My computer has recently been bogged down by what was at first a virus, and then a series of adware/malware programs that were (and some still are) running. I'm still having a huge delay in booting/shutting down the system. Unless I set priorities to my programs (Firefox, Explorer etc.) they take forever to load. I'm getting programs like ping.exe running always

Recommended Answers

All 40 Replies

The only way we can offer assistance is for you to follow all the steps given in our Read Me First sticky and post back with copy/pastes of all the requested logs. Then assistance can be offered right now you have given no information that can help us make any type of determination of what should be done.

My problem is almost exactly the same as the thread above, but I can not use that to solve my problem because the links on that one don't work anymore.

I have Norton, and it keeps detecting Ping.Exe in a folder I can not find. Plus every time I delete it with Norton it keeps coming back.
Norton is also detecting a Trojan.Gen.2

I'm following the instructions on the thread you gave me but Microsoft® Windows® Malicious Software Removal Tool (KB890830) doesn't work. I'm using Windows 7 64-bit Home Premium

I gave you the correct instructions we require in my second post. You should not be following instructions that are 5 years old. The link I gave you are the current steps we require. All links in it are good. Please follow those instructions as posted.

ok I will I'm make sure to complete them quickly and thoroughly

Here is the Microsoft® Windows® Malicious Software Removal Tool for Windows 7 64bit
It does work with Windows 7 64bit, that is what I am running.
Supported Operating Systems: Windows 7, Windows Server 2003 x64 editions, Windows Server 2008, Windows Server 2008 R2, Windows Vista Business 64-bit edition, Windows Vista Enterprise 64-bit edition, Windows Vista Home Basic 64-bit edition, Windows Vista Home Premium 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows XP 64-bit

Any tool that does not run, skip and move to the next tool. Please note which ones don't run and let us know.

Here are the logs, I could not get GMER 1 but I have everything else

Here is everything

Rootkit scan 2011-10-25 14:13:35
Windows 6.1.7601 Service Pack 1
Running: 4sm0fik1.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0xF8 0x39 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0xCB 0x84 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x25 0x85 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB6 0x0A 0x00 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFA 0xF2 0x9A 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0xD3 0xD0 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1C 0xCB 0x84 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x25 0x85 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB6 0x0A 0x00 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFA 0xF2 0x9A 0xC7 ...

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware

Database version: 7622

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

25/10/2011 7:12:25 PM
mbam-log-2011-10-25 (19-12-25).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 559080
Time elapsed: 2 hour(s), 27 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\gary\download fate\lazylaunch\lazylaunch\lazylaunch.exe (Hacktool.Gen) -> Quarantined and deleted successfully.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by Gary at 19:36:36 on 2011-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4087.1214 [GMT -5:00]
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://
uDefault_Page_URL = hxxp://
mDefault_Page_URL = hxxp://
mStart Page = hxxp://
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Gary\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Webblog: {c3947f4e-8894-4c04-98e0-df182c706ddf} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WorkForce 310(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE /FU "C:\Windows\TEMP\E_S2EAE.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 310 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFHA.EXE /FU "C:\Windows\TEMP\E_S3C07.tmp" /EF "HKCU"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all by FlashGet3 - C:\Users\Gary\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\Gary\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://
TCP: DhcpNameServer =
TCP: Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3} : DhcpNameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Gary\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Webblog: {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll
BHO-X64: Webblog - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Webblog: {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\8e58gu09.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://!&cfg=2-491-0-0&q=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\8e58gu09.default\extensions\{C3947F4E-8894-4C04-98E0-DF182C706DDF}\components\dtTransparency.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Gary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\IGG\100YearsWarPlayer\np100YearsWarPlayer.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20111025.030\IDSviA64.sys [2011-10-25 488568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-25 366152]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe [2011-10-11 126400]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 CLKMSVC10_039CBDDF;CyberLink Product - 2011/01/07 17:16:58;C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\NavFilter\kmsvc.exe [2010-11-5 254448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-1-4 8192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
=============== Created Last 30 ================
2011-10-26 00:33:04 -------- d-----w- C:\Users\Gary\AppData\Local\{85EC369A-1FB3-484D-8084-C2096439C4B1}
2011-10-26 00:31:52 -------- d-----w- C:\Users\Gary\AppData\Local\{E3C52EC4-5380-468A-9494-1CCDBC281F52}
2011-10-25 21:04:17 -------- d-----w- C:\Users\Gary\AppData\Local\{C392B4B4-6A8E-4484-8F02-BE341F195FF6}
2011-10-25 19:19:30 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes
2011-10-25 19:19:21 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-25 19:19:18 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-25 19:19:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-24 21:05:08 -------- d-----w- C:\Users\Gary\AppData\Local\{4773790E-92BC-4BA9-B789-0CD1414F267B}
2011-10-24 21:04:57 -------- d-----w- C:\Users\Gary\AppData\Local\{A9E91684-CAAC-4A52-B617-44756CBB5A8C}
2011-10-24 02:22:33 -------- d-----w- C:\Program Files (x86)\Payday The Heist
2011-10-24 00:05:18 -------- d-----w- C:\Users\Gary\AppData\Local\{C2A5B159-A222-44BA-BDEE-3ECE81171FE8}
2011-10-24 00:05:07 -------- d-----w- C:\Users\Gary\AppData\Local\{7250E1BD-A8E4-467D-AD13-B1CF820A85F1}
2011-10-23 15:38:33 -------- d-----w- C:\Users\Gary\AppData\Local\{7C35BA41-3D75-43C2-ACC6-D97CA525CC84}
2011-10-23 15:38:21 -------- d-----w- C:\Users\Gary\AppData\Local\{DCBA54CA-8602-4AB5-B099-8546C10544B6}
2011-10-23 00:00:08 -------- d-----w- C:\Users\Gary\AppData\Local\PAYDAY
2011-10-23 00:00:08 -------- d-----w- C:\ProgramData\RELOADED
2011-10-22 23:45:39 -------- d-----we C:\Windows\system64
2011-10-22 23:45:33 349475 ----a-w- C:\Users\Gary\AppData\Roaming\
2011-10-22 15:50:39 -------- d-----w- C:\Users\Gary\AppData\Local\{AE6DCFE2-3E31-48A2-BE66-67A2C5549EE7}
2011-10-22 15:50:25 -------- d-----w- C:\Users\Gary\AppData\Local\{29E29481-4622-4AEB-A26C-37710244C0A7}
2011-10-21 15:04:56 -------- d-----w- C:\Users\Gary\AppData\Local\{4B7EC7D6-D1DD-444F-9FE6-7C8743B8B8C9}
2011-10-21 15:04:42 -------- d-----w- C:\Users\Gary\AppData\Local\{E7BA4499-17C7-4DDC-B303-DD6177E2944C}
2011-10-20 17:03:49 -------- d-----w- C:\Users\Gary\AppData\Local\{AF590326-DAF8-4C87-9D50-B2F73AA0DB12}
2011-10-20 17:03:38 -------- d-----w- C:\Users\Gary\AppData\Local\{84F58B79-9E7E-403F-81C5-74F8CACB0255}
2011-10-19 19:38:30 -------- d-----w- C:\Users\Gary\AppData\Local\{E2BF7A8C-CD30-4FC0-98EA-74490FC2CFD9}
2011-10-19 19:38:18 -------- d-----w- C:\Users\Gary\AppData\Local\{5F5AEFD8-34CD-43B2-A614-80AC107EDBF8}
2011-10-18 19:40:47 -------- d-----w- C:\Users\Gary\AppData\Local\{6C3A54EB-A34A-4EAC-810C-D24F11FF9886}
2011-10-18 19:40:34 -------- d-----w- C:\Users\Gary\AppData\Local\{90B49EF5-F502-457A-8B81-265094A5D5CD}
2011-10-17 18:14:52 -------- d-----w- C:\Users\Gary\AppData\Roaming\Might & Magic Heroes VI
2011-10-17 11:37:31 -------- d-----w- C:\Users\Gary\AppData\Local\{B87CCAF4-6BE8-49A8-BB9D-7F3A04CECBF4}
2011-10-17 11:37:16 -------- d-----w- C:\Users\Gary\AppData\Local\{49577FF3-AF80-4820-8BBE-AFFB8EDD4408}
2011-10-16 17:00:11 -------- d-----w- C:\Users\Gary\AppData\Local\{14B7FFBD-0102-45C1-B450-967F31F57E36}
2011-10-16 16:59:58 -------- d-----w- C:\Users\Gary\AppData\Local\{1AA92E1B-D089-4FF5-BC7A-D633117F1626}
2011-10-15 16:32:19 -------- d-----w- C:\Users\Gary\AppData\Local\{A8DD776E-B8A0-4058-A3F7-60881C79D757}
2011-10-15 16:32:06 -------- d-----w- C:\Users\Gary\AppData\Local\{62A259D7-8BC7-4DC1-B2EE-1130E88767AB}
2011-10-14 20:25:55 -------- d-----w- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2011-10-14 20:20:53 -------- d-----w- C:\Program Files (x86)\Vogster Entertainment
2011-10-14 17:02:06 -------- d-----w- C:\Users\Gary\AppData\Local\{4E084F35-CC90-4053-B5C0-A45612F9008F}
2011-10-14 17:01:54 -------- d-----w- C:\Users\Gary\AppData\Local\{0E518A26-CF02-4F1D-AB9F-68544DE37D3B}
2011-10-13 19:00:08 -------- d-----w- C:\Users\Gary\AppData\Local\{1F43AFCF-3827-42D2-8DAE-58710D060356}
2011-10-13 18:59:50 -------- d-----w- C:\Users\Gary\AppData\Local\{159D5466-3DCA-4ABE-8482-1DAAE5B09B07}
2011-10-12 19:34:20 -------- d-----w- C:\Users\Gary\AppData\Local\{4F8DB25C-986B-4EEE-A119-BB934BFB56C0}
2011-10-12 19:34:08 -------- d-----w- C:\Users\Gary\AppData\Local\{3845C33D-E97A-4ECB-9B0D-31EE18274BF9}
2011-10-11 21:53:20 593544 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys
2011-10-11 21:53:20 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtsp64.sys
2011-10-11 21:53:20 451704 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys
2011-10-11 21:53:20 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys
2011-10-11 21:53:20 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\srtspx64.sys
2011-10-11 21:53:20 221304 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys
2011-10-11 21:53:20 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys
2011-10-11 21:53:08 -------- d-----w- C:\Windows\System32\drivers\NISx64\1109000.00C
2011-10-11 17:46:07 -------- d-----w- C:\Users\Gary\AppData\Local\{F69906E1-EBC8-4AFA-B982-587491243E1D}
2011-10-11 17:45:44 -------- d-----w- C:\Users\Gary\AppData\Local\{464F5999-1CDB-49E0-8CF0-29D1A9E66212}
2011-10-10 16:56:24 -------- d-----w- C:\Users\Gary\AppData\Local\{B43BD36F-AA75-49DF-B4B3-906D4552A698}
2011-10-10 16:56:13 -------- d-----w- C:\Users\Gary\AppData\Local\{9C54A61B-11EF-4F89-8834-B922F444BEF7}
2011-10-09 20:57:36 -------- d-----w- C:\Users\Gary\AppData\Local\{CD3B1656-18DD-49CA-8EE4-5FBAA318C238}
2011-10-09 20:57:24 -------- d-----w- C:\Users\Gary\AppData\Local\{11C5D37B-E9C6-4346-A8F0-EBC367CDF070}
2011-10-08 16:46:09 -------- d-----w- C:\Users\Gary\AppData\Local\{CC97A74E-D138-42CC-AD66-AFC3FCB8D881}
2011-10-08 16:45:57 -------- d-----w- C:\Users\Gary\AppData\Local\{DD57AA67-4712-45B8-BBE1-B711A489AC0E}
2011-10-07 20:44:39 -------- d-----w- C:\Users\Gary\AppData\Local\{9D0AE5F6-B8C3-429A-948C-2606A2371A00}
2011-10-07 20:44:26 -------- d-----w- C:\Users\Gary\AppData\Local\{44102307-9BC0-4ACA-931D-1B0904B552F0}
2011-10-06 19:09:33 -------- d-----w- C:\Users\Gary\AppData\Local\{FEA0F4AA-AA2A-4A30-A15F-872D03858940}
2011-10-06 19:09:21 -------- d-----w- C:\Users\Gary\AppData\Local\{8705BD6C-9817-440A-94C4-FA07C670113E}
2011-10-05 19:05:13 -------- d-----w- C:\Users\Gary\AppData\Local\{54CD382F-C3D8-4591-959E-B089BC1AAEF3}
2011-10-05 19:05:01 -------- d-----w- C:\Users\Gary\AppData\Local\{326B3A7C-86A7-48A0-87C9-A54EA85C1085}
2011-10-04 17:18:48 -------- d-----w- C:\Users\Gary\AppData\Local\{01646DD8-A1DC-411D-BC88-EE1AE9E99BD7}
2011-10-04 17:18:34 -------- d-----w- C:\Users\Gary\AppData\Local\{B79DB08F-54D8-495D-BFC4-AE6ABC30E98F}
2011-10-03 21:55:27 -------- d-----w- C:\Users\Gary\AppData\Local\{48A7BA5D-9DE4-4C63-92F4-5B033DCA7500}
2011-10-03 21:55:14 -------- d-----w- C:\Users\Gary\AppData\Local\{62AEA262-6FB8-4A73-BC58-C69EDA35E911}
2011-10-03 02:15:23 -------- d-s---w- C:\Downloads
2011-10-03 02:14:47 -------- d-----w- C:\Users\Gary\AppData\Roaming\FlashGet
2011-10-03 02:14:47 -------- d-----w- C:\Users\Gary\AppData\Roaming\BITS
2011-10-03 02:14:43 -------- d-----w- C:\Users\Gary\AppData\Roaming\FlashGetBHO
2011-10-03 02:14:41 -------- d-----w- C:\Program Files (x86)\FlashGet Network
2011-10-03 00:38:40 -------- d-----r- C:\Users\Gary\Dropbox
2011-10-03 00:36:23 -------- d-----w- C:\Users\Gary\AppData\Roaming\Dropbox
2011-10-02 17:01:34 -------- d-----w- C:\Users\Gary\AppData\Local\{5F094D1B-A3C1-4F82-87AA-13B4B106E226}
2011-10-02 17:01:21 -------- d-----w- C:\Users\Gary\AppData\Local\{7DEAF3D0-B35E-4ECB-8D5A-A1C2B06016F4}
2011-10-01 15:25:03 -------- d-----w- C:\Users\Gary\AppData\Local\{AE201FA4-C7D9-44B6-A2E1-9EF2DA972E1A}
2011-10-01 15:24:51 -------- d-----w- C:\Users\Gary\AppData\Local\{EF6CD32A-0CAC-4E7E-B6E6-5053356FFC79}
2011-10-01 03:06:44 -------- d-----w- C:\Users\Gary\AppData\Local\wanted
2011-10-01 03:06:44 -------- d-----w- C:\ProgramData\wanted
2011-10-01 02:58:45 -------- d-----w- C:\Windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2011-10-01 02:57:30 424624 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-10-01 02:57:30 138472 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-10-01 02:57:30 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-10-01 02:57:29 418480 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-10-01 02:57:29 115432 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-10-01 02:52:01 -------- d-----w- C:\Program Files (x86)\WarnerBros
2011-09-30 20:55:15 -------- d-----w- C:\Users\Gary\AppData\Local\{2984B45A-FD55-4DF8-85BB-40E397F0F71D}
2011-09-30 20:55:00 -------- d-----w- C:\Users\Gary\AppData\Local\{5DADBDDB-50D4-4488-89C7-23D798DFF0A5}
2011-09-29 19:15:48 -------- d-----w- C:\Users\Gary\AppData\Local\{3ADF836D-253F-4789-8C6C-59FEEBE9D2D8}
2011-09-29 19:15:37 -------- d-----w- C:\Users\Gary\AppData\Local\{1193A602-F388-4321-9F58-7E189E79454B}
2011-09-28 22:12:57 -------- d-----w- C:\Program Files (x86)\The Cursed Crusade
2011-09-28 17:00:13 -------- d-----w- C:\Users\Gary\AppData\Local\{32B76167-7301-4BFD-B994-0C9429BF1154}
2011-09-28 17:00:02 -------- d-----w- C:\Users\Gary\AppData\Local\{74C53537-02D5-4E3B-AD2B-8C714D177C29}
2011-09-27 20:29:15 -------- d-----w- C:\Users\Gary\AppData\Local\{1B48F58A-80D2-4CF0-BBE6-65B6C870E877}
2011-09-27 20:29:04 -------- d-----w- C:\Users\Gary\AppData\Local\{CCBDA0C3-0E4A-4D52-858A-CFCB859DDABD}
2011-09-26 21:36:35 -------- d-----w- C:\Users\Gary\AppData\Local\{F1F90F08-3A82-4B35-8422-D6E1B1E3BEC3}
2011-09-26 21:36:24 -------- d-----w- C:\Users\Gary\AppData\Local\{496763DC-4C0D-483B-8D08-1F66C763EAFA}
==================== Find3M ====================
2011-10-24 23:00:41 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-24 23:00:41 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-24 22:54:03 281200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-04 17:18:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\
============= FINISH: 19:38:24.25 ===============[/QUOTE]

DDS (Ver_2011-08-26.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/12/2010 1:19:45 PM
System Uptime: 25/10/2011 7:14:02 PM (0 hours ago)
Motherboard: Acer | | Aspire M3910
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2934/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 451 GiB total, 90.208 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 128 GiB total, 14.747 GiB free.
F: is FIXED (NTFS) - 106 GiB total, 33.152 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
L: is CDROM ()
M: is Removable
N: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Name: Windows Firewall Authorization Driver
Service: mpsdrv
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&DC382E&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&DC382E&0
Service: i8042prt
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
100Years'War Plugin version 2.1
18 Wheels of Steel - American Long Haul
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.6 MUI
Advertising Center
Agatha Christie - Death on the Nile
Akamai NetSession Interface
Anti-phishing Domain Advisor
APB Reloaded
Apple Application Support
Apple Software Update
Audacity 1.2.6
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Cheat Engine 6.0
Chuzzle Deluxe
Click to Call with Skype
Company of Heroes
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
EasyBits GO
eBay Worldwide
Epson Event Manager
EpsonNet Print
EpsonNet Setup
eSobi v2
Fable III
Fallout Mod Manager 0.13.21
Fallout New Vegas
FlashGet 3.7
GamersFirst LIVE!
Hotkey Utility
Identity Card
Java Auto Updater
Java(TM) 6 Update 24
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
LAME v3.98.3 for Audacity
LUNA Plus v1.0
Malwarebytes' Anti-Malware version
Mass Effect
Mass Effect 2
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft WSE 3.0 Runtime
Might & Magic Heroes VI
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nexon Game Manager
Norton Internet Security
Norton Online Backup
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
Payday The Heist (c) OVERKILL Software version 1
PDF Settings CS5
Plants vs. Zombies
Polar Bowler
Polar Golfer
PunkBuster Services
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Region Map Generator 2.70
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 5.5
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.10
Wanted: Weapons of Fate
Welcome Center
WildTangent Games App (Acer Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Tanks v.0.6.6
Zuma's Revenge
==== Event Viewer Messages From Past Week ========
25/10/2011 7:32:29 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
25/10/2011 7:14:53 PM, Error: Service Control Manager [7000] - The Htsysm service failed to start due to the following error: The system cannot find the file specified.
25/10/2011 7:14:41 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
25/10/2011 7:14:41 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
25/10/2011 5:23:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
22/10/2011 10:53:47 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
==== End Of File ===========================

You failed to update MBA-M before running the scan. It is 1400+ definitions behind. Please update it and run another full scan with it. Have it remove anything found.
Please do not post your logs in quotes, this makes them very hard to read.

Please also Uninstall Ubisoft Game Launcher this contained one of your infected files.

I can not update it, I have tried multiple times.

I can not access my control panel, the icons will not show up

Then how did you run MBA-M in the first place? You have to open the program to run it and it is updated via the program itself.Click Update Tab and then the Check for updates button.

I opened MBA-M and opened the "Updates" tab and clicked "Check for updates"
Just to make sure I did this twice both times it says I have the latest database version.

I'll run a full scan right now though

The most current database is 8021, unless you have this or something higher than this you do not have the latest database version.

If you do not have the latest version then try updating via Safe Mode with Networking.

It says my database version is 8021

Then that is the current one as of yesterday. It has updated again since then. The log you posted shows that you did no update before running the scan, which is an absolute must. MBA-M has multiple updates daily. Even if you do scans on the same day you must always check for updates before each scan.
Please update and run a full scan, have it remove all items, reboot and then come back and post the newest log.

Okay I updated it to 8026 and I am running the scan now

Ok, have it remove everything it finds and then be sure to reboot, this is often times critical to complete removals. Then post back here with the latest log.

roger I will remove everything it finds

Don't be doing anything else while it scans.No browsing, no email, no downloading, nothing.
This is one key thing when trying to clean a computer, don't do anything else but work on the cleaning and the tools you are using.

Here is the newest one, my computer wasn't doing anything else but this at the time

Malwarebytes' Anti-Malware

Database version: 8026

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

26/10/2011 11:07:49 PM
mbam-log-2011-10-26 (23-07-49).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 572241
Time elapsed: 1 hour(s), 58 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello? Can anyone please help me?

Sorry, but I am actually out of town until Sunday evening. This is the first chance I have had to get back here.
That scan is obviously clean.

Is your CPU still "bogged down" as you originally said?

You have a large number of unnecessary auto starting programs, which therefore run in the back ground all the time and could cause a drain on CPU usage.Many of these can be easily run manually when you need them, rather than have them run all the time, even when you are not using them. They still use some valuable resources just "sitting there" waiting to be used.

Another thing I see are you are three hard drives that are each nearly 75% full.
C: is FIXED (NTFS) - 451 GB total, 90.208 GB free. meaning you have used 361 GB of the hard drive
E: is FIXED (NTFS) - 128 GB total, 14.747 GB free. meaning you have used 114 GB of the hard drive
F: is FIXED (NTFS) - 106 GB total, 33.152 GB free. meaning you have used 73 GB of the hard drive

I am still getting a Trojan.Gen.2 from Norton

and its located in the temp folders. I can not located the folder Norton said it was in

Also I still getting Ping.exe

A temp folder is just that, a temporary folder. Empty your temp files using Disk Cleanup.
When Norton finds this do you tell it to remove it? There would be no reason to manually search, that is what an anti-virus program does, search, finds and then you tell it to remove whatever is found. Are you doing this?
Are you still using P2P? Our Read Me Sticky clearly says not to do this and to stop doing it.
This is how you are likely getting infections on your computer. P2P file sharing is one of the easiest ways to get infections, serious infections on a computer that sometimes can totally ruin the computer.

I am not using any P2P anymore.
I am telling Norton to remove it but it keeps popping back up

Did you empty all of your temp folders as directed?
You still have uTorrent installed

Please do the following:
Please download ComboFix by sUBs from

Please note that the download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Post back with the full combofix log.

All folders inside /c/programs files(x86) when i try to access them it says "Folder marked for deletion" after I used combofix. So i restarted and then my computer would not boot and it had to so a system restore

I have never seen this result using combofix, "All folders inside /c/programs files(x86)...Folder marked for deletion"
I presume then you have no combofix log either.

I do have one

here it is

2011-10-30 01:42:46 . 2011-10-30 01:42:46 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-10-30 01:42:36 . 2011-10-30 01:42:36 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2011-10-30 01:34:50 . 2011-10-30 01:34:50 3,918 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-10-30 01:24:16 . 2011-10-30 01:24:16 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-10-22 23:45:33 . 2011-10-22 23:45:33 349,475 ----a-w- C:\Qoobox\Quarantine\C\Users\Gary\AppData\Roaming\
2011-04-22 22:45:49 . 2011-04-22 23:18:21 1,669,931 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\setup.isn.vir
2011-04-22 22:45:49 . 2011-04-22 23:18:21 253,791 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\setup.inx.vir
2011-04-22 22:45:49 . 2011-04-22 23:07:02 1,214 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\setup.ini.vir
2011-04-22 22:45:49 . 2011-04-22 23:07:02 801,792 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\setup.exe.vir
2011-04-22 22:45:49 . 2011-04-22 23:07:02 473 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\layout.bin.vir
2011-04-22 22:45:49 . 2011-04-22 23:07:02 576,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\ISSetup.dll.vir
2011-04-22 22:45:49 . 2011-04-22 23:22:12 1,236,532,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\
2011-04-22 22:45:49 . 2011-04-22 23:07:48 397,193 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\data1.hdr.vir
2011-04-22 22:45:49 . 2011-04-22 23:07:48 597,421 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\
2011-04-22 22:45:49 . 2011-04-22 23:07:48 21,494 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\LOL\LeagueOfLegends.NA.04_12_2011_RADS\0x0409.ini.vir
2009-07-13 23:31:13 . 2009-07-14 01:39:46 53,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.