Page 1 of 4 123 ... LastLast
Results 1 to 10 of 40
  1. #1
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up "Suspicious entries have been found, in Help2Go Detective".(Post in Spyware Forum).

    (1) SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/12/2011 at 02:53 PM

    Application Version : 5.0.1136

    Core Rules Database Version : 7937
    Trace Rules Database Version: 5749

    Scan type : Complete Scan
    Total Scan Time : 00:41:57

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 642
    Memory threats detected : 0
    Registry items scanned : 72109
    Registry threats detected : 0
    File items scanned : 45601
    File threats detected : 21

    Adware.Tracking Cookie
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\UB1LDN0H.txt [ /doubleclick.net ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\8AFE29RY.txt [ /ad.yieldmanager.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\6PB3X1NU.txt [ /apmebf.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\UMEPYLSH.txt [ /atdmt.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\RDWAM2JJ.txt [ /questionmarket.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\AWLHNW43.txt [ /tracking.dsmmadvantage.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\B8SHC1SG.txt [ /2o7.net ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\6GEURY3K.txt [ /account.norton.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\0H27IG5Y.txt [ /imrworldwide.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\94PRTRYK.txt [ /revsci.net ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\5B37AWUT.txt [ /mediaplex.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\VGHS3IOX.txt [ /account.norton.com ]
    C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies\34114W5Z.txt [ /specificclick.net ]
    C:\USERS\SCOTT\Cookies\8AFE29RY.txt [ Cookie:scott@ad.yieldmanager.com/ ]
    C:\USERS\SCOTT\Cookies\6PB3X1NU.txt [ Cookie:scott@apmebf.com/ ]
    C:\USERS\SCOTT\Cookies\AWLHNW43.txt [ Cookie:scott@tracking.dsmmadvantage.com/ ]
    C:\USERS\SCOTT\Cookies\B8SHC1SG.txt [ Cookie:scott@2o7.net/ ]
    C:\USERS\SCOTT\Cookies\0H27IG5Y.txt [ Cookie:scott@imrworldwide.com/cgi-bin ]
    C:\USERS\SCOTT\Cookies\94PRTRYK.txt [ Cookie:scott@revsci.net/ ]
    C:\USERS\SCOTT\Cookies\VGHS3IOX.txt [ Cookie:scott@account.norton.com/amsweb/ ]
    C:\USERS\SCOTT\Cookies\34114W5Z.txt [ Cookie:scott@specificclick.net/ ]

    (2) Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8147

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    11/12/2011 3:12:33 PM
    mbam-log-2011-11-12 (15-12-33).txt

    Scan type: Quick scan
    Objects scanned: 171667
    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    (3) Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:31:21 PM, on 11/12/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Norton Management\Engine\1.1.1.3\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\WINDOWS\LockStatusTray.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [LockStatusTray] "C:\Windows\LockStatusTray.exe"
    O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\1.1.1.3\ccSvcHst.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Credential Manager (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8773 bytes

  2. #2
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up I've also gotten some really strange graphics (failures) or (malware) while browsing.

    Randomly, the past month, my Windows 7 Home Premium, 64 bit, laptop, will 90% of time have good/normal graphics (not video, just picture quality). Randomly about, 10% of the time; it will seemingly slip into this strange mode. As sometimes it occurs while browsing, and others when I first boot. And I can tell if it's going to be in that mode upon boot. Please see these 5 screenshots, which I have posted at, "http://www.flickr.com/photos/scottt33111"; for this very purpose. They are labeled, "forum". And the two strangest (either graphic problem) or (strange picture)- you tell me; both occur when logging on, and when logging off. (They are marked on the link given). Seems like malware to me.
    Specs: "Intel graphics media accelerator driver for mobile", "Mobile Intel 4 Series Express Chipset Family", "Intel Family 4 Port SATA AHCI Controller". 3GB installed RAM.
    I'm not referring to trying to run, "Windows Aero". This has nothing to do with that, as I'm running "Windows Basic". If you think the two (the strange graphics and the skeptical hijack this scan, etc... are related, please let me know. That's the only reason I'm including this post.
    Tx,
    scottt331

  3. #3
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. The Following User Says Thank You to fireman4it For This Useful Post:


  5. #4
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Reply to: Fireman4it's post

    Hello, I tried to reply late last night, but somehow it got deleted; so I will try again, tonight. Replies to some initial Q's:
    1) No, I have not resolved the original problem.
    2) Specs: Windows7-Home-Premium, sp1, Dell Inspiron 1440 laptop, WPA2 modem connection, broadband, 64-bit, 2.10 GHz Intel Premium Dual-Core Processor, 234 GB Hard Drive capacity/ 143 GB-not used(free space), 3 GB RAM Installed, Chipset: Mobile Intel 4 Series Express Chipset Family, Graphics Driver: Intel Graphics Media Accelerator Driver for Mobile.
    3) Yes. I have the original Windows disc.
    4) By, "Unable to perform recommended steps"; I guess you mean the Superantispyware, Malwarebytes, and Hijackthis scans and posts. If not please let me know.
    5) Two problems: (1)-AnalyzeThis said my HiJackThis scan looked suspicious; and (2) The main problem I've noticed that makes me think malware is what happens with my graphics. (I don't mean watching a video or windows aero), I just mean the graphics or display will be normal 90% of the time, but 10% of the
    time it will either "shift" into this "strange mode", or more often the case it will boot up in this strange mode. I will do my best to either post or attach pictures of this, as this will tell it all, and my concern. Ie. It's not as if the graphics are just poor or absent; the graphics are such that it appears to be an image of some type of beast (I'm serious).
    To Resolve: I tried updating the chipset and the graphics driver and this just made things worse, as it automatically went into this mode. I ran Dell Hardware Diagnostics, but all came back normal.
    I will try posting graphics in next post, (now), as "that" important.
    Tx, scottt331

  6. #5
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Posted URL to 5 important photos

    http://www.flickr.com/photos/scottt3...th/6352219125/
    There are five images. I could not paste nor attach, but I was able to post this link. It will be under "forum", but the 5 pictures will be obvious. And 2 of the 5,
    describe the "beast" like graphics I mentioned.
    scottt331

  7. #6
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up RE: fireman4it: Trouble with DDS Scan- Still trying.

    Hello,
    Wanted to let you know I haven't quit. I'm just having trouble the last two nights trying to run this DDS scan. I downloaded it okay to the desktop. And turned Norton off. The thing I haven't yet figured out, "Is how to 'Disable any script protection running' if the scan fails to run". By that do you just mean AV software? I'll keep trying at this, please let me know if you read this before, I get the scan to run.
    Thanks,
    scottt331

  8. #7
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Fireman4it: DDS scan posted below and Attach scan attached, wasn't able to zip.

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Scott at 5:15:13 on 2011-11-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3034.1565 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Norton Management\Engine\1.1.1.3\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\System32\snmptrap.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k wcssvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Management\Engine\1.1.1.3\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\WINDOWS\LockStatusTray.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\System32\msdtc.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\SysWow64\perfhost.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\vds.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    mRun: [<NO NAME>]
    mRun: [LockStatusTray] "C:\Windows\LockStatusTray.exe"
    mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    mRunOnce: [SMRequiresRestart]
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: dds.pif
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{4FA7EBC1-5A84-4B49-80CF-0AB39A7F9AF2} : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{4FA7EBC1-5A84-4B49-80CF-0AB39A7F9AF2}\7457563747143636563737 : DhcpNameServer = 64.89.70.2 64.89.74.2
    TCP: Interfaces\{4FA7EBC1-5A84-4B49-80CF-0AB39A7F9AF2}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
    TCP: Interfaces\{4FA7EBC1-5A84-4B49-80CF-0AB39A7F9AF2}\D4F6C6C697723702642756560275966496 : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO-X64: AOL Toolbar Loader - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    mRun-x64: [(Default)]
    mRun-x64: [LockStatusTray] "C:\Windows\LockStatusTray.exe"
    mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
    mRunOnce-x64: [SMRequiresRestart]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
    R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0101010.003\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0101010.003\ccSetx64.sys [?]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]
    R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20111118.030\IDSviA64.sys [2011-11-18 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-11-21 89600]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\1.1.1.3\ccSvcHst.exe [2011-9-23 138760]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-8 138760]
    R2 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-21 1692480]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-9-24 722616]
    S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]
    S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    regfile=NOTEPAD.EXE %1
    scrfile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2011-11-19 04:51:22 -------- d-----w- C:\Users\Scott\AppData\Local\VS Revo Group
    2011-11-19 04:51:16 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2011-11-19 04:51:14 -------- d-----w- C:\Program Files\VS Revo Group
    2011-11-17 08:15:35 -------- d-----w- C:\Program Files\Canon
    2011-11-17 08:01:05 23464 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
    2011-11-16 03:02:20 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-11-16 03:02:06 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-11-16 03:02:02 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-11-16 02:59:30 -------- d-----w- C:\Users\Scott\AppData\Local\PowerDVD DX
    2011-11-16 02:50:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-11-16 02:50:32 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-11-16 02:50:31 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-11-16 02:50:31 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-11-16 02:50:31 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-11-16 02:45:58 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2011-11-16 02:45:57 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-11-16 02:45:57 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-11-16 02:45:57 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-11-16 02:45:57 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-11-16 02:45:57 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-11-16 02:45:57 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-11-15 17:11:17 53248 ----a-r- C:\Users\Scott\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-11-14 18:01:41 -------- d-----w- C:\Users\Scott\AppData\Roaming\PCDr
    2011-11-14 07:12:38 -------- d-----w- C:\Users\Scott\AppData\Local\AOL Toolbar
    2011-11-14 07:12:28 -------- d-----w- C:\ProgramData\AOL Toolbar
    2011-11-14 07:12:28 -------- d-----w- C:\Program Files (x86)\AOL Toolbar
    2011-11-14 07:12:24 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
    2011-11-09 01:59:23 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys
    2011-11-09 01:59:22 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys
    2011-11-09 01:59:22 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys
    2011-11-09 01:59:22 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys
    2011-11-09 01:59:22 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys
    2011-11-09 01:59:22 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys
    2011-11-09 01:59:22 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys
    2011-11-09 01:59:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A
    2011-11-09 01:49:42 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 01:49:42 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 01:49:42 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 01:49:40 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-08 06:27:18 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2011-11-07 22:57:52 -------- d-----w- C:\Users\Scott\AppData\Local\HP
    2011-11-06 22:07:23 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-11-04 19:32:29 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
    2011-11-03 13:41:08 -------- d-----w- C:\Program Files\Dell Support Center
    2011-10-30 06:44:09 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2011-10-23 13:44:31 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2011-10-21 23:08:39 -------- d--h--w- C:\Windows\msdownld.tmp
    2011-10-21 21:38:06 -------- d-----w- C:\Users\Scott\AppData\Local\IsolatedStorage
    2011-10-21 21:29:52 -------- d-----w- C:\Users\Scott\AppData\Local\Logishrd
    2011-10-21 21:16:01 -------- d-----w- C:\Program Files (x86)\Microsoft
    2011-10-21 20:02:06 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-21 20:02:02 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-20 19:09:39 -------- d-----w- C:\Users\Scott\AppData\Roaming\IObit
    2011-10-20 19:09:35 -------- d-----w- C:\Program Files (x86)\IObit
    .
    ==================== Find3M ====================
    .
    2011-11-17 06:32:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-03 01:36:41 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-10-20 04:34:58 525544 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-10-20 04:16:58 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-09-30 15:52:22 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-09-24 16:35:35 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-09-24 16:35:35 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-09-24 16:04:03 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
    2011-09-02 06:30:46 55064 ----a-w- C:\Windows\System32\LMouFiltCoInst.dll
    2011-09-02 06:30:36 60696 ----a-w- C:\Windows\System32\drivers\LMouFilt.Sys
    2011-09-02 06:30:36 1845528 ----a-w- C:\Windows\System32\LkmdfCoInst.dll
    2011-09-02 06:30:24 76056 ----a-w- C:\Windows\System32\drivers\LEqdUsb.sys
    2011-09-02 06:30:24 66840 ----a-w- C:\Windows\System32\drivers\LHidFilt.Sys
    2011-09-02 06:30:24 15128 ----a-w- C:\Windows\System32\drivers\LHidEqd.sys
    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 5:16:02.64 ===============
    Attached Files

  9. #8
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Photos- another attempt to display.

    Got one attached.
    scottt331
    Attached Files

  10. #9
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Fireman4it: Posting aswMBR.exe scan below

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-19 06:18:17
    -----------------------------
    06:18:17.150 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:18:17.150 Number of processors: 2 586 0x170A
    06:18:17.150 ComputerName: SCOTT-PC UserName: Scott
    06:18:28.725 Initialize success
    06:19:03.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    06:19:03.077 Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 11
    06:19:05.120 Disk 0 MBR read successfully
    06:19:05.136 Disk 0 MBR scan
    06:19:05.136 Disk 0 Windows VISTA default MBR code
    06:19:05.136 Service scanning
    06:19:08.037 Modules scanning
    06:19:08.037 Disk 0 trace - called modules:
    06:19:08.069 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    06:19:08.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031d36a0]
    06:19:08.084 3 CLASSPNP.SYS[fffff88001b5443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e22680]
    06:19:08.084 Scan finished successfully
    06:19:30.314 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\MBR.dat"
    06:19:30.314 The log file has been saved successfully to "C:\Users\Scott\Desktop\aswMBR.txt"

  11. #10
    Member
    Join Date
    Jul 2009
    Posts
    205
    Points
    2

    Thumbs up Fireman4it: 4 graphics (malware)(etiology?) attached here

    See 4 here, and 1 from prior post attached,there.
    scottt331
    Attached Files

Page 1 of 4 123 ... LastLast