Deleting PC Tools folders after trying to uninstall Spyware program.

Hi Greg,

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

---------------------------------------------------
Please include the contents of the following logs by copying and pasting the text of each into your next reply:

DDS.txt
Attach.txt

Greg, do you still need help? Let me know if you have any questions about  running DDS.

I will try this again. I did not realize that my previous running did not post.

Here it is:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Greg at 23:07:26 on 2012-01-01

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3070.1430 [GMT -8:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Fingerprint Reader Suite\upeksvr.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\aestsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Internet Content Filter\UpdateService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files\Fingerprint Reader Suite\psqltray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Internet Content Filter\SafeEyes.exe

C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uSearch Bar =

uWindow Title = Internet Explorer provided by Dell

uStart Page = hxxp://www.comcast.net/

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080129

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.1.0.29\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\comcast\comcas~1\data\xtras\mssysmgr.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"

mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s

mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [ICF] "c:\program files\internet content filter\SafeEyes.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: c:\windows\system32\icf.dll

Trusted Zone: intuit.com\ttlc

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{017FE617-D2CE-4F32-8132-1FFB05CA49BC} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BAD3340D-3443-4E4B-9B43-39ACB83EFD23} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BAD3340D-3443-4E4B-9B43-39ACB83EFD23}\441697370294E6E6 : DhcpNameServer = 204.130.255.3 209.63.0.6

TCP: Interfaces\{BAD3340D-3443-4E4B-9B43-39ACB83EFD23}\744534A5A4A40284F6D656 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BAD3340D-3443-4E4B-9B43-39ACB83EFD23}\E4544574541425 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: psfus - c:\windows\system32\psqlpwd.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

LSA: Notification Packages = scecli psqlpwd

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-9-23 39560]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-9-23 43656]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-9 207792]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-10-4 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-10-4 744568]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-10 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-10 59664]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111221.003\BHDrvx86.sys [2011-12-26 819320]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-9-23 17032]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-9-23 185480]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20111228.001\IDSvix86.sys [2011-12-28 368248]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-9 233136]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-10-4 136312]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0501000.01d\symnets.sys [2011-10-4 299640]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe [2010-6-10 73728]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-10 112592]

R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-9-23 60040]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-10-4 130008]

R2 seUpdateSvc;Safe Eyes Update Service;c:\program files\internet content filter\UpdateService.exe [2011-11-14 234496]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-26 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-5-9 70408]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-12-26 27192]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-10 33552]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-21 1343400]

S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-1-29 209408]

S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]

S4 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-12-28 01:40:37 -------- d-----w- c:\users\greg\appdata\roaming\com.amazon.music.uploader

2011-12-28 01:38:10 -------- dc----w- c:\program files\Amazon

2011-12-27 07:27:20 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group

2011-12-27 07:27:09 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-12-27 07:27:05 -------- dc----w- c:\program files\VS Revo Group

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-12-27 02:19:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-12-26 18:30:17 -------- dc----w- c:\program files\iPod

2011-12-26 18:30:14 -------- dc----w- c:\program files\iTunes

2011-12-26 18:03:35 -------- dc----w- c:\program files\Bonjour

2011-12-14 11:05:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-14 11:05:02 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-12-14 11:05:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

2011-12-14 11:05:01 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 11:05:00 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 11:04:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

2011-12-14 11:04:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-13 23:18:59 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 23:18:51 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 23:18:37 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-12-13 23:18:36 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 23:18:34 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-13 23:18:34 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe

.

==================== Find3M  ====================

.

2011-11-19 17:09:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-05 14:58:36 212992 ----a-w- c:\windows\system32\BibleSaver.scr

2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-10 20:47:44 293376 --sha-w- C:\EUMONBMP.SYS

2011-10-08 00:29:02 217088 ----a-w- c:\windows\system32\DownloadXPro.dll

2011-10-05 00:32:14 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

=================== ROOTKIT  ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: >>UNKNOWN [0x82E46000]<< >>UNKNOWN [0x8BD16000]<< >>UNKNOWN [0x8BD05000]<< >>UNKNOWN [0x8B5A6000]<< >>UNKNOWN [0x8B40E000]<< >>UNKNOWN [0x82E0F000]<<

_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }

1 ntkrnlpa!IofCallDriver[0x82E7D52A] -> \Device\Harddisk0\DR0[0x870B6310]

\Driver\Disk[0x870B4288] -> IRP_MJ_CREATE -> 0x8BD1A39F

3 [0x8BD1A59E] -> ntkrnlpa!IofCallDriver[0x82E7D52A] -> [0x870B6B40]

\Driver\PCTCore[0x862E8030] -> IRP_MJ_CREATE -> 0x8B5C5154

5 [0x8B5B2891] -> ntkrnlpa!IofCallDriver[0x82E7D52A] -> \Device\Ide\IAAStorageDevice-0[0x862DB030]

\Driver\iaStor[0x862CD958] -> IRP_MJ_CREATE -> 0x8B44D818

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 23:08:09.46 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 6/15/2010 6:02:58 PM

System Uptime: 1/1/2012 6:51:02 PM (5 hours ago)

.

Motherboard: Dell Inc. |  | 0XR509

Processor: Intel(R) Core(TM)2 Duo CPU     T5450  @ 1.66GHz | Microprocessor | 1667/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 204.44 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 2.084 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP123: 11/9/2011 7:41:54 PM - Windows Update

RP124: 11/11/2011 9:30:07 PM - Windows Update

RP125: 11/12/2011 6:41:51 PM - Installed calibre

RP126: 11/26/2011 2:29:02 PM - Installed e-Sword.

RP127: 12/6/2011 8:11:11 AM - Removed e-Sword Macros for Word 2010

RP128: 12/6/2011 8:13:16 AM - Removed e-Sword Macros for Word 2007

RP129: 12/6/2011 8:15:49 AM - Removed e-Sword GUI Localization.

RP130: 12/6/2011 8:16:16 AM - Removed e-Sword Bible Screen Saver

RP131: 12/6/2011 8:17:34 AM - Removed e-Sword

RP132: 12/13/2011 4:24:48 PM - Installed e-Sword.

RP133: 12/13/2011 4:30:54 PM - Installed e-Sword Bible Screen Saver

RP134: 12/13/2011 4:34:41 PM - Installed e-Sword STEP Sampler

RP135: 12/14/2011 3:00:41 AM - Windows Update

RP136: 12/26/2011 10:04:39 AM - Installed iTunes

RP137: 12/26/2011 7:35:04 PM - Installed calibre

RP138: 12/26/2011 7:43:44 PM - Installed calibre

RP139: 1/1/2012 7:51:37 PM - Removed Apple Mobile Device Support

RP141: 1/1/2012 10:41:25 PM - Revo Uninstaller Pro's restore point - Lambers

RP143: 1/1/2012 10:44:18 PM - Revo Uninstaller Pro's restore point - CPA AUDIT Special Edition

RP145: 1/1/2012 10:46:36 PM - Revo Uninstaller Pro's restore point - Lambers

RP147: 1/1/2012 10:49:34 PM - Revo Uninstaller Pro's restore point - CPA BEC Special Edition

RP149: 1/1/2012 10:51:25 PM - Revo Uninstaller Pro's restore point - CPA FAR Special Edition

RP151: 1/1/2012 10:55:13 PM - Revo Uninstaller Pro's restore point - CPA REG Special Edition

.

==== Installed Programs ======================

.

.

Acrobat.com

Adobe AIR

Adobe Common File Installer

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Premiere Elements 4.0

Adobe Premiere Elements 4.0 Templates

Adobe Reader X (10.1.1)

Advanced Audio FX Engine

Advanced Video FX Engine

Amazon MP3 Uploader

Apple Application Support

Apple Software Update

BlackBerry Desktop Software 6.1

BlackBerry Device Software Updater

BlackBerry® Media Sync

Bonjour

Browser Address Error Redirector

Browser Defender 2.0.6.15

calibre

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Comcast PhotoShow Deluxe 4

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Driver Download Manager

Dell Getting Started Guide

Dell Resource CD

Dell Support Center

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card

DellSupport

e-Sword

e-Sword Bible Screen Saver

EaseUS Todo Backup Free 3.0

ExamMatrix CPA Exam Review 2011

Fingerprint Reader Suite 5.6

Google Toolbar for Internet Explorer

Google Update Helper

Intel(R) Matrix Storage Manager

iTunes

Java(TM) SE Runtime Environment 6

Junk Mail filter update

Laptop Integrated Webcam Driver (1.04.01.1011)  

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

MediaDirect

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Math Add-in for Word 2007

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel 2007 Get Started Tab

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office Small Business Connectivity Components

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Office Word 2007 Get Started Tab

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Small Basic v0.6

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C Runtime

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio Web Authoring Component

Microsoft Visual Web Developer 2008 Express Edition - ENU

Microsoft Web Platform Installer 2.0 RC

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web

Microsoft Works

Move Networks Media Player for Internet Explorer

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music, Photos & Videos Launcher

NetZeroInstallers

Norton Security Suite

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OutlookAddinSetup

Product Documentation Launcher

QuickSet

QuickTime

Revo Uninstaller Pro 2.5.7

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Premier

Roxio Creator Tools

Roxio EasyArchive

Roxio MyDVD Premier

Roxio Update Manager

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

SigmaTel Audio

Skype Toolbars

Skype™ 5.0

Sonic Activation Module

Spelling Dictionaries Support For Adobe Reader 8

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

User's Guides

VC Runtimes MSI

WIDCOMM Bluetooth Software 6.0.1.3100

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

12/27/2011 7:37:30 PM, Error: NetBT [4321]  - The name "TAYLOR NETWORK :1d" could not be registered on the interface with IP address 192.168.0.18. The computer with the IP address 192.168.0.10 did not allow the name to be claimed by this computer.

12/26/2011 2:14:17 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer TAYLOR-FAMILYPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BAD3340D-3443-4E4B-9B43-39. The master browser is stopping or an election is being forced.

12/26/2011 2:03:54 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

1/1/2012 8:36:00 PM, Error: Service Control Manager [7034]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).

1/1/2012 8:05:25 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user GNT-LAPTOP\Greg SID (S-1-5-21-3364808351-3183729669-1809300887-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/1/2012 8:05:25 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user GNT-LAPTOP\Greg SID (S-1-5-21-3364808351-3183729669-1809300887-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/1/2012 8:05:25 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user GNT-LAPTOP\Greg SID (S-1-5-21-3364808351-3183729669-1809300887-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/1/2012 7:58:29 PM, Error: Service Control Manager [7031]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

1/1/2012 7:48:59 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/1/2012 6:52:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14346]  - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

1/1/2012 6:52:36 PM, Error: Service Control Manager [7000]  - The BCM42RLY service failed to start due to the following error:  The system cannot find the file specified.

1/1/2012 6:52:11 PM, Error: Service Control Manager [7000]  - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:  The system cannot find the file specified.

.

==== End Of File ===========================

Thanks,

Greg

Did you try disabling Norton and removing the folders in Safemode? It appears that you have tried Revo Uninstaller.  Did you by any chance try AppRemover?

I'm concerned about this line:
Warning: possible TDL3 rootkit infection !

I would suggest having some more extensive diagnostics done on this to see why there is a rootkit warning. It may be a false positive, but it would be good to know.  Dell Community no longer handles malware removal and related diagnostics.My suggestion is to post in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the diagnostic logs and a cleanup. Help is free, but you will need to register there. In addition, there are other options listed at the top of the this forum. Some are free; some require a fee. Please use only one resource. It can be counter-productive to have too many people trying to help. Good luck! :emotion-1:

Thanks. I just tried the disabling of Norton, and removing the files in safe mode. I was not able to do so. I downloaded AppRemover, and can't temove the last file under a PC Tools folder. The executable file that the .dll file runs from does not exist, but i can't break the file.

I will try to use SpywareHammer and see i they can help. I need to get rid of this so I can load a different internet safety program.

Thanks.

Greg

You're welcome, Greg. I approved your membership there and alerted staff that you will be posting. I also included a link to your DDS logs so you probably will not need to repeat that. In fact, skip the initial HijackThis scan and log and tell them to refer to your DDS log at Dell.

Greg, your topic at SpywareHammer has gone inactive. Your helper is waiting for you to post the results of the scan for the rootkit that was noted.

This discussion is closed because the original poster has been referred to a dedicated malware removal site.
Everyone else wanting advice on a similar issue, please begin a New Post at the top of the forum.