0394 4996 dmserver - ok
14:01:02.0425 4996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:01:02.0581 4996 DMusic - ok
14:01:02.0597 4996 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:01:02.0675 4996 Dnscache - ok
14:01:02.0722 4996 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:01:02.0894 4996 Dot3svc - ok
14:01:02.0910 4996 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:01:03.0050 4996 dpti2o - ok
14:01:03.0066 4996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:01:03.0206 4996 drmkaud - ok
14:01:03.0269 4996 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
14:01:03.0285 4996 DSBrokerService - ok
14:01:03.0331 4996 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
14:01:03.0331 4996 DSproct ( UnsignedFile.Multi.Generic ) - warning
14:01:03.0331 4996 DSproct - detected UnsignedFile.Multi.Generic (1)
14:01:03.0347 4996 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
14:01:03.0394 4996 dsunidrv - ok
14:01:03.0441 4996 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:01:03.0597 4996 E100B - ok
14:01:03.0644 4996 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:01:03.0675 4996 e1express - ok
14:01:03.0722 4996 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:01:03.0847 4996 EapHost - ok
14:01:03.0878 4996 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:01:03.0910 4996 eeCtrl - ok
14:01:03.0988 4996 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
14:01:04.0066 4996 ehRecvr - ok
14:01:04.0081 4996 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
14:01:04.0144 4996 ehSched - ok
14:01:04.0175 4996 [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi C:\WINDOWS\system32\DRIVERS\ELacpi.sys
14:01:04.0206 4996 ELacpi - ok
14:01:04.0238 4996 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:01:04.0269 4996 ElbyCDIO - ok
14:01:04.0285 4996 [ AE65C02444907966378454138B9F99F0 ] ELhid C:\WINDOWS\system32\DRIVERS\ELhid.sys
14:01:04.0300 4996 ELhid ( UnsignedFile.Multi.Generic ) - warning
14:01:04.0300 4996 ELhid - detected UnsignedFile.Multi.Generic (1)
14:01:04.0300 4996 [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd C:\WINDOWS\system32\DRIVERS\ELkbd.sys
14:01:04.0331 4996 ELkbd ( UnsignedFile.Multi.Generic ) - warning
14:01:04.0331 4996 ELkbd - detected UnsignedFile.Multi.Generic (1)
14:01:04.0363 4996 [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon C:\WINDOWS\system32\DRIVERS\ELmon.sys
14:01:04.0363 4996 ELmon ( UnsignedFile.Multi.Generic ) - warning
14:01:04.0363 4996 ELmon - detected UnsignedFile.Multi.Generic (1)
14:01:04.0378 4996 [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou C:\WINDOWS\system32\DRIVERS\ELmou.sys
14:01:04.0394 4996 ELmou ( UnsignedFile.Multi.Generic ) - warning
14:01:04.0394 4996 ELmou - detected UnsignedFile.Multi.Generic (1)
14:01:04.0441 4996 [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
14:01:04.0488 4996 ELService ( UnsignedFile.Multi.Generic ) - warning
14:01:04.0488 4996 ELService - detected UnsignedFile.Multi.Generic (1)
14:01:04.0503 4996 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:01:04.0519 4996 EraserUtilRebootDrv - ok
14:01:04.0550 4996 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:01:04.0691 4996 ERSvc - ok
14:01:04.0722 4996 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:01:04.0769 4996 Eventlog - ok
14:01:04.0800 4996 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:01:04.0831 4996 EventSystem - ok
14:01:04.0863 4996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:01:05.0003 4996 Fastfat - ok
14:01:05.0035 4996 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:01:05.0081 4996 FastUserSwitchingCompatibility - ok
14:01:05.0128 4996 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
14:01:05.0300 4996 Fax - ok
14:01:05.0316 4996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:01:05.0457 4996 Fdc - ok
14:01:05.0488 4996 [ B73EC688C29F81F9DA0FCF63682B3ECB ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
14:01:05.0503 4996 FilterService - ok
14:01:05.0535 4996 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:01:05.0691 4996 Fips - ok
14:01:05.0738 4996 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:01:05.0769 4996 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:01:05.0769 4996 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:01:05.0816 4996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:01:05.0957 4996 Flpydisk - ok
14:01:06.0003 4996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:01:06.0128 4996 FltMgr - ok
14:01:06.0191 4996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:01:06.0222 4996 FontCache3.0.0.0 - ok
14:01:06.0238 4996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:01:06.0394 4996 Fs_Rec - ok
14:01:06.0394 4996 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:01:06.0550 4996 Ftdisk - ok
14:01:06.0613 4996 [ C9B92F0434DB216291BDF656AF6738CF ] Gacela-Reporting-Service C:\Program Files\Gacela\Gacela-Reporting.exe
14:01:06.0628 4996 Gacela-Reporting-Service ( UnsignedFile.Multi.Generic ) - warning
14:01:06.0628 4996 Gacela-Reporting-Service - detected UnsignedFile.Multi.Generic (1)
14:01:06.0628 4996 [ 6717F7D5510CB6F325F94EC46ABB6536 ] Gacela-Update-Service C:\Program Files\Gacela\Gacela-Updater.exe
14:01:06.0660 4996 Gacela-Update-Service ( UnsignedFile.Multi.Generic ) - warning
14:01:06.0660 4996 Gacela-Update-Service - detected UnsignedFile.Multi.Generic (1)
14:01:06.0691 4996 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:01:06.0707 4996 GEARAspiWDM - ok
14:01:06.0785 4996 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
14:01:06.0800 4996 getPlusHelper - ok
14:01:06.0832 4996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:01:06.0972 4996 Gpc - ok
14:01:07.0003 4996 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
14:01:07.0050 4996 grmnusb - ok
14:01:07.0160 4996 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:01:07.0175 4996 gupdate - ok
14:01:07.0175 4996 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:01:07.0191 4996 gupdatem - ok
14:01:07.0253 4996 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:01:07.0269 4996 gusvc - ok
14:01:07.0300 4996 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:01:07.0441 4996 HDAudBus - ok
14:01:07.0910 4996 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:01:08.0066 4996 helpsvc - ok
14:01:08.0113 4996 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:01:08.0269 4996 HidServ - ok
14:01:08.0316 4996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:01:08.0472 4996 HidUsb - ok
14:01:08.0503 4996 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:01:08.0644 4996 hkmsvc - ok
14:01:08.0738 4996 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
14:01:08.0738 4996 HP Port Resolver ( UnsignedFile.Multi.Generic ) - warning
14:01:08.0738 4996 HP Port Resolver - detected UnsignedFile.Multi.Generic (1)
14:01:08.0769 4996 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
14:01:08.0785 4996 HP Status Server ( UnsignedFile.Multi.Generic ) - warning
14:01:08.0785 4996 HP Status Server - detected UnsignedFile.Multi.Generic (1)
14:01:08.0800 4996 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
14:01:08.0925 4996 hpn - ok
14:01:08.0957 4996 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:01:09.0066 4996 HPZid412 - ok
14:01:09.0097 4996 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:01:09.0160 4996 HPZipr12 - ok
14:01:09.0191 4996 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:01:09.0269 4996 HPZius12 - ok
14:01:09.0300 4996 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:01:09.0363 4996 HSFHWBS2 - ok
14:01:09.0425 4996 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:01:09.0488 4996 HSF_DP - ok
14:01:09.0535 4996 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:01:09.0691 4996 HTTP - ok
14:01:09.0738 4996 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:01:09.0894 4996 HTTPFilter - ok
14:01:09.0910 4996 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
14:01:10.0050 4996 i2omgmt - ok
14:01:10.0066 4996 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:01:10.0222 4996 i2omp - ok
14:01:10.0238 4996 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:01:10.0363 4996 i8042prt - ok
14:01:10.0425 4996 [ D43E91E271C041BB86A6223462A41D28 ] IAANTMon C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
14:01:10.0425 4996 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
14:01:10.0425 4996 IAANTMon - detected UnsignedFile.Multi.Generic (1)
14:01:10.0457 4996 [ 9A65E42664D1534B68512CAAD0EFE963 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
14:01:10.0535 4996 iastor - ok
14:01:10.0629 4996 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:01:10.0629 4996 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:01:10.0629 4996 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:01:10.0738 4996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:01:10.0785 4996 idsvc - ok
14:01:10.0800 4996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:01:10.0941 4996 Imapi - ok
14:01:10.0972 4996 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:01:11.0113 4996 ImapiService - ok
14:01:11.0144 4996 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:01:11.0269 4996 ini910u - ok
14:01:11.0316 4996 [ C09EF30E6C072F865E795E94D97CB23D ] Intel Alert Handler C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
14:01:11.0332 4996 Intel Alert Handler ( UnsignedFile.Multi.Generic ) - warning
14:01:11.0332 4996 Intel Alert Handler - detected UnsignedFile.Multi.Generic (1)
14:01:11.0363 4996 [ 69AA2CC2861559CEB8F283EF9B8F79C5 ] Intel Alert Originator C:\WINDOWS\system32\ams_ii\iao.exe
14:01:11.0379 4996 Intel Alert Originator ( UnsignedFile.Multi.Generic ) - warning
14:01:11.0379 4996 Intel Alert Originator - detected UnsignedFile.Multi.Generic (1)
14:01:11.0410 4996 [ B3D7653832AE3C7E5A743318C06E3866 ] Intel File Transfer C:\WINDOWS\system32\cba\xfr.exe
14:01:11.0425 4996 Intel File Transfer - ok
14:01:11.0441 4996 [ 5BDCD75AC948DADE8C746463247766B0 ] Intel PDS C:\WINDOWS\system32\cba\pds.exe
14:01:11.0457 4996 Intel PDS - ok
14:01:11.0488 4996 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:01:11.0613 4996 IntelIde - ok
14:01:11.0644 4996 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:01:11.0769 4996 intelppm - ok
14:01:11.0800 4996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:01:11.0941 4996 Ip6Fw - ok
14:01:11.0972 4996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:01:12.0097 4996 IpFilterDriver - ok
14:01:12.0144 4996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:01:12.0269 4996 IpInIp - ok
14:01:12.0300 4996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:01:12.0441 4996 IpNat - ok
14:01:12.0488 4996 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:01:12.0519 4996 iPod Service - ok
14:01:12.0566 4996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:01:12.0707 4996 IPSec - ok
14:01:12.0754 4996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:01:12.0832 4996 IRENUM - ok
14:01:12.0847 4996 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:01:12.0972 4996 isapnp - ok
14:01:13.0004 4996 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
14:01:13.0019 4996 JavaQuickStarterService - ok
14:01:13.0050 4996 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:01:13.0175 4996 Kbdclass - ok
14:01:13.0207 4996 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:01:13.0332 4996 kbdhid - ok
14:01:13.0347 4996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:01:13.0488 4996 kmixer - ok
14:01:13.0519 4996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:01:13.0597 4996 KSecDD - ok
14:01:13.0629 4996 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:01:13.0769 4996 lanmanserver - ok
14:01:13.0801 4996 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:01:13.0863 4996 lanmanworkstation - ok
14:01:13.0863 4996 Lbd - ok
14:01:13.0863 4996 lbrtfdc - ok
14:01:13.0926 4996 [ BCDF72DCE41874B3AD9143D537B493B2 ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
14:01:14.0004 4996 Linksys_adapter_H - ok
14:01:14.0051 4996 [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
14:01:14.0066 4996 lirsgt - ok
14:01:14.0222 4996 [ 64C6BF10972885B3260DDA2CA328430D ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:01:14.0316 4996 LiveUpdate - ok
14:01:14.0363 4996 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:01:14.0504 4996 LmHosts - ok
14:01:14.0535 4996 [ 9FB982DE1C8DD769F8ED681DD878B12F ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
14:01:14.0566 4996 lvpopflt - ok
14:01:14.0582 4996 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
14:01:14.0597 4996 LVPr2Mon - ok
14:01:14.0660 4996 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
14:01:14.0676 4996 LVPrcSrv - ok
14:01:14.0691 4996 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:01:14.0722 4996 LVRS - ok
14:01:14.0769 4996 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
14:01:14.0785 4996 LVUSBSta - ok
14:01:14.0972 4996 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:01:15.0269 4996 LVUVC - ok
14:01:15.0316 4996 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
14:01:15.0332 4996 MBAMProtector - ok
14:01:15.0394 4996 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:01:15.0426 4996 MBAMService - ok
14:01:15.0441 4996 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
14:01:15.0472 4996 McrdSvc - ok
14:01:15.0519 4996 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:01:15.0551 4996 MDM - ok
14:01:15.0566 4996 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:01:15.0613 4996 mdmxsdk - ok
14:01:15.0644 4996 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:01:15.0801 4996 Messenger - ok
14:01:15.0832 4996 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
14:01:15.0863 4996 MHN ( UnsignedFile.Multi.Generic ) - warning
14:01:15.0863 4996 MHN - detected UnsignedFile.Multi.Generic (1)
14:01:15.0894 4996 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:01:15.0894 4996 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
14:01:15.0894 4996 MHNDRV - detected UnsignedFile.Multi.Generic (1)
14:01:16.0019 4996 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:01:16.0035 4996 Microsoft Office Groove Audit Service - ok
14:01:16.0066 4996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:01:16.0191 4996 mnmdd - ok
14:01:16.0238 4996 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:01:16.0379 4996 mnmsrvc - ok
14:01:16.0410 4996 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:01:16.0535 4996 Modem - ok
14:01:16.0566 4996 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:01:16.0691 4996 MODEMCSA - ok
14:01:16.0722 4996 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:01:16.0863 4996 Mouclass - ok
14:01:16.0894 4996 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:01:17.0035 4996 mouhid - ok
14:01:17.0051 4996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:01:17.0176 4996 MountMgr - ok
14:01:17.0238 4996 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:01:17.0269 4996 MozillaMaintenance - ok
14:01:17.0316 4996 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:01:17.0426 4996 mraid35x - ok
14:01:17.0441 4996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:01:17.0582 4996 MRxDAV - ok
14:01:17.0629 4996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:01:17.0707 4996 MRxSmb - ok
14:01:17.0754 4996 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:01:17.0879 4996 MSDTC - ok
14:01:17.0894 4996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:01:18.0019 4996 Msfs - ok
14:01:18.0035 4996 MSIServer - ok
14:01:18.0051 4996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:01:18.0207 4996 MSKSSRV - ok
14:01:18.0238 4996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:01:18.0379 4996 MSPCLOCK - ok
14:01:18.0394 4996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:01:18.0519 4996 MSPQM - ok
14:01:18.0535 4996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:01:18.0660 4996 mssmbios - ok
14:01:18.0941 4996 [ 1B959A0614D575D0AB3B09095F0A8B83 ] MSSQL$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
14:01:19.0379 4996 MSSQL$MICROSOFTSMLBIZ - ok
14:01:19.0426 4996 [ 1D1B22613EAB9287AF902398867BC93C ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
14:01:19.0441 4996 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - warning
14:01:19.0441 4996 MSSQLServerADHelper - detected UnsignedFile.Multi.Generic (1)
14:01:19.0473 4996 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:01:19.0629 4996 MSTEE - ok
14:01:19.0660 4996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:01:19.0723 4996 Mup - ok
14:01:19.0754 4996 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:01:19.0894 4996 NABTSFEC - ok
14:01:19.0941 4996 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:01:20.0098 4996 napagent - ok
14:01:20.0191 4996 [ F11033730B38260B6892E837C457FB4B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120814.017\NAVENG.SYS
14:01:20.0223 4996 NAVENG - ok
14:01:20.0285 4996 [ 4E4E7C0259D3BB97DE24A636C0E06ABA ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120814.017\NAVEX15.SYS
14:01:20.0348 4996 NAVEX15 - ok
14:01:20.0394 4996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:01:20.0519 4996 NDIS - ok
14:01:20.0551 4996 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:01:20.0676 4996 NdisIP - ok
14:01:20.0707 4996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:01:20.0754 4996 NdisTapi - ok
14:01:20.0769 4996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:01:20.0910 4996 Ndisuio - ok
14:01:20.0910 4996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:01:21.0051 4996 NdisWan - ok
14:01:21.0082 4996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:01:21.0113 4996 NDProxy - ok
14:01:21.0160 4996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:01:21.0316 4996 NetBIOS - ok
14:01:21.0332 4996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:01:21.0488 4996 NetBT - ok
14:01:21.0520 4996 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:01:21.0660 4996 NetDDE - ok
14:01:21.0676 4996 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:01:21.0816 4996 NetDDEdsdm - ok
14:01:21.0848 4996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:01:21.0988 4996 Netlogon - ok
14:01:22.0020 4996 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:01:22.0191 4996 Netman - ok
14:01:22.0285 4996 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
14:01:22.0285 4996 NetSvc ( UnsignedFile.Multi.Generic ) - warning
14:01:22.0285 4996 NetSvc - detected UnsignedFile.Multi.Generic (1)
14:01:22.0348 4996 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:22.0363 4996 NetTcpPortSharing - ok
14:01:22.0410 4996 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:01:22.0441 4996 Nla - ok
14:01:22.0473 4996 [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
14:01:22.0488 4996 nosGetPlusHelper - ok
14:01:22.0535 4996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:01:22.0676 4996 Npfs - ok
14:01:22.0754 4996 [ 1475CF3192C7120E573DFFEEDE2DA8A7 ] NSCTOP C:\PROGRA~1\Symantec\SYMANT~2\NSCTOP.EXE
14:01:22.0832 4996 NSCTOP - ok
14:01:22.0848 4996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:01:23.0004 4996 Ntfs - ok
14:01:23.0020 4996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:01:23.0176 4996 NtLmSsp - ok
14:01:23.0207 4996 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:01:23.0363 4996 NtmsSvc - ok
14:01:23.0379 4996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:01:23.0520 4996 Null - ok
14:01:23.0691 4996 [ 9E143FB3EF13B7EC1C1DD06529DEBADD ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:01:24.0020 4996 nv - ok
14:01:24.0051 4996 [ 1633409E67F1BD6E5AC8ECB9CD5D2027 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
14:01:24.0098 4996 NVSvc - ok
14:01:24.0129 4996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:01:24.0285 4996 NwlnkFlt - ok
14:01:24.0332 4996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:01:24.0457 4996 NwlnkFwd - ok
14:01:24.0566 4996 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:01:24.0582 4996 odserv - ok
14:01:24.0645 4996 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:24.0660 4996 ose - ok
14:01:24.0707 4996 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:01:24.0863 4996 Parport - ok
14:01:24.0879 4996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:01:25.0004 4996 PartMgr - ok
14:01:25.0020 4996 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:01:25.0160 4996 ParVdm - ok
14:01:25.0160 4996 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:01:25.0317 4996 PCI - ok
14:01:25.0332 4996 PCIDump - ok
14:01:25.0348 4996 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:01:25.0473 4996 PCIIde - ok
14:01:25.0504 4996 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:01:25.0629 4996 Pcmcia - ok
14:01:25.0645 4996 PDCOMP - ok
14:01:25.0645 4996 PDFRAME - ok
14:01:25.0660 4996 PDRELI - ok
14:01:25.0676 4996 PDRFRAME - ok
14:01:25.0692 4996 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
14:01:25.0817 4996 perc2 - ok
14:01:25.0848 4996 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:01:25.0973 4996 perc2hib - ok
14:01:26.0020 4996 [ EDE8241B75DADEF090AADB6C81C8E1D7 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
14:01:26.0020 4996 PfModNT ( UnsignedFile.Multi.Generic ) - warning
14:01:26.0020 4996 PfModNT - detected UnsignedFile.Multi.Generic (1)
14:01:26.0035 4996 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:01:26.0067 4996 PlugPlay - ok
14:01:26.0098 4996 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:01:26.0113 4996 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:01:26.0113 4996 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:01:26.0113 4996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:01:26.0238 4996 PolicyAgent - ok
14:01:26.0285 4996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:01:26.0410 4996 PptpMiniport - ok
14:01:26.0426 4996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:01:26.0551 4996 ProtectedStorage - ok
14:01:26.0551 4996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:01:26.0692 4996 PSched - ok
14:01:26.0707 4996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:01:26.0832 4996 Ptilink - ok
14:01:26.0863 4996 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:01:26.0879 4996 PxHelp20 - ok
14:01:26.0910 4996 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:01:27.0035 4996 ql1080 - ok
14:01:27.0051 4996 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:01:27.0176 4996 Ql10wnt - ok
14:01:27.0192 4996 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:01:27.0317 4996 ql12160 - ok
14:01:27.0332 4996 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:01:27.0457 4996 ql1240 - ok
14:01:27.0457 4996 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:01:27.0582 4996 ql1280 - ok
14:01:27.0613 4996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:01:27.0738 4996 RasAcd - ok
14:01:27.0770 4996 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:01:27.0910 4996 RasAuto - ok
14:01:27.0926 4996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:01:28.0067 4996 Rasl2tp - ok
14:01:28.0098 4996 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:01:28.0223 4996 RasMan - ok
14:01:28.0238 4996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:01:28.0363 4996 RasPppoe - ok
14:01:28.0379 4996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:01:28.0520 4996 Raspti - ok
14:01:28.0551 4996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:01:28.0692 4996 Rdbss - ok
14:01:28.0723 4996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:01:28.0863 4996 RDPCDD - ok
14:01:28.0879 4996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:01:29.0004 4996 rdpdr - ok
14:01:29.0035 4996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:01:29.0067 4996 RDPWD - ok
14:01:29.0114 4996 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:01:29.0239 4996 RDSessMgr - ok
14:01:29.0270 4996 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:01:29.0395 4996 redbook - ok
14:01:29.0426 4996 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:01:29.0567 4996 RemoteAccess - ok
14:01:29.0598 4996 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:01:29.0754 4996 RemoteRegistry - ok
14:01:29.0785 4996 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:01:29.0910 4996 RpcLocator - ok
14:01:29.0926 4996 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:01:29.0957 4996 RpcSs - ok
14:01:30.0004 4996 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:01:30.0145 4996 RSVP - ok
14:01:30.0176 4996 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:01:30.0317 4996 SamSs - ok
14:01:30.0364 4996 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
14:01:30.0379 4996 SBRE - ok
14:01:30.0426 4996 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:01:30.0582 4996 SCardSvr - ok
14:01:30.0614 4996 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:01:30.0754 4996 Schedule - ok
14:01:30.0754 4996 SDDMI2 - ok
14:01:30.0785 4996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:01:30.0864 4996 Secdrv - ok
14:01:30.0895 4996 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:01:31.0020 4996 seclogon - ok
14:01:31.0035 4996 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:01:31.0176 4996 SENS - ok
14:01:31.0207 4996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:01:31.0348 4996 serenum - ok
14:01:31.0379 4996 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:01:31.0535 4996 Serial - ok
14:01:31.0629 4996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:01:31.0770 4996 Sfloppy - ok
14:01:31.0817 4996 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:01:31.0957 4996 SharedAccess - ok
14:01:31.0989 4996 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:01:32.0020 4996 ShellHWDetection - ok
14:01:32.0082 4996 [ 6BD3976B881888AC9A0ED3EB94E7FD38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
14:01:32.0207 4996 sigfilt - ok
14:01:32.0207 4996 Simbad - ok
14:01:32.0270 4996 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:01:32.0410 4996 sisagp - ok
14:01:32.0442 4996 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:01:32.0598 4996 SLIP - ok
14:01:32.0739 4996 [ 3C65996A5B566FB3E9217795D8147CE2 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
14:01:32.0864 4996 SmcService - ok
14:01:32.0911 4996 [ 8E886DF3CB6160188F9748F14F249063 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
14:01:32.0926 4996 SNAC - ok
14:01:32.0957 4996 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:01:33.0020 4996 Sparrow - ok
14:01:33.0067 4996 [ CB5A4E90451D80D415F0A6DBB86D1D9F ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:01:33.0098 4996 SPBBCDrv - ok
14:01:33.0145 4996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:01:33.0286 4996 splitter - ok
14:01:33.0332 4996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:01:33.0379 4996 Spooler - ok
14:01:33.0411 4996 sprtsvc_dellsupportcenter - ok
14:01:33.0473 4996 [ 352E375AB298C23B0F9BC307652C7F50 ] SQLAgent$MICROSOFTSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
14:01:33.0504 4996 SQLAgent$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - warning
14:01:33.0504 4996 SQLAgent$MICROSOFTSMLBIZ - detected UnsignedFile.Multi.Generic (1)
14:01:33.0536 4996 [ C48495C76A551C1ACC0E5FFAB0958476 ] SQTECH913D C:\WINDOWS\system32\Drivers\Capt913D.sys
14:01:33.0551 4996 SQTECH913D ( UnsignedFile.Multi.Generic ) - warning
14:01:33.0551 4996 SQTECH913D - detected UnsignedFile.Multi.Generic (1)
14:01:33.0567 4996 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:01:33.0676 4996 sr - ok
14:01:33.0707 4996 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:01:33.0770 4996 srservice - ok
14:01:33.0801 4996 [ FDB49ACD281D72C5D5392D066EDA9C1A ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
14:01:33.0817 4996 SRTSP - ok
14:01:33.0848 4996 [ 45BC2CABB0A65BB91F7F5B6AAE809EF3 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
14:01:33.0879 4996 SRTSPL - ok
14:01:33.0895 4996 [ C285BB1258D2A87D4068722937D0BF03 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
14:01:33.0911 4996 SRTSPX - ok
14:01:33.0942 4996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:01:33.0989 4996 Srv - ok
14:01:34.0051 4996 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:01:34.0145 4996 SSDPSRV - ok
14:01:34.0176 4996 [ B95480C92C4C9C311BE47B8A1AD73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
14:01:34.0207 4996 STHDA - ok
14:01:34.0239 4996 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
14:01:34.0364 4996 StillCam - ok
14:01:34.0411 4996 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:01:34.0567 4996 stisvc - ok
14:01:34.0598 4996 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:01:34.0739 4996 streamip - ok
14:01:34.0770 4996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:01:34.0911 4996 swenum - ok
14:01:34.0942 4996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:01:35.0082 4996 swmidi - ok
14:01:35.0082 4996 SwPrv - ok
14:01:35.0161 4996 [ 4953EB254D217D8CCFF0912E642807CD ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
14:01:35.0223 4996 Symantec AntiVirus - ok
14:01:35.0270 4996 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:01:35.0395 4996 symc810 - ok
14:01:35.0395 4996 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:01:35.0520 4996 symc8xx - ok
14:01:35.0551 4996 [ 4517BD567D4EAB459194FECCFA654A51 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:01:35.0567 4996 SymEvent - ok
14:01:35.0614 4996 [ 829830A3CA1C5E329D68E26C9CD2DE8D ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
14:01:35.0629 4996 SYMREDRV - ok
14:01:35.0645 4996 [ B1AA9704124B494C34E8D372E6654196 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
14:01:35.0661 4996 SYMTDI - ok
14:01:35.0692 4996 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:01:35.0817 4996 sym_hi - ok
14:01:35.0832 4996 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:01:35.0942 4996 sym_u3 - ok
14:01:35.0973 4996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:01:36.0114 4996 sysaudio - ok
14:01:36.0161 4996 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:01:36.0286 4996 SysmonLog - ok
14:01:36.0332 4996 [ 65F42E1AAD71A3D5911B4CAEE08B2385 ] SysPlant C:\WINDOWS\system32\Drivers\SysPlant.sys
14:01:36.0332 4996 SysPlant ( UnsignedFile.Multi.Generic ) - warning
14:01:36.0332 4996 SysPlant - detected UnsignedFile.Multi.Generic (1)
14:01:36.0379 4996 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:01:36.0536 4996 TapiSrv - ok
14:01:36.0567 4996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:01:36.0629 4996 Tcpip - ok
14:01:36.0661 4996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:01:36.0801 4996 TDPIPE - ok
14:01:36.0817 4996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:01:36.0973 4996 TDTCP - ok
14:01:37.0004 4996 [ 043A9CDE84E4BFF3CF8040DAE4C4CD24 ] Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys
14:01:37.0020 4996 Teefer2 - ok
14:01:37.0036 4996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:01:37.0161 4996 TermDD - ok
14:01:37.0208 4996 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:01:37.0364 4996 TermService - ok
14:01:37.0379 4996 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:01:37.0411 4996 Themes - ok
14:01:37.0442 4996 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:01:37.0536 4996 TlntSvr - ok
14:01:37.0567 4996 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
14:01:37.0692 4996 TosIde - ok
14:01:37.0723 4996 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:01:37.0848 4996 TrkWks - ok
14:01:37.0879 4996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:01:38.0020 4996 Udfs - ok
14:01:38.0036 4996 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:01:38.0114 4996 ultra - ok
14:01:38.0192 4996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:01:38.0364 4996 Update - ok
14:01:38.0395 4996 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:01:38.0473 4996 upnphost - ok
14:01:38.0489 4996 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:01:38.0629 4996 UPS - ok
14:01:38.0661 4996 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:01:38.0708 4996 USBAAPL - ok
14:01:38.0754 4996 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:01:38.0895 4996 usbaudio - ok
14:01:38.0942 4996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:01:39.0083 4996 usbccgp - ok
14:01:39.0114 4996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:01:39.0270 4996 usbehci - ok
14:01:39.0301 4996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:01:39.0458 4996 usbhub - ok
14:01:39.0489 4996 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:01:39.0629 4996 usbprint - ok
14:01:39.0661 4996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:01:39.0801 4996 usbscan - ok
14:01:39.0848 4996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:01:39.0973 4996 USBSTOR - ok
14:01:40.0004 4996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:01:40.0129 4996 usbuhci - ok
14:01:40.0176 4996 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
14:01:40.0317 4996 usbvideo - ok
14:01:40.0348 4996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:01:40.0489 4996 VgaSave - ok
14:01:40.0504 4996 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:01:40.0645 4996 viaagp - ok
14:01:40.0661 4996 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:01:40.0817 4996 ViaIde - ok
14:01:40.0848 4996 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:01:40.0973 4996 VolSnap - ok
14:01:41.0020 4996 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:01:41.0098 4996 VSS - ok
14:01:41.0114 4996 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
14:01:41.0255 4996 w32time - ok
14:01:41.0301 4996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:01:41.0442 4996 Wanarp - ok
14:01:41.0442 4996 wanatw - ok
14:01:41.0458 4996 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
14:01:41.0505 4996 WDC_SAM - ok
14:01:41.0505 4996 WDICA - ok
14:01:41.0536 4996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:01:41.0676 4996 wdmaud - ok
14:01:41.0708 4996 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:01:41.0864 4996 WebClient - ok
14:01:41.0895 4996 [ 97D0D27A87622154BC90B92D84FD91B5 ] whfltr2k C:\WINDOWS\system32\DRIVERS\whfltr2k.sys
14:01:41.0911 4996 whfltr2k ( UnsignedFile.Multi.Generic ) - warning
14:01:41.0911 4996 whfltr2k - detected UnsignedFile.Multi.Generic (1)
14:01:41.0958 4996 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:01:42.0020 4996 winachsf - ok
14:01:42.0083 4996 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:01:42.0239 4996 winmgmt - ok
14:01:42.0301 4996 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:01:42.0333 4996 WmdmPmSN - ok
14:01:42.0395 4996 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:01:42.0473 4996 Wmi - ok
14:01:42.0505 4996 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:01:42.0645 4996 WmiApSrv - ok
14:01:42.0708 4996 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:01:42.0770 4996 WMPNetworkSvc - ok
14:01:42.0880 4996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:01:42.0911 4996 WPFFontCache_v0400 - ok
14:01:42.0958 4996 [ CAFC4EB226311D0787D02242AF34071D ] WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys
14:01:42.0973 4996 WPS - ok
14:01:42.0989 4996 [ FF983A25AE6F7D3F87F26BF51F02A201 ] WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys
14:01:43.0020 4996 WpsHelper - ok
14:01:43.0051 4996 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:01:43.0192 4996 WS2IFSL - ok
14:01:43.0223 4996 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:01:43.0348 4996 wscsvc - ok
14:01:43.0364 4996 WSearch - ok
14:01:43.0395 4996 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:01:43.0520 4996 WSTCODEC - ok
14:01:43.0551 4996 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:01:43.0676 4996 wuauserv - ok
14:01:43.0708 4996 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:01:43.0739 4996 WudfPf - ok
14:01:43.0770 4996 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:01:43.0786 4996 WudfRd - ok
14:01:43.0817 4996 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:01:43.0848 4996 WudfSvc - ok
14:01:43.0911 4996 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:01:44.0051 4996 WZCSVC - ok
14:01:44.0098 4996 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:01:44.0239 4996 xmlprov - ok
14:01:44.0255 4996 ================ Scan global ===============================
14:01:44.0286 4996 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:01:44.0317 4996 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:01:44.0348 4996 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:01:44.0364 4996 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:01:44.0364 4996 [Global] - ok
14:01:44.0364 4996 ================ Scan MBR ==================================
14:01:44.0380 4996 [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
14:01:44.0708 4996 \Device\Harddisk0\DR0 - ok
14:01:44.0708 4996 ================ Scan VBR ==================================
14:01:44.0723 4996 [ 21E2243E178E5D161082A4F1222EF76A ] \Device\Harddisk0\DR0\Partition1
14:01:44.0723 4996 \Device\Harddisk0\DR0\Partition1 - ok
14:01:44.0723 4996 ============================================================
14:01:44.0723 4996 Scan finished
14:01:44.0723 4996

cont.


============================================================
14:01:44.0833 5524 Detected object count: 26
14:01:44.0833 5524 Actual detected object count: 26
14:03:11.0148 5524 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 Creative Labs Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 ELhid ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 ELmon ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 ELmou ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 ELService ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 ELService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0148 5524 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0148 5524 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 Gacela-Reporting-Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 Gacela-Reporting-Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 Gacela-Update-Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 Gacela-Update-Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 HP Port Resolver ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 HP Port Resolver ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 HP Status Server ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 HP Status Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 Intel Alert Handler ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0164 5524 Intel Alert Handler ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0164 5524 Intel Alert Originator ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 Intel Alert Originator ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0179 5524 SQLAgent$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0179 5524 SQLAgent$MICROSOFTSMLBIZ ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0195 5524 SQTECH913D ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0195 5524 SQTECH913D ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0195 5524 SysPlant ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0195 5524 SysPlant ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:11.0195 5524 whfltr2k ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:11.0195 5524 whfltr2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:33.0352 4160 Deinitialize success

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.

C:\Documents and Settings\Melissa\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.3.windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\Melissa\My Documents\Downloads\cnet2_PeerBlock-Setup_v1_1_r518_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Melissa\My Documents\Downloads\cnet2_pg2-070309_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1637\A0393987.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1637\A0394011.exe Win32/PrcView application cleaned by deleting - quarantined
F:\laptop 10.2011\Documents\IPOD SECURITY\keygen.exe a variant of Win32/Keygen.CP application cleaned by deleting - quarantined
F:\Music\My Music\robert pattinson -never think.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

Good job!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Hi, are you still with us? Please update us on the state of your computer.

If you already solved the problem you were having, let us know. The feedback is invaluable.

Hi, sorry - I have been out of town. Yes, the problem still exists. If I type something in the address bar bigdadsearch will still come up.

AdwCleaner Scan
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 17:01:35
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Melissa - DD9CMPB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Melissa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Melissa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Deleted on reboot : C:\Documents and Settings\Melissa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\searchplugins\web-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\Conduit
Folder Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\CT2260173
Folder Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Folder Deleted : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\FCTB
Folder Deleted : C:\Documents and Settings\Melissa\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\prefs.js

C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\user.js ... Deleted !

Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Fri Aug 10 2012 22:15:12 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2260173.CTID", "CT2260173");
Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2260173.CurrentServerDate", "17-9-2012");
Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Mon Sep 17 2012 12:44:52 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2260173.DownloadReferralCookieData", "");
Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Deleted : user_pref("CT2260173.FeedLastCount128962387092725141", 31);
Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Mon Sep 17 2012 13:09:49 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Mon Sep 17 2012 12:44:49 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2260173.FeedPollDate128962387092725141", "Wed Mar 09 2011 12:55:02 GMT-0600 (Central St[...]
Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Deleted : user_pref("CT2260173.FirstServerDate", "16-2-2010");
Deleted : user_pref("CT2260173.FirstTime", true);
Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Deleted : user_pref("CT2260173.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2260173.Initialize", true);
Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2260173.InstalledDate", "Tue Feb 16 2010 14:18:20 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2260173.InvalidateCache", false);
Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Deleted : user_pref("CT2260173.IsGrouping", false);
Deleted : user_pref("CT2260173.IsMulticommunity", false);
Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Mon Sep 17 2012 12:44:52 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2260173.LastLogin_2.5.6.0", "Sun Aug 29 2010 15:17:39 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_2.7.2.0", "Fri Jan 07 2011 08:53:03 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.10.0.1", "Mon Apr 23 2012 12:33:20 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.0.7", "Mon Apr 30 2012 16:51:14 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.2.3", "Wed May 30 2012 18:11:33 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.13.0.6", "Sun Jul 15 2012 19:53:36 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.14.1.0", "Mon Aug 27 2012 12:26:51 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.15.1.0", "Mon Sep 17 2012 12:44:51 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.2.5.2", "Mon May 09 2011 13:15:41 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.3.3.2", "Thu May 12 2011 20:33:12 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.3.5.1", "Tue Jun 21 2011 12:41:03 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.5.0.12", "Mon Aug 15 2011 11:06:43 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.6.0.10", "Tue Sep 27 2011 18:17:43 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.7.0.6", "Wed Oct 05 2011 10:12:06 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.8.1.0", "Tue Jan 10 2012 18:24:09 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.9.0.3", "Wed Mar 07 2012 00:15:00 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2260173.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2260173.Locale", "en");
Deleted : user_pref("CT2260173.LoginCache", 4);
Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2260173.RadioLastCheckTime", "0");
Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2260173.SearchBoxWidth", 195);
Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Search");
Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Mon Sep 17 2012 12:44:49 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Mon Sep 17 2012 12:44:49 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2260173.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Mon Sep 17 2012 12:44:48 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2260173.SettingsLastUpdate", "1347263642");
Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Mon Sep 17 2012 12:44:48 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2260173.UserID", "UN94936531645576934");
Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2260173.alertChannelId", "657446");
Deleted : user_pref("CT2260173.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2260173.backendstorage.forcb_aoi", "31333131373034303833");
Deleted : user_pref("CT2260173.backendstorage.forcb_ccid", "4C6177746F6E");
Deleted : user_pref("CT2260173.backendstorage.forcb_cdtr5", "31333131373034303833");
Deleted : user_pref("CT2260173.backendstorage.forcb_cid", "5553");
Deleted : user_pref("CT2260173.backendstorage.forcb_ip", "36372E32302E33312E3637");
Deleted : user_pref("CT2260173.backendstorage.forcb_lcut", "31333131373034303833");
Deleted : user_pref("CT2260173.backendstorage.forcb_rid", "4F4B");
Deleted : user_pref("CT2260173.backendstorage.forcb_zoneid", "3130303636");
Deleted : user_pref("CT2260173.backendstorage.url_history", "687474703A2F2F666F72756D732E6C6F6769746563682E636[...]
Deleted : user_pref("CT2260173.backendstorage.url_history_time", "31333131373237363633373237");
Deleted : user_pref("CT2260173.clientLogIsEnabled", false);
Deleted : user_pref("CT2260173.components.1000034", false);
Deleted : user_pref("CT2260173.components.1000082", false);
Deleted : user_pref("CT2260173.components.1000234", false);
Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Mon Sep 17 2012 12:44:52 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.initDone", true);
Deleted : user_pref("CT2260173.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2260173.myStuffEnabled", true);
Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.testingCtid", "");
Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Mon Sep 17 2012 12:44:52 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Mon Sep 17 2012 12:44:52 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.undefined", "Mon Jan 10 2011 15:12:24 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2260173.usagesFlag", 2);
Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Deleted : user_pref("CT2790392.CTID", "CT2790392");
Deleted : user_pref("CT2790392.CurrentServerDate", "18-6-2012");
Deleted : user_pref("CT2790392.DSInstall", false);
Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Sun Jun 17 2012 18:21:01 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Sat May 12 2012 20:03:55 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 297);
Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Sat May 12 2012 20:03:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Sat May 12 2012 20:03:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Sat May 12 2012 20:03:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Sat May 12 2012 20:03:56 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2790392.FirstServerDate", "4-5-2012");
Deleted : user_pref("CT2790392.FirstTime", true);
Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2790392.HPInstall", false);
Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Deleted : user_pref("CT2790392.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2790392.HomepageBeforeUnload", "hxxp://www.google.com/ig");
Deleted : user_pref("CT2790392.Initialize", true);
Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2790392.InstallationId", "fftB5.tmp.exe");
Deleted : user_pref("CT2790392.InstallationType", "XPE");
Deleted : user_pref("CT2790392.InstalledDate", "Thu May 03 2012 19:58:39 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.IsAlertDBUpdated", true);
Deleted : user_pref("CT2790392.IsGrouping", false);
Deleted : user_pref("CT2790392.IsInitSetupIni", true);
Deleted : user_pref("CT2790392.IsMulticommunity", false);
Deleted : user_pref("CT2790392.IsOpenThankYouPage", false);
Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Sun Jun 17 2012 21:09:34 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2790392.LastLogin_3.12.0.8", "Fri May 04 2012 23:55:59 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2790392.LastLogin_3.12.2.3", "Wed May 30 2012 18:01:09 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2790392.LastLogin_3.13.0.6", "Mon Jun 18 2012 13:04:11 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2790392.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2790392.Locale", "en");
Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
Deleted : user_pref("CT2790392.SearchEngineBeforeUnload", "Search");
Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Sun Jun 17 2012 21:09:31 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2790392.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2790392.SearchProtectorEnabled", false);
Deleted : user_pref("CT2790392.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Sun Jun 17 2012 21:09:32 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Mon Jun 18 2012 13:04:09 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2790392.SettingsLastUpdate", "1339798740");
Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Thu May 03 2012 19:58:37 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2790392.ToolbarDisabled", true);
Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2790392.UserID", "UN28365615900985164");
Deleted : user_pref("CT2790392.WeatherNetwork", "");
Deleted : user_pref("CT2790392.WeatherPollDate", "Sat May 12 2012 20:03:57 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2790392.WeatherUnit", "F");
Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Deleted : user_pref("CT2790392.autoDisableScopes", -1);
Deleted : user_pref("CT2790392.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "546875204D617920303320323031322031393A35393A30372[...]
Deleted : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2790392.backendstorage.url_history0001", "687474703A2F2F6B61742E70682F646965726B732D626[...]
Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Thu May 03 2012 19:58:39 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.initDone", true);
Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2790392.myStuffEnabled", true);
Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2790392.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2790392.testingCtid", "");
Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Sun Jun 17 2012 21:09:35 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Thu May 03 2012 19:58:42 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2790392.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9df[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "swag_bucks");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Melissa\\Applicati[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2260173");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "swag_bucks");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bigdadsearch.com/search.php?q[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173,CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173,CT2790392");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 31 2011 21:23:21 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 18:32:26 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 11:17:00 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{f96bf7da-1c33-4ac2-8f64-c35d33c8f607}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jul 10 2012 15:25:21 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "a70bcd0c-0829-4f18-b53b-ca83b4cafbd1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Sep 17 2012 12:44:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 03 2012 16:42:18 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Sep 17 2012 12:44:50 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ebd1e411-2f05-4f71-85a3-6f718f68f61b");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/ig");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":15,\"data\":[{\"u[...]
Deleted : user_pref("extensions.ntk.thumbsUrls", "hxxps://www.facebook.com/;hxxp://www.google.com/ig;hxxp://ma[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.AutoSearchEventData", "auto%20search");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ClearCacheDate", 21);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DNSCatch", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DisplayEULA", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.DnsCatchEventData", "dns%20catch");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.FirstLaunchShown", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.LoadLayoutDate.60497", 21);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.MailLastCheckTime", 1290395044);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.NewTabSearchEventData", "tab%20search");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.RemoveAllData", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.ShowRecommendedOptions", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.StateReportDate", "1290368644461");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.TopRightSearchEventData", "top%20right%20search[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.api.settings.fctoolbar51ef49d2624b41948b971c468[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.customNewTab", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.helpUsImprove", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.hideOthers", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.processAddrBar", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.remove_search", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.restoreSearch", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.searchHistory", true);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.showFirstLaunchOptions", false);
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tb_lang", "en");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.tool_id", "60497");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_id", "49491377");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_key", "c491f6893cf3035c1778ccaf305b8d5a047[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_layouts", "60497");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.user_lnames", "MyPoints%20Point%20Finder");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.weather_location_IDcid2799617", "USOK0307");
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.weather_location_namecid2799617", "Lawton%2C%20[...]
Deleted : user_pref("freecause51ef49d2624b41948b971c468e9b0efe.yahooSearch", true);

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Melissa\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [34175 octets] - [17/09/2012 17:01:35]

########## EOF - C:\AdwCleaner[S1].txt - [34236 octets] ##########

Great, now open AdwCleaner, click Search and post a new log.

Also, let me know of any more issues...

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 11:34:45
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Melissa - DD9CMPB1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Melissa\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\1jlll0ge.default\prefs.js

Found : user_pref("extensions.ntk.recentClosedPers", "hxxp://www.GeekPolice.net/t29012p15-bigdadsearch-pc-no[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Melissa\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [34306 octets] - [17/09/2012 17:01:35]
AdwCleaner[R1].txt - [1066 octets] - [18/09/2012 11:34:45]

########## EOF - C:\AdwCleaner[R1].txt - [1126 octets] ##########

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Bigdadsearch is still there.

I don't have any other issues with the computer. This is the only one.
svchost.exe is running normal.
No fake alerts or icons.
No system crashes, either.
The computer does run slow, but I figured it was because its quite old.

Just wanted to update - I haven't been able to do this last step as I do not have a flash drive or blank cd's. I'm working on that, though!

Whoa. Should've told me that. Let's do the following, please:

Please download Hitman Pro

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Uncheck "Trace disk IO calls".
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  
• Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

DragonMaster Jay wrote:

Whoa. Should've told me that. Let's do the following, please:

\

Sorry - staying at my moms house while the Mr. is deployed and I don't have all my computer stuff with me. In a reeaaaallllly small town right now. Working on the above. Thanks for putting up with me.

Melissa

For HitMan Pro this: Export Scan Results To XML File was not there. I even did it twice and it wouldn't allow me to save a log. So I scanned a third time, and it came up with a bunch of stuff so I went through it all and fixed it. :o/ I messed up on this one because I know there should be a log somewhere.


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 17:35:44
-----------------------------
17:35:44.968 OS Version: Windows 5.1.2600 Service Pack 3
17:35:44.968 Number of processors: 2 586 0x407
17:35:44.984 ComputerName: DD9CMPB1 UserName: Melissa
17:36:36.453 Initialize success
17:38:48.671 AVAST engine defs: 12102001
17:41:07.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:41:07.968 Disk 0 Vendor: ST332063 3.AD Size: 305245MB BusType: 3
17:41:08.203 Disk 0 MBR read successfully
17:41:08.203 Disk 0 MBR scan
17:41:08.531 Disk 0 unknown MBR code
17:41:08.578 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
17:41:08.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300300 MB offset 96390
17:41:08.671 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4894 MB offset 615112785
17:41:08.937 Disk 0 scanning sectors +625137345
17:41:09.453 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:51.062 Service scanning
17:46:53.390 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
17:46:53.843 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
17:47:02.250 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
17:47:02.671 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
17:47:07.609 Modules scanning
17:47:49.640 AVAST engine scan C:\WINDOWS
17:48:17.125 AVAST engine scan C:\WINDOWS\system32
18:06:35.375 AVAST engine scan C:\WINDOWS\system32\drivers
18:08:02.593 AVAST engine scan C:\Documents and Settings\Melissa
18:29:26.250 AVAST engine scan C:\Documents and Settings\All Users
19:03:52.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Melissa\Desktop\MBR.dat"
19:03:52.328 The log file has been saved successfully to "C:\Documents and Settings\Melissa\Desktop\aswMBR.txt"

how do I upload MBR.txt?

Go to www.mediafire.com - upload the file and post download link here...

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from [URL='http://www.kaspersky.com/antivirus-removal-tool?form=1']Kaspersky's Official Link[/URL] and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
  
• Once it has installed, review and accept the agreement and press the Start button.
  
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
  
• Once you exit, the tool should uninstall automatically.