1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved google.com won't load

Discussion in 'Malware and Virus Removal Archive' started by BOBBO, 2011/03/01.

  1. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    [Resolved] google.com won't load

    My wife and I returned home yesterday after being away a few days. When she turned on her laptop her default home page, google.com, wouldn't open. She could send and receive e-mails, we could open all the other Web sites we tried, but just that one site wouldn't open. We first tried getting it on her default browser, SeaMonkey, and then also on IE 8 with the same unhappy result. Yet google.com opened just fine on my desktop.

    Last night I restarted the laptop in Safe Mode and ran a full Norton A-V scan, which found nothing amiss, then I ran a Malwarebytes scan with the same results. COMODO firewall was on and Windows firewall was off. All her programs are up to date except we haven't yet gotten the Win 7 SP1.

    Today the problem remains and this Windows BBS site has become very slow. I updated all the relevant malware programs before I ran any of the tests the instructions in this forum called for.

    The specs for her laptop are much the same as those in my desktop, which I've detailed in my signature at the end of this post.

    I'll first post the Malwarebytes log, then the others in separate posts.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5920

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/1/2011 2:22:25 PM
    mbam-log-2011-03-01 (14-22-25).txt

    Scan type: Quick scan
    Objects scanned: 175433
    Time elapsed: 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5920

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/1/2011 2:22:25 PM
    mbam-log-2011-03-01 (14-22-25).txt

    Scan type: Quick scan
    Objects scanned: 175433
    Time elapsed: 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Last edited: 2011/03/01
  2. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    The GMER scan reported finding no problems (I don't remember the exact wording) and the Notepad display of it was empty.


    Here's the MBRCheck log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5920

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/1/2011 2:22:25 PM
    mbam-log-2011-03-01 (14-22-25).txt

    Scan type: Quick scan
    Objects scanned: 175433
    Time elapsed: 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    dll

    Processes (total 85):
    0 System Idle Process
    4 System
    360 C:\Windows\System32\smss.exe
    516 csrss.exe
    604 C:\Windows\System32\wininit.exe
    624 csrss.exe
    660 C:\Windows\System32\services.exe
    684 C:\Windows\System32\lsass.exe
    692 C:\Windows\System32\lsm.exe
    800 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\nvvsvc.exe
    904 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\winlogon.exe
    996 C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe
    416 C:\Windows\System32\svchost.exe
    448 C:\Windows\System32\svchost.exe
    688 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1228 C:\Program Files\Dell\DellDock\DockLogin.exe
    1264 C:\Windows\System32\nvvsvc.exe
    1460 C:\Windows\System32\wlanext.exe
    1468 C:\Windows\System32\conhost.exe
    1552 C:\Windows\System32\spoolsv.exe
    1584 C:\Windows\System32\svchost.exe
    1768 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    1792 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    1816 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1832 C:\Windows\System32\taskhost.exe
    1872 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1932 C:\Windows\explorer.exe
    1380 C:\Windows\System32\svchost.exe
    1676 C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    2060 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2112 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    2156 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2240 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2280 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2488 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    3024 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\rundll32.exe
    3204 C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    3384 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    3440 unsecapp.exe
    3460 WmiPrvSE.exe
    2648 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3280 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    4064 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    3124 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    3400 C:\Windows\System32\igfxtray.exe
    3100 C:\Windows\System32\hkcmd.exe
    2380 C:\Windows\System32\igfxpers.exe
    3628 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    3792 C:\Program Files\Dell\QuickSet\quickset.exe
    3352 C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    3960 C:\Program Files (x86)\COMODO\COMODO Internet Security\cfp.exe
    4232 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    4272 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    4352 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    4372 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    4412 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    4420 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    4444 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    4460 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    4664 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    4784 C:\Windows\System32\wbem\unsecapp.exe
    5108 C:\Windows\System32\SearchIndexer.exe
    1056 C:\Windows\System32\svchost.exe
    5020 C:\Program Files\iPod\bin\iPodService.exe
    4284 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1208 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5268 C:\Windows\System32\svchost.exe
    5996 dllhost.exe
    5728 C:\Windows\System32\taskeng.exe
    896 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    5884 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2976 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    6132 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    5136 C:\Program Files (x86)\SeaMonkey\seamonkey.exe
    2740 C:\Windows\System32\audiodg.exe
    4560 dllhost.exe
    4868 dllhost.exe
    3848 C:\Users\Gayle\Desktop\MBRCheck.exe
    5920 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00 (NTFS)

    PhysicalDrive0 Model Number: ST9500420AS, Rev: D005SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     

  3. to hide this advert.

  4. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    The first DDS log may be too long, so here's the first half of it:


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Gayle at 13:43:10.33 on Tue 03/01/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5876.4188 [GMT -8:00]

    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files (x86)\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\SeaMonkey\seamonkey.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Gayle\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Gayle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe "
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe "
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    mRunOnce: [ "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe "
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
    IFEO: image file execution options - svchost.exe
    IFEO: OLT.exe - svchost.exe
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun-x64: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
    mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    mRun-x64: [COMODO Internet Security] "C:\Program Files (x86)\COMODO\COMODO Internet Security\cfp.exe" -h
    AppInit_DLLs-X64: C:\Windows\system32\nvinitx.dll C:\Windows\system32\guard64.dll
    IFEO-X64: image file execution options - svchost.exe
    IFEO-X64: OLT.exe - svchost.exe
    Hosts: 204.152.194.204 www.google.com
    Hosts: 204.152.194.204 google.com
    Hosts: 204.152.194.204 google.com.au
    Hosts: 204.152.194.204 www.google.com.au
    Hosts: 204.152.194.204 google.be

    Note: multiple HOSTS entries found. Please refer to Attach.txt
     
  5. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the second half of the first DDS log:

    ============= SERVICES / DRIVERS ===============

    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-11-24 24680]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-13 55280]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-1-13 21616]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1205000.07D\SymDS64.sys [2011-2-1 450608]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1205000.07D\SymEFA64.sys [2011-2-1 802864]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-2-25 1124472]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 250008]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-1-6 39888]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110228.002\IDSviA64.sys [2011-2-28 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1205000.07D\Ironx64.sys [2011-2-1 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1205000.07D\symnets.sys [2011-2-1 382072]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-24 98208]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2011-2-1 130000]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-1-13 1620584]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-13 705856]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-12 235624]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-13 2533400]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-11-24 27760]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-13 175168]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-1 132656]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-24 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-24 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-24 287232]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-11-24 7689216]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-24 83080]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-24 184968]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-11-24 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-24 344680]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-11-24 169048]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-11-24 131688]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-29 25072]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2011-03-01 21:12:56 -------- d-----w- C:\gmer
    2011-02-23 23:07:19 -------- d-----w- C:\Users\Gayle\AppData\Local\Diagnostics
    2011-02-23 22:46:33 -------- d-----w- C:\Users\Gayle\AppData\Local\ElevatedDiagnostics
    2011-02-23 22:15:49 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-02-23 22:15:49 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-02-23 19:20:52 -------- d-sh--w- C:\Users\Gayle\AppData\Roaming\Internet Security Essentials
    2011-02-23 19:20:52 -------- d-sh--w- C:\PROGRA~3\ISZONE
    2011-02-23 19:20:11 -------- d-sh--w- C:\PROGRA~3\d41137
    2011-02-23 16:30:32 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-02-23 16:30:31 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-02-23 16:30:31 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-23 16:30:31 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-22 03:17:35 -------- d-----r- C:\Users\Gayle\Dropbox
    2011-02-22 03:15:15 -------- d-----w- C:\Users\Gayle\AppData\Roaming\Dropbox
    2011-02-22 02:58:13 -------- d-----w- C:\Users\Gayle\AppData\Local\Google
    2011-02-22 02:57:56 -------- d-----w- C:\Users\Gayle\AppData\Local\Deployment
    2011-02-22 02:57:56 -------- d-----w- C:\Users\Gayle\AppData\Local\Apps
    2011-02-22 00:15:06 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-02-22 00:15:06 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-02-22 00:15:06 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-02-22 00:14:55 -------- d-----w- C:\Program Files\iTunes
    2011-02-22 00:14:55 -------- d-----w- C:\Program Files\iPod
    2011-02-22 00:14:55 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-02-22 00:14:55 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-02-22 00:13:46 -------- d-----w- C:\Program Files\Bonjour
    2011-02-22 00:13:46 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-02-19 02:36:51 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2011-02-17 22:09:26 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2011-02-17 22:08:56 -------- d-----w- C:\Users\Gayle\AppData\Local\Apple Computer
    2011-02-17 22:08:24 -------- d-----w- C:\Users\Gayle\AppData\Local\Apple
    2011-02-17 22:01:32 -------- d-----w- C:\Program Files\Foxit Software
    2011-02-17 22:00:51 -------- d-----w- C:\Users\Gayle\AppData\Local\Programs
    2011-02-17 21:45:56 49152 ----a-r- C:\Users\Gayle\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    2011-02-17 21:45:24 335872 ----a-r- C:\Users\Gayle\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
    2011-02-17 21:44:40 57344 ----a-r- C:\Users\Gayle\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2011-02-17 21:43:38 -------- d-----w- C:\Windows\SysWow64\Spool
    2011-02-17 21:42:11 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies
    2011-02-17 21:42:10 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
    2011-02-17 21:39:48 -------- d-----w- C:\Users\Gayle\AppData\Local\ArcSoft
    2011-02-17 21:39:46 -------- d-----w- C:\PROGRA~3\ArcSoft
    2011-02-17 21:38:19 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-02-17 21:38:19 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-02-17 21:38:19 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-02-17 21:38:18 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-02-17 21:31:38 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
    2011-02-17 21:31:38 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
    2011-02-17 21:31:38 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
    2011-02-17 21:31:38 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
    2011-02-17 21:31:38 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
    2011-02-17 21:30:48 282624 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
    2011-02-17 00:53:19 -------- d-----w- C:\Program Files (x86)\Nikon
    2011-02-17 00:51:21 -------- d-----w- C:\Users\Gayle\Nikon
    2011-02-17 00:50:19 -------- d-----w- C:\Users\Gayle\AppData\Roaming\Foxit Software
    2011-02-10 00:57:56 -------- d-----w- C:\Users\Gayle\AppData\Roaming\OverDrive
    2011-02-10 00:57:07 -------- d-----w- C:\Program Files (x86)\OverDrive Media Console
    2011-02-02 07:07:45 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-02-02 06:43:14 -------- d-----w- C:\Users\Gayle\AppData\Roaming\Malwarebytes
    2011-02-02 06:43:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-02 06:42:59 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-02-02 06:42:56 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-02-02 06:42:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-02 06:40:22 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2011-02-02 06:40:22 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2011-02-02 06:35:29 -------- d-----w- C:\Program Files (x86)\COMODO
    2011-02-02 06:32:47 -------- d-----w- C:\PROGRA~3\Comodo
    2011-02-02 06:13:13 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-02-02 06:13:13 -------- d-----w- C:\PROGRA~3\NortonInstaller
    2011-01-31 12:03:54 -------- d-----w- C:\Users\Gayle\AppData\Roaming\Auslogics

    ==================== Find3M ====================

    2011-02-17 21:41:20 106496 ----a-w- C:\Windows\SysWow64\ATL71.DLL
    2011-02-02 06:16:33 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-13 11:55:45 521448 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-07 01:37:00 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2011-01-07 01:36:58 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2011-01-07 01:36:58 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-29 09:42:04 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
    2010-12-29 09:42:02 362784 ----a-w- C:\Windows\System32\guard64.dll
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    ============= FINISH: 13:43:57.53 ===============
     
  6. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here's the second DDS log (attach.txt):

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/28/2011 11:38:18 PM
    System Uptime: 3/1/2011 12:50:26 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0V2WG4
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 451 GiB total, 406.241 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP27: 2/9/2011 4:56:38 PM - Installed OverDrive Media Console
    RP28: 2/16/2011 5:46:26 PM - Scheduled Checkpoint
    RP29: 2/17/2011 1:30:00 PM - Installed Epson Event Manager
    RP30: 2/17/2011 1:30:39 PM - Installed EPSON Scan Assistant
    RP31: 2/17/2011 1:31:06 PM - Installed Attach To Email
    RP32: 2/17/2011 1:37:38 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP33: 2/17/2011 1:38:55 PM - Installed Panorama Maker
    RP34: 2/17/2011 1:41:51 PM - Installed Nikon Transfer
    RP35: 2/17/2011 1:43:28 PM - Installed ViewNX
    RP36: 2/17/2011 1:44:27 PM - Installed Picture Control Utility
    RP37: 2/17/2011 1:45:10 PM - Installed File Uploader
    RP38: 2/17/2011 1:45:45 PM - Installed Nikon Message Center
    RP39: 2/17/2011 2:00:59 PM - Installed Connect Service
    RP40: 2/17/2011 2:00:59 PM - Installed Foxit PDF IFilter
    RP41: 2/17/2011 2:08:33 PM - Installed QuickTime
    RP42: 2/17/2011 2:38:23 PM - Removed COMODO Internet Security
    RP43: 2/17/2011 2:44:41 PM - Installed COMODO Internet Security
    RP44: 2/18/2011 6:36:37 PM - Windows Update
    RP45: 2/20/2011 2:01:59 PM - Installed Connect Service
    RP46: 2/21/2011 4:14:18 PM - Installed iTunes
    RP47: 2/23/2011 2:15:15 PM - Windows Update

    ==== Hosts File Hijack ======================

    Hosts: 204.152.194.204 www.google.com
    Hosts: 204.152.194.204 google.com
    Hosts: 204.152.194.204 google.com.au
    Hosts: 204.152.194.204 www.google.com.au
    Hosts: 204.152.194.204 google.be
    Hosts: 204.152.194.204 www.google.be
    Hosts: 204.152.194.204 google.com.br
    Hosts: 204.152.194.204 www.google.com.br
    Hosts: 204.152.194.204 google.ca
    Hosts: 204.152.194.204 www.google.ca
    Hosts: 204.152.194.204 google.ch
    Hosts: 204.152.194.204 www.google.ch
    Hosts: 204.152.194.204 google.de
    Hosts: 204.152.194.204 www.google.de
    Hosts: 204.152.194.204 google.dk
    Hosts: 204.152.194.204 www.google.dk
    Hosts: 204.152.194.204 google.fr
    Hosts: 204.152.194.204 www.google.fr
    Hosts: 204.152.194.204 google.ie
    Hosts: 204.152.194.204 www.google.ie
    Hosts: 204.152.194.204 google.it
    Hosts: 204.152.194.204 www.google.it
    Hosts: 204.152.194.204 google.co.jp
    Hosts: 204.152.194.204 www.google.co.jp
    Hosts: 204.152.194.204 google.nl
    Hosts: 204.152.194.204 www.google.nl
    Hosts: 204.152.194.204 google.no
    Hosts: 204.152.194.204 www.google.no
    Hosts: 204.152.194.204 google.co.nz
    Hosts: 204.152.194.204 www.google.co.nz
    Hosts: 204.152.194.204 google.pl
    Hosts: 204.152.194.204 www.google.pl
    Hosts: 204.152.194.204 google.se
    Hosts: 204.152.194.204 www.google.se
    Hosts: 204.152.194.204 google.co.uk
    Hosts: 204.152.194.204 www.google.co.uk
    Hosts: 204.152.194.204 google.co.za
    Hosts: 204.152.194.204 www.google.co.za
    Hosts: 204.152.194.204 www.google-analytics.com
    Hosts: 204.152.194.204 www.bing.com
    Hosts: 204.152.194.204 search.yahoo.com
    Hosts: 204.152.194.204 www.search.yahoo.com
    Hosts: 204.152.194.204 uk.search.yahoo.com
    Hosts: 204.152.194.204 ca.search.yahoo.com
    Hosts: 204.152.194.204 de.search.yahoo.com
    Hosts: 204.152.194.204 fr.search.yahoo.com
    Hosts: 204.152.194.204 au.search.yahoo.com

    ==== Installed Programs ======================

    AccelerometerP11
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    ArcSoft Panorama Maker 5
    Auslogics Disk Defrag
    Belarc Advisor 8.1
    Consumer In-Home Service Agreement
    Cozi
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Webcam Central
    Dropbox
    Epson Event Manager
    EPSON Scan
    File Uploader
    Foxit Reader
    Google Chrome
    GoToAssist 8.0.0.514
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Internet Explorer
    Java Auto Updater
    Java(TM) 6 Update 23
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nikon Message Center
    Nikon Transfer
    Norton AntiVirus
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Updatus
    OverDrive Media Console
    Picture Control Utility
    QuickTime
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Roxio Burn
    SeaMonkey (2.0.11)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skype Toolbars
    Skypeâ„¢ 5.1
    SpywareBlaster 4.4
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    ViewNX
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources

    ==== Event Viewer Messages From Past Week ========

    3/1/2011 12:39:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/1/2011 12:39:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/1/2011 12:39:45 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    3/1/2011 12:39:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/1/2011 12:39:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/1/2011 12:39:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/1/2011 12:39:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 cmdGuard discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    3/1/2011 12:39:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/28/2011 8:08:06 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    2/23/2011 2:29:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COMODO Internet Security Helper Service service to connect.
    2/23/2011 2:29:49 PM, Error: Service Control Manager [7000] - The COMODO Internet Security Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================
     
  7. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You have a problem with "hosts" file.

    Let's try something simple first.

    Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it (Vista and Windows 7 users, right click and click "Run As Administrator ").
    * click Restore MS Hosts File and then click OK.
    * Click the X to exit the program

    Restart computer.
     
  8. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Broni, I downloaded and ran HostsXpert and then a Warning window opened:

    Your HOSTS file is marked as a "system file" and can NOT be manipulated. Press OK to remove the system file attribute, CANCEL to Quit.

    ***HostsXpert will NOT reset these attributes.***

    Below that are the OK and Cancel buttons.
     
  9. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Click OK.
     
  10. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Did that, now I get a Warning window the same as the first one except this one says the file is marked as a "Hidden file." And the 2 buttons.
     
  11. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK it again.
     
  12. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Uh oh:

    ERROR: Cannot create file C:\Windows\system32\DRIVERS\ETC\hosts

    Below that is an OK button,
     
  13. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Should I close down HostsXpert first?
     
  15. 2011/03/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please do.
     
  16. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    The ComboFix.txt file is pretty long, so I'll send it in two posts. Here's the first half:

    ComboFix 11-03-01.01 - Gayle 03/01/2011 20:37:11.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5876.4108 [GMT -8:00]
    Running from: c:\users\Gayle\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Gayle\AppData\Roaming\Internet Security Essentials
    c:\users\Gayle\AppData\Roaming\Internet Security Essentials\Instructions.ini
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\std.dll
    c:\users\Gayle\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

    .
    ((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
    .

    2011-03-02 04:40 . 2011-03-02 04:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-03-02 04:40 . 2011-03-02 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-01 21:12 . 2011-03-01 21:12 -------- d-----w- C:\gmer
    2011-02-23 23:07 . 2011-02-23 23:07 -------- d-----w- c:\users\Gayle\AppData\Local\Diagnostics
    2011-02-23 22:46 . 2011-02-23 22:46 -------- d-----w- c:\users\Gayle\AppData\Local\ElevatedDiagnostics
    2011-02-23 22:15 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-02-23 22:15 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
    2011-02-23 19:20 . 2011-02-23 19:20 -------- d-sh--w- c:\programdata\ISZONE
    2011-02-23 19:20 . 2011-02-23 19:24 -------- d-sh--w- c:\programdata\d41137
    2011-02-23 16:30 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-02-23 16:30 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 16:30 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-23 16:30 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-02-22 03:17 . 2011-02-23 16:26 -------- d-----r- c:\users\Gayle\Dropbox
    2011-02-22 03:15 . 2011-02-23 21:16 -------- d-----w- c:\users\Gayle\AppData\Roaming\Dropbox
    2011-02-22 02:58 . 2011-02-22 02:58 -------- d-----w- c:\users\Gayle\AppData\Local\Google
    2011-02-22 02:57 . 2011-02-22 02:58 -------- d-----w- c:\users\Gayle\AppData\Local\Deployment
    2011-02-22 02:57 . 2011-02-22 02:57 -------- d-----w- c:\users\Gayle\AppData\Local\Apps
    2011-02-22 00:15 . 2011-02-22 00:19 -------- d-----w- c:\users\Gayle\AppData\Roaming\Apple Computer
    2011-02-22 00:15 . 2009-05-18 21:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-02-22 00:15 . 2008-04-17 20:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2011-02-22 00:15 . 2008-04-17 20:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2011-02-22 00:14 . 2011-02-22 00:15 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-02-22 00:14 . 2011-02-22 00:15 -------- d-----w- c:\program files\iTunes
    2011-02-22 00:14 . 2011-02-22 00:15 -------- d-----w- c:\program files (x86)\iTunes
    2011-02-22 00:14 . 2011-02-22 00:14 -------- d-----w- c:\program files\iPod
    2011-02-22 00:14 . 2011-02-22 00:14 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-02-22 00:13 . 2011-02-22 00:13 -------- d-----w- c:\program files\Common Files\Apple
    2011-02-22 00:13 . 2011-02-22 00:13 -------- d-----w- c:\program files\Bonjour
    2011-02-22 00:13 . 2011-02-22 00:13 -------- d-----w- c:\program files (x86)\Bonjour
    2011-02-19 02:36 . 2011-02-19 02:36 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-02-17 22:40 . 2011-02-17 22:40 -------- d-----w- c:\users\Gayle\AppData\Roaming\Epson
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2011-02-17 22:09 . 2011-02-17 22:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2011-02-17 22:09 . 2011-02-22 00:14 -------- d-----w- c:\programdata\Apple Computer
    2011-02-17 22:09 . 2011-02-17 22:10 -------- d-----w- c:\program files (x86)\QuickTime
    2011-02-17 22:08 . 2011-02-22 00:15 -------- d-----w- c:\users\Gayle\AppData\Local\Apple Computer
    2011-02-17 22:08 . 2011-02-22 00:14 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-02-17 22:08 . 2011-02-17 22:08 -------- d-----w- c:\users\Gayle\AppData\Local\Apple
    2011-02-17 22:08 . 2011-02-17 22:08 -------- d-----w- c:\programdata\Apple
    2011-02-17 22:01 . 2011-02-17 22:01 -------- d-----w- c:\program files\Foxit Software
    2011-02-17 22:00 . 2011-02-17 22:00 -------- d-----w- c:\users\Gayle\AppData\Local\Programs
    2011-02-17 21:39 . 2011-02-17 21:39 -------- d-----w- c:\users\Gayle\AppData\Local\ArcSoft
    2011-02-17 21:39 . 2011-02-20 22:02 -------- d-----w- c:\programdata\ArcSoft
    2011-02-17 21:39 . 2011-02-17 21:39 -------- d-----w- c:\program files (x86)\ArcSoft
    2011-02-17 21:39 . 2011-02-17 21:39 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
    2011-02-17 21:38 . 2011-02-17 21:40 -------- d-----w- c:\users\Gayle\AppData\Roaming\ArcSoft
    2011-02-17 21:38 . 2001-09-05 12:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-02-17 21:38 . 2001-09-05 12:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-02-17 21:38 . 2001-09-05 12:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-02-17 21:38 . 2001-09-05 12:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-02-17 21:31 . 2006-10-31 08:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
    2011-02-17 21:31 . 2006-10-31 08:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
    2011-02-17 21:31 . 2006-10-20 08:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
    2011-02-17 21:31 . 2006-10-20 08:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
    2011-02-17 21:31 . 2006-10-20 08:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
    2011-02-17 21:31 . 2011-02-17 21:31 -------- d-----w- c:\users\Gayle\AppData\Roaming\InstallShield
    2011-02-17 21:29 . 2008-11-17 08:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
    2011-02-17 21:29 . 2006-08-25 00:00 12800 ----a-w- c:\windows\system32\esxcdev.dll
    2011-02-17 00:53 . 2011-02-17 21:52 -------- d-----w- c:\program files (x86)\Nikon
    2011-02-17 00:51 . 2011-02-17 00:51 -------- d-----w- c:\users\Gayle\Nikon
    2011-02-17 00:50 . 2011-02-17 00:50 -------- d-----w- c:\users\Gayle\AppData\Roaming\Foxit Software
    2011-02-10 00:57 . 2011-02-10 00:57 -------- d-----w- c:\users\Gayle\AppData\Roaming\OverDrive
    2011-02-10 00:57 . 2011-02-17 22:19 -------- d-----w- c:\program files (x86)\OverDrive Media Console
    2011-02-02 07:07 . 2011-02-02 07:07 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2011-02-02 06:43 . 2011-02-02 06:43 -------- d-----w- c:\users\Gayle\AppData\Roaming\Malwarebytes
    2011-02-02 06:43 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-02 06:42 . 2011-02-02 06:42 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-02 06:42 . 2011-02-17 22:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-02 06:42 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-02 06:40 . 2011-03-01 21:32 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2011-02-02 06:40 . 2010-01-11 03:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    2011-02-02 06:35 . 2011-02-17 22:21 -------- d-----w- c:\program files (x86)\COMODO
    2011-02-02 06:32 . 2011-02-17 22:49 -------- d-----w- c:\programdata\Comodo
    2011-02-02 06:16 . 2011-02-02 06:16 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-02-02 06:16 . 2011-02-02 06:16 -------- d-----w- c:\program files\Symantec
    2011-02-02 06:16 . 2011-02-02 06:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-02-02 06:16 . 2011-02-02 06:16 -------- d-----w- c:\windows\system32\drivers\NAVx64
    2011-02-02 06:16 . 2011-02-02 06:16 -------- d-----w- c:\program files (x86)\Norton AntiVirus
    2011-02-02 06:16 . 2011-02-02 06:16 -------- d-----w- c:\programdata\Norton
    2011-02-02 06:13 . 2011-02-17 22:22 -------- d-----w- c:\program files (x86)\NortonInstaller
    2011-01-31 12:03 . 2011-01-31 12:03 -------- d-----w- c:\users\Gayle\AppData\Roaming\Auslogics

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-17 21:41 . 2003-03-19 20:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
    2011-01-13 13:30 . 2011-01-13 13:30 2566144 ----a-w- c:\windows\system32\esent.dll
    2011-01-13 13:30 . 2011-01-13 13:30 187264 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-01-13 13:30 . 2011-01-13 13:30 1686016 ----a-w- c:\windows\SysWow64\esent.dll
    2011-01-13 13:30 . 2011-01-13 13:30 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-01-13 13:30 . 2011-01-13 13:30 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2011-01-13 13:30 . 2011-01-13 13:30 91648 ----a-w- c:\windows\SysWow64\avifil32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2011-01-13 13:30 . 2011-01-13 13:30 54272 ----a-w- c:\windows\system32\iyuv_32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 46592 ----a-w- c:\windows\system32\msasn1.dll
    2011-01-13 13:30 . 2011-01-13 13:30 463360 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-01-13 13:30 . 2011-01-13 13:30 410504 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-01-13 13:30 . 2011-01-13 13:30 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-01-13 13:30 . 2011-01-13 13:30 38912 ----a-w- c:\windows\system32\msvidc32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
    2011-01-13 13:30 . 2011-01-13 13:30 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-01-13 13:30 . 2011-01-13 13:30 27016 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-01-13 13:30 . 2011-01-13 13:30 25088 ----a-w- c:\windows\system32\msyuv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 236032 ----a-w- c:\windows\system32\srvsvc.dll
    2011-01-13 13:30 . 2011-01-13 13:30 22016 ----a-w- c:\windows\SysWow64\msyuv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-01-13 13:30 . 2011-01-13 13:30 166280 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-01-13 13:30 . 2011-01-13 13:30 16384 ----a-w- c:\windows\system32\msrle32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-01-13 13:30 . 2011-01-13 13:30 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-01-13 13:30 . 2011-01-13 13:30 1572352 ----a-w- c:\windows\system32\quartz.dll
    2011-01-13 13:30 . 2011-01-13 13:30 148992 ----a-w- c:\windows\system32\t2embed.dll
    2011-01-13 13:30 . 2011-01-13 13:30 14848 ----a-w- c:\windows\system32\tsbyuv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-01-13 13:30 . 2011-01-13 13:30 13312 ----a-w- c:\windows\SysWow64\msrle32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
    2011-01-13 13:30 . 2011-01-13 13:30 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-01-13 13:30 . 2011-01-13 13:30 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
    2011-01-13 13:30 . 2011-01-13 13:30 107912 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-01-13 13:30 . 2011-01-13 13:30 100864 ----a-w- c:\windows\system32\fontsub.dll
    2011-01-13 13:30 . 2011-01-13 13:30 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
    2011-01-13 13:30 . 2011-01-13 13:30 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
    2011-01-13 13:30 . 2011-01-13 13:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-01-13 13:30 . 2011-01-13 13:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-01-13 13:30 . 2011-01-13 13:30 340992 ----a-w- c:\windows\system32\schannel.dll
    2011-01-13 13:30 . 2011-01-13 13:30 311808 ----a-w- c:\windows\system32\msv1_0.dll
    2011-01-13 13:30 . 2011-01-13 13:30 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2011-01-13 13:30 . 2011-01-13 13:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-01-13 13:30 . 2011-01-13 13:30 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-01-13 13:30 . 2011-01-13 13:30 224256 ----a-w- c:\windows\SysWow64\schannel.dll
    2011-01-13 13:30 . 2011-01-13 13:30 2085376 ----a-w- c:\windows\system32\ole32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-01-13 13:30 . 2011-01-13 13:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-01-13 13:30 . 2011-01-13 13:30 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
    2011-01-13 13:30 . 2011-01-13 13:30 389632 ----a-w- c:\windows\system32\winlogon.exe
    2011-01-13 13:30 . 2011-01-13 13:30 2870272 ----a-w- c:\windows\explorer.exe
    2011-01-13 13:30 . 2011-01-13 13:30 2614272 ----a-w- c:\windows\SysWow64\explorer.exe
    2011-01-13 13:30 . 2011-01-13 13:30 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2011-01-13 13:30 . 2011-01-13 13:30 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-01-13 13:30 . 2011-01-13 13:30 1446912 ----a-w- c:\windows\system32\lsasrv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 633856 ----a-w- c:\windows\system32\comctl32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
    2011-01-13 13:30 . 2011-01-13 13:30 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
    2011-01-13 13:30 . 2011-01-13 13:30 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-01-13 13:30 . 2011-01-13 13:30 228864 ----a-w- c:\windows\system32\drivers\1394ohci.sys
    2011-01-13 13:30 . 2011-01-13 13:30 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-01-13 13:30 . 2011-01-13 13:30 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-01-13 13:30 . 2011-01-13 13:30 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2011-01-13 13:30 . 2011-01-13 13:30 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-01-13 13:30 . 2011-01-13 13:30 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-01-13 13:30 . 2011-01-13 13:30 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2011-01-13 13:30 . 2011-01-13 13:30 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-01-13 13:30 . 2011-01-13 13:30 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
    2011-01-13 13:30 . 2011-01-13 13:30 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-01-13 13:30 . 2011-01-13 13:30 424960 ----a-w- c:\windows\system32\secproc.dll
    2011-01-13 13:30 . 2011-01-13 13:30 422912 ----a-w- c:\windows\system32\secproc_isv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 369152 ----a-w- c:\windows\SysWow64\secproc.dll
    2011-01-13 13:30 . 2011-01-13 13:30 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2011-01-13 13:30 . 2011-01-13 13:30 356352 ----a-w- c:\windows\system32\RMActivate.exe
    2011-01-13 13:30 . 2011-01-13 13:30 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
    2011-01-13 13:30 . 2011-01-13 13:30 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
    2011-01-13 13:30 . 2011-01-13 13:30 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2011-01-13 13:30 . 2011-01-13 13:30 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2011-01-13 13:30 . 2011-01-13 13:30 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
    2011-01-13 13:30 . 2011-01-13 13:30 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
    2011-01-13 13:30 . 2011-01-13 13:30 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2011-01-13 13:30 . 2011-01-13 13:30 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
    2011-01-13 13:30 . 2011-01-13 13:30 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
    2011-01-13 13:30 . 2011-01-13 13:30 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
    2011-01-13 13:30 . 2011-01-13 13:30 84992 ----a-w- c:\windows\system32\asycfilt.dll
    2011-01-13 13:30 . 2011-01-13 13:30 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
    2011-01-13 13:30 . 2011-01-13 13:30 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
    2011-01-13 13:30 . 2011-01-13 13:30 558592 ----a-w- c:\windows\system32\spoolsv.exe
    2011-01-13 13:30 . 2011-01-13 13:30 52224 ----a-w- c:\windows\system32\rtutils.dll
    .
     
  17. 2011/03/01
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    Here is the second half of the ComboFix.txt file:


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update "= "c:\users\Gayle\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-02-22 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON "= "c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "Dell DataSafe Online "= "c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool "= "c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell Webcam Central "= "c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "EEventManager "= "c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "ArcSoft Connection Service "= "c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "Nikon Transfer Monitor "= "c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-16 479232]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe "= "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-01-30 560128]
    "Launcher "= "c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "= 2 (0x2)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    2;2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-06-30 2533400]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-09-27 169048]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-12 24680]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1205000.07D\SYMDS64.SYS [2010-10-21 450608]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1205000.07D\SYMEFA64.SYS [2010-11-18 802864]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-07 250008]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-07 39888]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110302.001\IDSvia64.sys [2010-11-11 476792]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1205000.07D\Ironx64.SYS [2010-11-16 171128]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAVx64\1205000.07D\SYMNETS.SYS [2010-12-01 382072]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-02-02 132656]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-16 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-20 287232]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]

    .
    Contents of the 'Scheduled Tasks' folder

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002Core.job
    - c:\users\Gayle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 02:58]

    2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3812855668-3064132733-4185535367-1002UA.job
    - c:\users\Gayle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 02:58]

    2011-01-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-12-03 23:06]

    2011-03-01 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-12-03 23:06]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\Gayle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-03 6486120]
    "RtHDVBg "= "c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-03 2120808]
    "NVHotkey "= "c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2010-09-02 415256]
    "IntelWireless "= "c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
    "QuickSet "= "c:\program files\Dell\QuickSet\QuickSet.exe" [2010-08-04 3206816]
    "FreeFallProtection "= "c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
    "COMODO Internet Security "= "c:\program files (x86)\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x1
    "AppInit_DLLs "=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
    "ImagePath "= "\ "c:\program files (x86)\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \ "NAV\" /m \ "c:\program files (x86)\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1 "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath "= "\??\c:\program files\dell support center\pcdsrvc_x64.pkms "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx "
    "ThreadingModel "= "Apartment "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key "= "ActionsPane3 "
    "Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-01 20:44:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-02 04:44

    Pre-Run: 435,751,145,472 bytes free
    Post-Run: 435,224,723,456 bytes free

    - - End Of File - - D107D93382E35942523A5941C73A299F
     
  18. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    On a top of Google issues, your computer seems to be infected.
    Internet Security Essentials at least.

    Combofix log looks fine now.

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

      [​IMG]
    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    =============================================================

    Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
     
  19. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    I just ran the GMER scan and it gave me the same report I got last night: "GMER hasn't found any system modification. "

    I already have MBAM and will update it and run it and post the results shortly.
     
  20. 2011/03/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok :)...
     
  21. 2011/03/02
    BOBBO

    BOBBO Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,892
    Likes Received:
    19
    I ran the MBAM scan and it said this: "The scan completed successfully. No malicious items were detected. A log file has been saved to the log folder. "

    Before I ran the scan I updated MBAM and SpywareBlaster OK but my Norton A-V wouldn't update, giving me this: "Unable to connect to the Norton LiveUpdate server. Please check your internet connection." Since the two other programs updated OK and new e-mails are coming through, there doesn't seem to be anything wrong with the connection at this end. But I still can't get google.com to load and this Windows BBS site is still very slow.

    Anyway, here's the MBAM report:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5939

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/2/2011 3:40:32 PM
    mbam-log-2011-03-02 (15-40-32).txt

    Scan type: Quick scan
    Objects scanned: 178124
    Time elapsed: 2 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.