Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Search Redirect Virus?


  • This topic is locked This topic is locked
14 replies to this topic

#1 brett hull

brett hull

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 04 July 2011 - 03:02 PM

When I do a web search and click on the result, it redirects me to a different search-type website (find-quick-results.com, etc), instead of the intended website.

Thanks for the help resolving this in advance.



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Frank at 14:15:06 on 2011-07-04
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.735 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Frank\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://verizon.yahoo.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081210
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://verizon.my.yahoo.com/?fr=fp-ver
mDefault_Page_URL = hxxp://verizon.my.yahoo.com/?fr=fp-ver
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110627201138.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: 1ea85b5f: {b1fc89dd-4617-97c5-e0b6-50a008bc085c} - c:\programdata\atl7132.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [googletalk] c:\users\frank\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\frank\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5781/mcfscan.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B277B81B-1552-4A60-B09E-C5D759279BB6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB2DF116-ADEF-449E-8561-981F226133AC} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll, c:\programdata\atl7132.dll, c:\programdata\atl7132.dll, c:\programdata\atl7132.dll,c:\programdata\atl7132.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\mbwdzsih.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\users\frank\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\frank\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\frank\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\frank\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-27 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-27 165032]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-6-27 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-9 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-27 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-27 56064]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-10 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-27 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-27 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-27 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-10 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-27 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2011-06-29 13:43:44 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 00:14:39 -------- d-----w- c:\program files\McAfeeMOBK
2011-06-28 00:14:17 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-06-28 00:14:14 -------- d-----w- c:\program files\McAfee Online Backup
2011-06-28 00:11:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-06-28 00:11:37 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-28 00:11:28 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-28 00:11:28 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-28 00:11:28 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-28 00:11:28 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-28 00:11:28 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-28 00:11:28 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-28 00:11:27 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-28 00:11:23 -------- d-----w- c:\program files\common files\Mcafee
2011-06-28 00:11:22 -------- d-----w- c:\program files\McAfee.com
2011-06-28 00:11:10 -------- d-----w- c:\program files\McAfee
2011-06-27 23:39:03 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-24 13:05:31 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b1870f7-259c-48eb-b527-8080af316d9c}\mpengine.dll
2011-06-20 23:33:09 -------- d-----w- c:\users\frank\appdata\roaming\Malwarebytes
2011-06-20 23:32:46 -------- d-----w- c:\programdata\Malwarebytes
2011-06-18 21:32:30 184320 ----a-w- c:\programdata\atl7132.dll
2011-06-16 21:36:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-12 14:04:40 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-12 14:04:39 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-12 14:02:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-12 14:02:47 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-06-12 14:00:39 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 14:17:24.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 09 July 2011 - 01:12 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brett hull

brett hull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 09 July 2011 - 10:17 PM

Thanks Gringo. Here are the reports copied and pasted. I'll also attach all three in case it's easier for you to deal with them in that format. No new issues to report since initial post.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by Frank at 22:49:58 on 2011-07-09
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.827 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Frank\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://verizon.yahoo.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081210
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://verizon.my.yahoo.com/?fr=fp-ver
mDefault_Page_URL = hxxp://verizon.my.yahoo.com/?fr=fp-ver
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110627201138.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [googletalk] c:\users\frank\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\frank\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5781/mcfscan.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B277B81B-1552-4A60-B09E-C5D759279BB6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB2DF116-ADEF-449E-8561-981F226133AC} : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll, c:\programdata\atl7132.dll, c:\programdata\atl7132.dll, c:\programdata\atl7132.dll,c:\programdata\atl7132.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\mbwdzsih.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\users\frank\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\frank\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\frank\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\frank\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-16 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-27 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-27 165032]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-6-27 54776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-9 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-27 148520]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2011-2-8 689464]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-27 56064]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-10 111616]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-27 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-27 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-27 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-27 271480]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-10 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-27 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-05 19:41:40 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-07-05 19:41:39 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-29 13:43:44 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 00:14:39 -------- d-----w- c:\program files\McAfeeMOBK
2011-06-28 00:14:17 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-06-28 00:14:14 -------- d-----w- c:\program files\McAfee Online Backup
2011-06-28 00:11:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-06-28 00:11:37 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-28 00:11:28 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-28 00:11:28 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-28 00:11:28 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-28 00:11:28 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-28 00:11:28 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-28 00:11:28 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-28 00:11:27 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-28 00:11:23 -------- d-----w- c:\program files\common files\Mcafee
2011-06-28 00:11:22 -------- d-----w- c:\program files\McAfee.com
2011-06-28 00:11:10 -------- d-----w- c:\program files\McAfee
2011-06-27 23:39:03 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-24 13:05:31 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b1870f7-259c-48eb-b527-8080af316d9c}\mpengine.dll
2011-06-20 23:33:09 -------- d-----w- c:\users\frank\appdata\roaming\Malwarebytes
2011-06-20 23:32:46 -------- d-----w- c:\programdata\Malwarebytes
2011-06-16 21:36:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-12 14:04:40 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-12 14:04:39 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-12 14:02:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-12 14:02:47 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-06-12 14:00:39 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 22:51:13.51 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 12/9/2008 8:47:11 PM
System Uptime: 7/9/2011 6:48:22 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Core™2 Duo CPU T5800 @ 2.00GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 151.946 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.877 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6300
6300_Help
6300Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AnswerWorks 5.0 English Runtime
AOL Install
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Banctec Service Agreement
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
BlackBerry® Media Sync
Bonjour
Browser Address Error Redirector
BufferChm
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX20 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCScore
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Copy
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726)
Dell-eBay
Dell Best of Web
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DELL0604
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
EarthLink Setup Files
eBook: Fundamental Subjects Content Knowledge Study Guide
EDocs
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Facebook Plug-In
Fax
Google Desktop
Google Talk (remove only)
Google Talk Plugin
GoToAssist 8.0.0.514
GoToMeeting 4.0.0.320
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel® Matrix Storage Manager
iPhone Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
Kodak EasyShare software
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
MarketResearch
McAfee Online Backup
McAfee Security Scan Plus
McAfee Total Protection
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
NetWaiting
NetZeroInstallers
Norton Security Scan
OfotoXMI
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Quicken 2011
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SFR
SHASTA
skin0001
SKINXSDK
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Status
Toolbox
tooltips
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Verizon High Speed Internet
Verizon Servicepoint 3.7.44
VPRINTOL
WebReg
WildTangent Games
Windows Media Player Firefox Plugin
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
7/9/2011 6:43:54 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
7/9/2011 6:43:54 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2011 6:43:54 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2011 6:43:54 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2011 6:43:54 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2011 6:43:54 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2011 6:43:54 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2011 6:43:14 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
7/9/2011 6:43:04 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/9/2011 6:35:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
7/9/2011 6:35:57 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
7/9/2011 6:35:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
7/9/2011 6:35:06 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/9/2011 6:33:33 PM, Error: EventLog [6008] - The previous system shutdown at 6:31:38 PM on 7/9/2011 was unexpected.
7/9/2011 10:50:25 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/9/2011 10:49:27 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
7/9/2011 10:48:57 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/8/2011 10:22:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
7/6/2011 9:04:50 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/6/2011 8:55:21 PM, Error: EventLog [6008] - The previous system shutdown at 8:53:22 PM on 7/6/2011 was unexpected.
7/5/2011 11:47:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
.
==== End Of File ===========================

RkU Version:

3.8.389.593,

Type LE (SR2)
=============

=============

=============

=======
OS Name:

Windows Vista
Version

6.0.6002

(Service Pack

2)
Number of

processors #2
=============

=============

=============

=======
>Drivers
=============

=============

=============

=======
0x8C206000

C:\Windows\sy

stem32

\DRIVERS\igdk

md32.sys

6606848 bytes

(Intel

Corporation,

Intel

Graphics

Kernel Mode

Driver)
0x82210000

C:\Windows\sy

stem32

\ntkrnlpa.exe

3907584 bytes

(Microsoft

Corporation,

NT Kernel &

System)
0x82210000

PnpManager

3907584 bytes
0x82210000

RAW 3907584

bytes
0x82210000

WMIxWDM

3907584 bytes
0x97E10000

Win32k

2113536 bytes
0x97E10000

C:\Windows\Sy

stem32

\win32k.sys

2113536 bytes

(Microsoft

Corporation,

Multi-User

Win32 Driver)
0x8CA0A000

C:\Windows\sy

stem32

\DRIVERS\bcmw

l6.sys

1220608 bytes

(Broadcom

Corporation,

Broadcom

802.11

Network

Adapter

wireless

driver)
0x88003000

C:\Windows\Sy

stem32

\Drivers\Ntfs

.sys 1114112

bytes

(Microsoft

Corporation,

NT File

System

Driver)
0x83275000

C:\Windows\sy

stem32

\drivers\ndis

.sys 1093632

bytes

(Microsoft

Corporation,

NDIS 6.0

wrapper

driver)
0x8CE83000

C:\Windows\sy

stem32

\DRIVERS\HSX_

DPV.sys

1056768 bytes

(Conexant

Systems,

Inc., HSF_DP

driver)
0x8E00D000

C:\Windows\Sy

stem32

\drivers\tcpi

p.sys 958464

bytes

(Microsoft

Corporation,

TCP/IP

Driver)
0x804DE000

C:\Windows\sy

stem32\CI.dll

917504 bytes

(Microsoft

Corporation,

Code

Integrity

Module)
0xABC78000

C:\Windows\sy

stem32

\drivers\peau

th.sys 909312

bytes

(Microsoft

Corporation,

Protected

Environment

Authenticatio

n and

Authorization

Export

Driver)
0x8E4F5000

C:\Windows\Sy

stem32

\Drivers\dump

_iaStor.sys

815104 bytes
0x8300D000

C:\Windows\sy

stem32

\drivers\iast

or.sys 815104

bytes (Intel

Corporation,

Intel Matrix

Storage

Manager

driver -

ia32)
0x8D005000

C:\Windows\sy

stem32

\DRIVERS\HSX_

CNXT.sys

741376 bytes

(Conexant

Systems,

Inc.,

HSF_CNXT

driver)
0x8C00B000

C:\Windows\sy

stem32

\drivers\spsy

s.sys 720896

bytes

(Microsoft

Corporation,

security

processor)
0x8C853000

C:\Windows\Sy

stem32

\drivers\dxgk

rnl.sys

655360 bytes

(Microsoft

Corporation,

DirectX

Graphics

Kernel)
0x8C957000

C:\Windows\sy

stem32

\DRIVERS\HDAu

dBus.sys

577536 bytes

(Microsoft

Corporation,

High

Definition

Audio Bus

Driver)
0x83204000

C:\Windows\Sy

stem32

\Drivers\ksec

dd.sys 462848

bytes

(Microsoft

Corporation,

Kernel

Security

Support

Provider

Interface)
0x8060D000

C:\Windows\sy

stem32

\drivers\Wdf0

1000.sys

462848 bytes

(Microsoft

Corporation,

Kernel Mode

Driver

Framework

Runtime)
0x80414000

C:\Windows\sy

stem32

\mcupdate_Gen

uineIntel.dll

458752 bytes

(Microsoft

Corporation,

Intel

Microcode

Update

Library)
0x8313C000

C:\Windows\sy

stem32

\drivers\mfeh

idk.sys

450560 bytes

(McAfee,

Inc., McAfee

Link Driver)
0x81249000

C:\Windows\sy

stem32

\drivers\HTTP

.sys 446464

bytes

(Microsoft

Corporation,

HTTP Protocol

Stack)
0x8D12D000

C:\Windows\sy

stem32

\drivers\stwr

t.sys 348160

bytes (IDT,

Inc., NDHF)
0x8CB8F000

C:\Windows\sy

stem32

\DRIVERS\rixd

ptsk.sys

331776 bytes

(REDC, RICOH

XD SM Driver)
0xABC0D000

C:\Windows\Sy

stem32

\DRIVERS\srv.

sys 323584

bytes

(Microsoft

Corporation,

Server

driver)
0x8E487000

C:\Windows\sy

stem32

\drivers\mfef

irek.sys

307200 bytes

(McAfee,

Inc., McAfee

Core Firewall

Engine

Driver)
0x80735000

C:\Windows\Sy

stem32

\drivers\volm

grx.sys

303104 bytes

(Microsoft

Corporation,

Volume

Manager

Extension

Driver)
0x8E195000

C:\Windows\sy

stem32

\drivers\afd.

sys 294912

bytes

(Microsoft

Corporation,

Ancillary

Function

Driver for

WinSock)
0x8068C000

C:\Windows\sy

stem32

\drivers\acpi

.sys 286720

bytes

(Microsoft

Corporation,

ACPI Driver

for NT)
0x8C0F9000

C:\Windows\sy

stem32

\DRIVERS\yk60

x86.sys

286720 bytes

(Marvell,

NDIS6.0

Miniport

Driver for

Marvell Yukon

Ethernet

Controller)
0x8C13F000

C:\Windows\sy

stem32

\DRIVERS\Apfi

ltr.sys

270336 bytes

(Alps

Electric Co.,

Ltd., Alps

Touch Pad

Driver)
0x8049D000

C:\Windows\sy

stem32

\CLFS.SYS

266240 bytes

(Microsoft

Corporation,

Common Log

File System

Driver)
0x831B3000

C:\Windows\sy

stem32

\DRIVERS\stor

port.sys

266240 bytes

(Microsoft

Corporation,

Microsoft

Storage Port

Driver)
0x8C90A000

C:\Windows\sy

stem32

\DRIVERS\USBP

ORT.SYS

253952 bytes

(Microsoft

Corporation,

USB 1.1 & 2.0

Port Driver)
0x8CE46000

C:\Windows\sy

stem32

\DRIVERS\HSXH

WAZL.sys

249856 bytes

(Conexant

Systems,

Inc.,

HSF_HWAZL WDM

driver)
0x8E406000

C:\Windows\sy

stem32

\DRIVERS\rdbs

s.sys 245760

bytes

(Microsoft

Corporation,

Redirected

Drive

Buffering

SubSystem

Driver)
0x833AB000

C:\Windows\sy

stem32

\drivers\NETI

O.SYS 241664

bytes

(Microsoft

Corporation,

Network I/O

Subsystem)
0x8D19B000

C:\Windows\sy

stem32

\DRIVERS\OEM0

2Dev.sys

237568 bytes

(Creative

Technology

Ltd., Video

Capture

Device

Driver)
0x81341000

C:\Windows\sy

stem32

\DRIVERS\mrxs

mb10.sys

233472 bytes

(Microsoft

Corporation,

Longhorn SMB

Downlevel

SubRdr)
0x88113000

C:\Windows\sy

stem32

\drivers\vols

nap.sys

233472 bytes

(Microsoft

Corporation,

Volume Shadow

Copy Driver)
0x8CE00000

C:\Windows\sy

stem32

\DRIVERS\usbh

ub.sys 217088

bytes

(Microsoft

Corporation,

Default Hub

Driver for

USB)
0x825CA000

ACPI_HAL

208896 bytes
0x825CA000

C:\Windows\sy

stem32

\hal.dll

208896 bytes

(Microsoft

Corporation,

Hardware

Abstraction

Layer DLL)
0x830FA000

C:\Windows\sy

stem32

\drivers\fltm

gr.sys 204800

bytes

(Microsoft

Corporation,

Microsoft

Filesystem

Filter

Manager)
0x8E163000

C:\Windows\Sy

stem32

\DRIVERS\netb

t.sys 204800

bytes

(Microsoft

Corporation,

MBT Transport

driver)
0x8C199000

C:\Windows\sy

stem32

\DRIVERS\msis

csi.sys

192512 bytes

(Microsoft

Corporation,

Microsoft

iSCSI

Initiator

Driver)
0x8D0DB000

C:\Windows\sy

stem32

\drivers\port

cls.sys

184320 bytes

(Microsoft

Corporation,

Port Class

(Class Driver

for

Port/Miniport

Devices))
0x83380000

C:\Windows\sy

stem32

\drivers\msrp

c.sys 176128

bytes

(Microsoft

Corporation,

Kernel Remote

Procedure

Call

Provider)
0x805BE000

C:\Windows\sy

stem32

\DRIVERS\ks.s

ys 172032

bytes

(Microsoft

Corporation,

Kernel CSA

Library)
0x81202000

C:\Windows\sy

stem32

\DRIVERS\nwif

i.sys 172032

bytes

(Microsoft

Corporation,

NativeWiFi

Miniport

Driver)
0xABD56000

C:\Windows\Sy

stem32

\Drivers\fast

fat.SYS

163840 bytes

(Microsoft

Corporation,

Fast FAT File

System

Driver)
0x81392000

C:\Windows\Sy

stem32

\DRIVERS\srv2

.sys 163840

bytes

(Microsoft

Corporation,

Smb 2.0

Server

driver)
0x88163000

C:\Windows\Sy

stem32

\drivers\ecac

he.sys 159744

bytes

(Microsoft

Corporation,

Special

Memory Device

Cache)
0x8E112000

C:\Windows\sy

stem32

\drivers\mfew

fpk.sys

159744 bytes

(McAfee,

Inc., Anti-

Virus Mini-

Firewall

Driver)
0x806E3000

C:\Windows\sy

stem32

\drivers\pci.

sys 159744

bytes

(Microsoft

Corporation,

NT Plug and

Play PCI

Enumerator)
0x8D108000

C:\Windows\sy

stem32

\drivers\drmk

.sys 151552

bytes

(Microsoft

Corporation,

Microsoft

Kernel DRM

Descrambler

Filter)
0x8E463000

C:\Windows\sy

stem32

\drivers\mfea

vfk.sys

147456 bytes

(McAfee,

Inc., Anti-

Virus File

System Filter

Driver)
0x881D2000

C:\Windows\sy

stem32

\DRIVERS\ndis

wan.sys

143360 bytes

(Microsoft

Corporation,

MS PPP

Framing

Driver

(Strong

Encryption))
0x8819B000

C:\Windows\sy

stem32

\drivers\CLAS

SPNP.SYS

135168 bytes

(Microsoft

Corporation,

SCSI Class

System Dll)
0x8D0BA000

C:\Windows\sy

stem32

\drivers\Intc

Hdmi.sys

135168 bytes

(Intel®

Corporation,

Intel® High

Definition

Audio HDMI)
0x81301000

C:\Windows\sy

stem32

\drivers\mrxd

av.sys 135168

bytes

(Microsoft

Corporation,

Windows NT

WebDav

Minirdr)
0x8CF98000

C:\Windows\Sy

stem32

\drivers\VIDE

OPRT.SYS

135168 bytes

(Microsoft

Corporation,

Video Port

Driver)
0x81322000

C:\Windows\sy

stem32

\DRIVERS\mrxs

mb.sys 126976

bytes

(Microsoft

Corporation,

Windows NT

SMB Minirdr)
0x830DC000

C:\Windows\sy

stem32

\drivers\atap

ort.SYS

122880 bytes

(Microsoft

Corporation,

ATAPI Driver

Extension)
0x812B6000

C:\Windows\Sy

stem32

\DRIVERS\srvn

et.sys 118784

bytes

(Microsoft

Corporation,

Server

Network

driver)
0xABD9C000

C:\Windows\sy

stem32

\drivers\mfea

pfk.sys

114688 bytes

(McAfee,

Inc., Access

Protection

Filter

Driver)
0x8E0F7000

C:\Windows\Sy

stem32

\drivers\fwpk

clnt.sys

110592 bytes

(Microsoft

Corporation,

FWP/IPsec

Kernel-Mode

API)
0x8E5D5000

C:\Windows\sy

stem32

\drivers\luaf

v.sys 110592

bytes

(Microsoft

Corporation,

LUA File

Virtualizatio

n Filter

Driver)
0x8CB52000

C:\Windows\sy

stem32

\DRIVERS\sdbu

s.sys 106496

bytes

(Microsoft

Corporation,

SecureDigital

Bus Driver)
0x812D3000

C:\Windows\sy

stem32

\DRIVERS\bows

er.sys 102400

bytes

(Microsoft

Corporation,

NT Lan

Manager

Datagram

Receiver

Driver)
0x8C181000

C:\Windows\sy

stem32

\DRIVERS\cdro

m.sys 98304

bytes

(Microsoft

Corporation,

SCSI CD-ROM

Driver)
0x8137A000

C:\Windows\sy

stem32

\DRIVERS\mrxs

mb20.sys

98304 bytes

(Microsoft

Corporation,

Longhorn SMB

2.0

Redirector)
0x8E44C000

C:\Windows\Sy

stem32

\Drivers\dfsc

.sys 94208

bytes

(Microsoft

Corporation,

DFS Namespace

Client

Driver)
0x8C1E0000

C:\Windows\sy

stem32

\DRIVERS\rasl

2tp.sys 94208

bytes

(Microsoft

Corporation,

RAS L2TP

mini-

port/call-

manager

driver)
0x8D182000

C:\Windows\sy

stem32

\DRIVERS\usbc

cgp.sys 94208

bytes

(Microsoft

Corporation,

USB Common

Class Generic

Parent

Driver)
0x8E4D2000

C:\Windows\sy

stem32

\DRIVERS\cdfs

.sys 90112

bytes

(Microsoft

Corporation,

CD-ROM File

System

Driver)
0x8E1DD000

C:\Windows\sy

stem32

\DRIVERS\pace

r.sys 90112

bytes

(Microsoft

Corporation,

QoS Packet

Scheduler)
0x8E139000

C:\Windows\sy

stem32

\DRIVERS\tdx.

sys 90112

bytes

(Microsoft

Corporation,

TDI

Translation

Driver)
0x812EC000

C:\Windows\Sy

stem32

\drivers\mpsd

rv.sys 86016

bytes

(Microsoft

Corporation,

Microsoft

Protection

Service

Driver)
0x807BF000

C:\Windows\sy

stem32

\DRIVERS\rass

stp.sys 86016

bytes

(Microsoft

Corporation,

RAS SSTP

Miniport Call

Manager)
0x807AB000

C:\Windows\sy

stem32

\DRIVERS\rasp

ptp.sys 81920

bytes

(Microsoft

Corporation,

Peer-to-Peer

Tunneling

Protocol)
0x8CB7B000

C:\Windows\sy

stem32

\DRIVERS\rims

ptsk.sys

81920 bytes

(REDC, RICOH

MS Driver)
0x8E14F000

C:\Windows\sy

stem32

\DRIVERS\smb.

sys 81920

bytes

(Microsoft

Corporation,

SMB Transport

driver)
0x8CBE0000

C:\Windows\sy

stem32

\DRIVERS\i804

2prt.sys

77824 bytes

(Microsoft

Corporation,

i8042 Port

Driver)
0x8D1D7000

C:\Windows\sy

stem32

\DRIVERS\MOBK

.sys 77824

bytes (Mozy,

Inc., Mozy

Change

Monitor

Filter

Driver)
0x81236000

C:\Windows\sy

stem32

\DRIVERS\rspn

dr.sys 77824

bytes

(Microsoft

Corporation,

Link-Layer

Topology

Responder

Driver for

NDIS 6)
0x805E8000

C:\Windows\sy

stem32

\DRIVERS\wana

rp.sys 77824

bytes

(Microsoft

Corporation,

MS Remote

Access and

Routing ARP

Driver)
0x8818A000

C:\Windows\sy

stem32

\drivers\disk

.sys 69632

bytes

(Microsoft

Corporation,

PnP Disk

Driver)
0x8CE35000

C:\Windows\Sy

stem32

\Drivers\NDPr

oxy.SYS 69632

bytes

(Microsoft

Corporation,

NDIS Proxy)
0x80484000

C:\Windows\sy

stem32

\PSHED.dll

69632 bytes

(Microsoft

Corporation,

Platform

Specific

Hardware

Error Driver)
0x8312C000

C:\Windows\sy

stem32

\drivers\file

info.sys

65536 bytes

(Microsoft

Corporation,

FileInfo

Filter

Driver)
0x8E5F0000

C:\Windows\sy

stem32

\DRIVERS\lltd

io.sys 65536

bytes

(Microsoft

Corporation,

Link-Layer

Topology

Mapper I/O

Driver)
0x8079B000

C:\Windows\Sy

stem32

\drivers\moun

tmgr.sys

65536 bytes

(Microsoft

Corporation,

Mount Point

Manager)
0x8CB34000

C:\Windows\sy

stem32

\DRIVERS\ohci

1394.sys

65536 bytes

(Microsoft

Corporation,

1394 OpenHCI

Port Driver)
0x807D4000

C:\Windows\sy

stem32

\DRIVERS\term

dd.sys 65536

bytes

(Microsoft

Corporation,

Terminal

Server

Driver)
0x8C0EA000

C:\Windows\sy

stem32

\DRIVERS\inte

lppm.sys

61440 bytes

(Microsoft

Corporation,

Processor

Device

Driver)
0x8CFEB000

C:\Windows\sy

stem32

\DRIVERS\mfen

lfk.sys 61440

bytes

(McAfee,

Inc., McAfee

NDIS Light

Filter

Driver)
0x8E5C6000

C:\Windows\sy

stem32

\DRIVERS\moni

tor.sys 61440

bytes

(Microsoft

Corporation,

Monitor

Driver)
0x88154000

C:\Windows\Sy

stem32

\Drivers\mup.

sys 61440

bytes

(Microsoft

Corporation,

Multiple UNC

Provider

driver)
0x8070A000

C:\Windows\Sy

stem32

\drivers\part

mgr.sys 61440

bytes

(Microsoft

Corporation,

Partition

Management

Driver)
0x833E6000

C:\Windows\sy

stem32

\DRIVERS\rasp

ppoe.sys

61440 bytes

(Microsoft

Corporation,

RAS PPPoE

mini-

port/call-

manager

driver)
0x8CB6C000

C:\Windows\sy

stem32

\DRIVERS\rimm

ptsk.sys

61440 bytes

(REDC, RICOH

SD Driver)
0x8C948000

C:\Windows\sy

stem32

\DRIVERS\usbe

hci.sys 61440

bytes

(Microsoft

Corporation,

EHCI eUSB

Miniport

Driver)
0x80726000

C:\Windows\sy

stem32

\drivers\volm

gr.sys 61440

bytes

(Microsoft

Corporation,

Volume

Manager

Driver)
0x8CB44000

C:\Windows\sy

stem32

\DRIVERS\1394

BUS.SYS 57344

bytes

(Microsoft

Corporation,

1394 Bus

Device

Driver)
0x98050000

C:\Windows\Sy

stem32

\cdd.dll

57344 bytes

(Microsoft

Corporation,

Canonical

Display

Driver)
0x807E4000

C:\Windows\sy

stem32

\DRIVERS\netb

ios.sys 57344

bytes

(Microsoft

Corporation,

NetBIOS

interface

driver)
0x8CFD4000

C:\Windows\Sy

stem32

\Drivers\Npfs

.SYS 57344

bytes

(Microsoft

Corporation,

NPFS Driver)
0x80786000

C:\Windows\sy

stem32

\DRIVERS\PCII

DEX.SYS 57344

bytes

(Microsoft

Corporation,

PCI IDE Bus

Driver

Extension)
0x8067E000

C:\Windows\sy

stem32

\drivers\WDFL

DR.SYS 57344

bytes

(Microsoft

Corporation,

Kernel Mode

Driver

Framework

Loader)
0x8E4E8000

C:\Windows\Sy

stem32

\Drivers\cras

hdmp.sys

53248 bytes

(Microsoft

Corporation,

Crash Dump

Driver)
0x8C1D3000

C:\Windows\sy

stem32

\drivers\mode

m.sys 53248

bytes

(Microsoft

Corporation,

Modem Device

Driver)
0x83000000

C:\Windows\sy

stem32

\DRIVERS\umbu

s.sys 53248

bytes

(Microsoft

Corporation,

User-Mode Bus

Enumerator)
0xABC00000

C:\Windows\sy

stem32

\drivers\cfwi

ds.sys 49152

bytes

(McAfee,

Inc., McAfee

Personal

Firewall IDS

Plugin)
0xABDB8000

C:\Windows\sy

stem32

\drivers\mfeb

opk.sys 49152

bytes

(McAfee,

Inc., Buffer

Overflow

Protection

Driver)
0xABD88000

C:\Windows\Sy

stem32

\drivers\tcpi

preg.sys

49152 bytes

(Microsoft

Corporation,

TCP/IP

Registry

Compatibility

Driver)
0x8CF8C000

C:\Windows\Sy

stem32

\drivers\vga.

sys 49152

bytes

(Microsoft

Corporation,

VGA/Super VGA

Video Driver)
0x8C8F3000

C:\Windows\Sy

stem32

\drivers\watc

hdog.sys

49152 bytes

(Microsoft

Corporation,

Watchdog

Driver)
0x8C9E4000

C:\Windows\sy

stem32

\DRIVERS\kbdc

lass.sys

45056 bytes

(Microsoft

Corporation,

Keyboard

Class Driver)
0x8CBF3000

C:\Windows\sy

stem32

\DRIVERS\mouc

lass.sys

45056 bytes

(Microsoft

Corporation,

Mouse Class

Driver)
0x8CFC9000

C:\Windows\Sy

stem32

\Drivers\Msfs

.SYS 45056

bytes

(Microsoft

Corporation,

Mailslot

driver)
0x8C000000

C:\Windows\sy

stem32

\DRIVERS\ndis

tapi.sys

45056 bytes

(Microsoft

Corporation,

NDIS 3.0

connection

wrapper

driver)
0x8C1C8000

C:\Windows\sy

stem32

\DRIVERS\TDI.

SYS 45056

bytes

(Microsoft

Corporation,

TDI Wrapper)
0x8C0D6000

C:\Windows\sy

stem32

\DRIVERS\tunn

el.sys 45056

bytes

(Microsoft

Corporation,

Microsoft

Tunnel

Interface

Driver)
0x8C8FF000

C:\Windows\sy

stem32

\DRIVERS\usbu

hci.sys 45056

bytes

(Microsoft

Corporation,

UHCI USB

Miniport

Driver)
0x8071C000

C:\Windows\sy

stem32

\DRIVERS\BATT

C.SYS 40960

bytes
0x8E5BC000

C:\Windows\Sy

stem32

\drivers\Dxap

i.sys 40960

bytes

(Microsoft

Corporation,

DirectX API

Driver)
0x881F5000

C:\Windows\sy

stem32

\DRIVERS\mssm

bios.sys

40960 bytes

(Microsoft

Corporation,

System

Management

BIOS Driver)
0x8122C000

C:\Windows\sy

stem32

\DRIVERS\ndis

uio.sys 40960

bytes

(Microsoft

Corporation,

NDIS User

mode I/O

driver)
0x8E442000

C:\Windows\sy

stem32

\drivers\nsip

roxy.sys

40960 bytes

(Microsoft

Corporation,

NSI Proxy)
0xABD7E000

C:\Windows\Sy

stem32

\Drivers\secd

rv.SYS 40960

bytes

(Macrovision

Corporation,

Macrovision

Europe

Limited, and

Macrovision

Japan and

Asia K.K.,

Macrovision

SECURITY

Driver)
0xABDCB000

C:\Windows\Sy

stem32

\Drivers\Blac

kBox.SYS

36864 bytes

(RKU Driver)
0x881BC000

C:\Windows\sy

stem32

\drivers\crcd

isk.sys 36864

bytes

(Microsoft

Corporation,

Disk Block

Verification

Filter

Driver)
0x8D1EA000

C:\Windows\Sy

stem32

\Drivers\Fs_R

ec.SYS 36864

bytes

(Microsoft

Corporation,

File System

Recognizer

Driver)
0x831AA000

C:\Windows\Sy

stem32

\Drivers\PxHe

lp20.sys

36864 bytes

(Sonic

Solutions, Px

Engine Device

Driver for

Windows

2000/XP)
0x8CFE2000

C:\Windows\Sy

stem32

\DRIVERS\rasa

cd.sys 36864

bytes

(Microsoft

Corporation,

RAS Automatic

Connection

Driver)
0x98030000

C:\Windows\Sy

stem32

\TSDDD.dll

36864 bytes

(Microsoft

Corporation,

Framebuffer

Display

Driver)
0x8C0E1000

C:\Windows\sy

stem32

\DRIVERS\tunm

p.sys 36864

bytes

(Microsoft

Corporation,

Microsoft

Tunnel

Interface

Driver)
0x8C9EF000

C:\Windows\sy

stem32

\DRIVERS\wmia

cpi.sys 36864

bytes

(Microsoft

Corporation,

Windows

Management

Interface for

ACPI)
0x806D2000

C:\Windows\sy

stem32

\drivers\WMIL

IB.SYS 36864

bytes

(Microsoft

Corporation,

WMILIB WMI

support

library Dll)
0x830D4000

C:\Windows\sy

stem32

\drivers\atap

i.sys 32768

bytes

(Microsoft

Corporation,

ATAPI IDE

Miniport

Driver)
0xABDF4000

C:\Windows\sy

stem32

\drivers\BCM4

2RLY.sys

32768 bytes

(Broadcom

Corporation,

Broadcom

iLine10™

PCI Network

Adapter Proxy

Protocol

Driver)
0x80495000

C:\Windows\sy

stem32

\BOOTVID.dll

32768 bytes

(Microsoft

Corporation,

VGA Boot

Driver)
0x806DB000

C:\Windows\sy

stem32

\drivers\msis

adrv.sys

32768 bytes

(Microsoft

Corporation,

ISA Driver)
0x8CFB9000

C:\Windows\Sy

stem32

\DRIVERS\RDPC

DD.sys 32768

bytes

(Microsoft

Corporation,

RDP Miniport)
0x8CFC1000

C:\Windows\sy

stem32

\drivers\rdpe

ncdd.sys

32768 bytes

(Microsoft

Corporation,

RDP Miniport)
0x8C9F8000

C:\Windows\Sy

stem32

\Drivers\Root

Mdm.sys 32768

bytes

(Microsoft

Corporation,

Legacy Non-

Pnp Modem

Device

Driver)
0x8814C000

C:\Windows\Sy

stem32

\Drivers\spld

r.sys 32768

bytes

(Microsoft

Corporation,

loader for

security

processor)
0xABD94000

C:\Windows\sy

stem32

\DRIVERS\xaud

io.sys 32768

bytes

(Conexant

Systems,

Inc., Modem

Audio Device

Driver)
0x8CF85000

C:\Windows\Sy

stem32

\Drivers\Beep

.SYS 28672

bytes

(Microsoft

Corporation,

BEEP Driver)
0x8077F000

C:\Windows\sy

stem32

\DRIVERS\inte

lide.sys

28672 bytes

(Microsoft

Corporation,

Intel PCI IDE

Driver)
0x8040D000

C:\Windows\sy

stem32

\kdcom.dll

28672 bytes

(Microsoft

Corporation,

Kernel

Debugger HW

Extension

DLL)
0xABDC4000

C:\Users\Fran

k\AppData\Loc

al\Temp\mbr.s

ys 28672

bytes
0x8D1F3000

C:\Windows\Sy

stem32

\Drivers\Null

.SYS 28672

bytes

(Microsoft

Corporation,

NULL Driver)
0x80794000

C:\Windows\sy

stem32

\drivers\pcii

de.sys 28672

bytes

(Microsoft

Corporation,

Generic PCI

IDE Bus

Driver)
0x8C1F7000

C:\Windows\sy

stem32

\DRIVERS\RimS

erial.sys

28672 bytes

(Research in

Motion Ltd,

RIM Virtual

Serial

Driver)
0x8CA00000

C:\Windows\sy

stem32

\DRIVERS\GEAR

AspiWDM.sys

24576 bytes

(GEAR

Software

Inc., CD DVD

Filter)
0x8CA06000

C:\Windows\sy

stem32

\DRIVERS\CmBa

tt.sys 16384

bytes

(Microsoft

Corporation,

Control

Method

Battery

Driver)
0xABC74000

C:\Windows\sy

stem32

\DRIVERS\mdmx

sdk.sys 16384

bytes

(Conexant,

Diagnostic

Interface x86

Driver)
0x80719000

C:\Windows\sy

stem32

\DRIVERS\comp

batt.sys

12288 bytes

(Microsoft

Corporation,

Composite

Battery

Driver)
0x8D1D5000

C:\Windows\sy

stem32

\DRIVERS\OEM0

2Vfx.sys 8192

bytes

(EyePower

Games Pte.

Ltd.,

Advanced

Video FX

Filter
Driver

(Win2K

based))
0x8CBFE000

C:\Windows\sy

stem32

\DRIVERS\swen

um.sys 8192

bytes

(Microsoft

Corporation,

Plug and Play

Software

Device

Enumerator)
0x8D199000

C:\Windows\sy

stem32

\DRIVERS\USBD

.SYS 8192

bytes

(Microsoft

Corporation,

Universal

Serial Bus

Driver)
=============

=============

=============

=======
>Stealth
=============

=============

=============

=======

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 09 July 2011 - 10:33 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 brett hull

brett hull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 10 July 2011 - 10:35 PM

Here's the combofix log. No problems running it. Seems to have solved the problem. No redirects. Thanks!

ComboFix 11-07-10.05 - Frank 07/10/2011 23:14:07.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.809 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}\chrome.manifest
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}\chrome\xulcache.jar
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}\defaults\preferences\xulcache.js
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}\install.rdf
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}\chrome.manifest
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}\chrome\xulcache.jar
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}\defaults\preferences\xulcache.js
c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}\install.rdf
c:\users\Frank\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 03:26 . 2011-07-11 03:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 19:41 . 2011-07-05 19:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 19:41 . 2011-07-05 19:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 13:43 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 00:14 . 2010-04-14 00:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2011-06-28 00:14 . 2011-06-28 00:14 -------- d-----w- c:\program files\McAfee Online Backup
2011-06-28 00:11 . 2011-04-14 18:01 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-06-28 00:11 . 2011-04-14 18:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-28 00:11 . 2011-04-14 18:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-28 00:11 . 2011-04-14 18:01 64584 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-06-28 00:11 . 2011-04-14 18:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-28 00:11 . 2011-04-14 18:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-28 00:11 . 2011-04-14 18:01 165032 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-06-28 00:11 . 2011-04-14 18:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-28 00:11 . 2011-04-14 18:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-28 00:11 . 2011-06-28 00:13 -------- d-----w- c:\program files\Common Files\Mcafee
2011-06-28 00:11 . 2011-06-28 00:24 -------- d-----w- c:\program files\McAfee
2011-06-27 23:39 . 2011-03-13 15:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-24 13:05 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B1870F7-259C-48EB-B527-8080AF316D9C}\mpengine.dll
2011-06-20 23:33 . 2011-06-20 23:33 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes
2011-06-20 23:32 . 2011-06-20 23:32 -------- d-----w- c:\programdata\Malwarebytes
2011-06-16 21:36 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-12 14:04 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-12 14:04 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-12 14:02 . 2009-07-14 16:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-12 14:02 . 2010-04-15 17:36 252536 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-06-12 14:00 . 2011-06-12 14:00 -------- d-----w- C:\Intel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 23:14 . 2009-10-24 21:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52 . 2011-02-27 02:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-05 19:41 . 2011-05-07 15:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-11 23:52 . 2009-01-23 13:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 18:01 . 2011-06-28 00:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"googletalk"="c:\users\Frank\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
.
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-10 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-10 08:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2011-01-10 689464]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956229351-2422634184-3841368305-1000Core.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 00:19]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956229351-2422634184-3841368305-1000UA.job
- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-25 00:19]
.
2010-12-22 c:\windows\Tasks\Norton Security Scan for Frank.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 23:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.yahoo.com
mStart Page = hxxp://verizon.my.yahoo.com/?fr=fp-ver
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-10 23:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-05-09-102419_iPhone.crash 13950 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-05-17-155754_iPhone.crash 22757 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-05-20-155520_iPhone.crash 16251 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-05-27-115049_iPhone.crash 17512 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-06-13-090047_iPhone.crash 16458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-06-30-181016_iPhone.crash 17833 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-07-19-174800_iPhone.crash 12218 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-09-25-085513_iPhone.crash 15511 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-11-24-181250_iPhone.crash 13456 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2010-03-01-162848_iPhone.crash 17349 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2010-03-22-153158_iPhone.crash 16516 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2010-08-12-161117_iPhone.crash 17289 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2011-01-03-084725_iPhone.crash 14776 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2011-02-16-203558_iPhone.crash 14807 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2011-02-21-131307_iPhone.crash 19913 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2011-02-22-132825_iPhone.crash 21061 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2009-12-09-092538.crash 1565 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2009-12-09-174705.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2009-12-10-102711.crash 1818 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2009-12-17-083324.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-07-095032.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-07-163856.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-09-190642.crash 1637 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-10-162935.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-11-182710.crash 1604 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-12-101624.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-13-194602.crash 1635 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-15-154643.crash 1566 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-15-155335.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-15-155349.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-16-170444.crash 1577 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-16-183537.crash 1577 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-18-204605.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-18-204721.crash 1515 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-18-204804.crash 1446 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-18-205102.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-18-205110.crash 1588 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-21-001136.crash 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2009-12-15-084250_iPhone.crash 12797 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2009-12-28-112344_iPhone.crash 12482 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-01-06-113741_iPhone.crash 12798 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-01-29-123509_iPhone.crash 12797 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-02-10-081316_iPhone.crash 12036 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-04-24-085821.crash 418 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-03-152356.crash 585 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-06-085241.crash 1647 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-07-093655.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-07-093706.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-07-093728.crash 1515 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-07-201810.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-08-132534.crash 1647 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-11-085922.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-13-103025.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-23-160835.crash 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-27-142650.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-27-142710.crash 1588 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-27-142810.crash 1708 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-03-17-190214.crash 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-03-22-154215.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-03-27-205446.crash 1515 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-03-27-205457.crash 1528 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-05-130544.crash 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-10-165050.crash 1711 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-15-164554.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-21-130351.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-26-112048.crash 1635 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-03-11-133015_iPhone.crash 11725 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-03-15-094645_iPhone.crash 12483 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-03-20-112848_iPhone.crash 11549 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-03-20-112956_iPhone.crash 13060 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-03-23-150642_iPhone.crash 12483 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-05-02-121219_iPhone.crash 14697 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-05-14-223626_iPhone.crash 11194 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-09-092033.crash 633 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-23-090850.crash 629 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-07-202110.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-26-171439.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-17-095937.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-27-171610.crash 509 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-13-181103.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-10-25-205310.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-15-094157.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-12-03-224031.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2009-12-19-091807.crash 1458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-12-142805.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-17-120852.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-01-21-133552.crash 1577 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-08-202250.crash 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-02-27-164641.crash 1541 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-26-112354.crash 1575 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-14-125535.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-31-105012.crash 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-10-205931_iPhone.crash 13938 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-13-103554_iPhone.crash 11700 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-15-094433_iPhone.crash 14274 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-12-09-174932_iPhone.crash 17584 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-12-12-110341_iPhone.crash 18839 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-02-02-174901_iPhone.crash 19035 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-02-10-221143_iPhone.crash 17135 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-02-21-195006_iPhone.crash 17325 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-03-15-170116_iPhone.crash 15617 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-03-20-180854_iPhone.crash 15884 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-04-12-221618_iPhone.crash 15777 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-04-16-145408_iPhone.crash 18404 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Panics
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Panics\2009-03-11-115135.panic.crash 2305 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Panics\2009-06-06-073733.panic.crash 2010 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Panics\2010-02-19-085359.panic.crash 3152 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\PottyTime_2010-03-22-153050_iPhone.crash 9619 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\RealEstate_2010-04-11-154820_iPhone.crash 16591 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\ResetCounter.crash 167 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\ResetCounter.log 167 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\SpringBoard_2010-01-04-095858_iPhone.crash 43220 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\SpringBoard_2011-02-13-224141_iPhone.crash 22888 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2009-11-28-161734_iPhone.log 43112 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2010-04-24-124308_iPhone.log 48798 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2010-08-01-121049_iPhone.log 50245 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2010-08-21-164538_iPhone.log 47751 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2010-11-06-212309_iPhone.log 49943 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2011-01-11-125008_iPhone.log 48095 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Stackshot_2011-02-03-130530_iPhone.log 48063 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Starbucks_2010-02-27-193649_iPhone.crash 16235 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Starbucks_2010-05-14-203356_iPhone.crash 20528 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Starbucks_2010-05-15-125038_iPhone.crash 17307 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-10-060322.crash 427 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-13-223813.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-16-101640.crash 424 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-19-032404.crash 415 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-20-094935.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-20-134233.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-24-171208.crash 585 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-25-161514.crash 632 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-29-204750.crash 526 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-05-31-181449.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-03-190845.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-26-112409.crash 1468 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-04-30-181421.crash 1591 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-02-224204.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-03-132834.crash 1531 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-11-171234.crash 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-13-115252.crash 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-14-164933.crash 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-14-231617.crash 1591 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-15-201951.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-22-210046.crash 1647 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-27-161535.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-05-29-182624.crash 1574 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-01-152236.crash 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-01-223731.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-02-221942.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-08-174137.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-10-082903.crash 1528 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-12-232855.crash 1454 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-18-151815.crash 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-18-152053.crash 1505 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-18-153444.crash 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-18-153833.crash 1574 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-22-113947.crash 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-24-100847.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-09-093529.crash 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-10-230432.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-14-173413.crash 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-16-084946.crash 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-24-150853.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-28-202224.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-05-25-134604_iPhone.crash 11841 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-06-01-153846_iPhone.crash 12475 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-07-29-163802_iPhone.crash 10631 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-08-05-122348_iPhone.crash 15410 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-03-084907_iPhone.crash 11023 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2009-04-01-192447_iPhone.crash 16156 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2010-02-14-200810_iPhone.crash 19763 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-04-140807.crash 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-07-29-230416.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-20-152233.log 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-26-080418.log 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-10-14-222401.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-12-085033.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-02-204839.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-04-212228.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-10-194237.log 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-23-180434.log 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mediaserverd_2009-08-15-112723_iPhone.crash 16442 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2010-03-02-194717_iPhone.crash 21901 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2009-09-29-193926_iPhone.crash 12094 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-05-17-165104_iPhone.crash 16555 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-05-23-192015_iPhone.crash 17614 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-05-29-141636_iPhone.crash 17358 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-05-31-130534_iPhone.crash 14559 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-07-25-000223_iPhone.crash 16745 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-06-18-132005.crash 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-03-10-114041_iPhone.crash 11021 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-10-224330.log 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-10-224950.log 1458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-16-145334.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-16-204450.log 1602 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-17-220839.log 1411 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-22-232231.log 1471 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-23-212403.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-25-143254.log 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-26-232022.log 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-03-02-221717.log 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-03-04-220205.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-03-08-085003.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-03-11-164010.log 1458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-03-11-164036.log 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-11-121308.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-11-140950.crash 645 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-11-144033.crash 626 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-23-141832.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-23-141842.crash 393 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-26-023338.crash 422 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-26-182518.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-26-191607.crash 631 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-07-27-190342.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-08-212411.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-08-223919.crash 526 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-17-104600.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-17-104608.crash 393 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-19-084415.crash 413 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-21-203443.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-22-143219.crash 632 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-08-25-212004.crash 514 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-01-191911.crash 526 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-02-174529.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-03-183044.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-10-190110.crash 518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-13-170856.crash 411 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-17-185518.crash 626 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-09-20-104727.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-10-03-202325.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-10-11-101426.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-10-11-104006.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-10-22-000533.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-10-29-223613.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-05-122135.crash 514 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-05-122143.crash 485 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-10-223232.crash 598 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-13-151640.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-18-164017.crash 525 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-18-164030.crash 519 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-21-184201.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-21-185107.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-21-190303.crash 511 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-11-22-223758.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-12-14-213011.crash 526 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-12-15-193452.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-12-15-193500.crash 500 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-12-19-201410.crash 729 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2010-12-21-131107.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-01-08-170017.crash 413 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-01-11-204721.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-01-22-114315.crash 630 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-01-22-234518.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-01-31-075854.crash 413 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-02-10-225947.crash 412 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-02-11-170022.crash 544 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-02-12-162510.crash 625 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-02-21-180256.crash 413 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-03-03-104449.crash 411 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowBatteryLog-2011-03-07-104953.crash 629 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-08-02-123304_iPhone.crash 18527 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-08-02-170858_iPhone.crash 16797 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-08-07-111650_iPhone.crash 16556 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-08-14-204654_iPhone.crash 19105 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-08-17-084105_iPhone.crash 15777 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-05-30-144954_iPhone.crash 11992 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-05-30-145020_iPhone.crash 11992 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-29-193527_iPhone.crash 13540 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-29-193617_iPhone.crash 13340 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-31-093623_iPhone.crash 13340 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-31-093923_iPhone.crash 12569 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-31-094049_iPhone.crash 12829 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-31-094127_iPhone.crash 12567 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-31-094203_iPhone.crash 12569 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-08-03-083449_iPhone.crash 14071 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-08-03-083532_iPhone.crash 12567 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-02-03-224222_iPhone.crash 15465 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-02-03-224256_iPhone.crash 12632 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-02-15-093721_iPhone.crash 13255 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-02-17-094256_iPhone.crash 11991 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-03-16-102356_iPhone.crash 12763 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-05-12-225011_iPhone.crash 12763 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-02-18-212026_iPhone.crash 17307 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-02-25-080740_iPhone.crash 19072 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-03-02-192731_iPhone.crash 16184 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-03-04-122540_iPhone.crash 17199 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-03-04-220205_iPhone.crash 17134 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-03-05-000127_iPhone.crash 17190 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-03-11-164053_iPhone.crash 15400 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSMS_2010-03-04-083506_iPhone.crash 12828 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileStore_2009-04-28-100054_iPhone.crash 12445 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-17-131859_iPhone.crash 1235 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-25-135642_iPhone.crash 11570 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-25-140025_iPhone.crash 11570 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-03-03-134042_iPhone.crash 11075 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-03-08-083654_iPhone.crash 11546 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Maps_2009-05-01-141134_iPhone.crash 1011 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mDNSResponder_2010-06-28-131808_iPhone.crash 3715 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\mDNSResponder_2010-08-14-113941_iPhone.crash 3715 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-01-205439.log 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-05-203211.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-08-132752.log 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-11-173508.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-12-220159.log 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-16-113239.log 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-21-154855.log 1697 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-21-191406.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-22-173553.log 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-24-142400.log 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-24-173923.log 1514 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-24-173932.log 1574 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-08-26-151313.log 1467 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-09-01-115001.log 1651 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-09-04-142941.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-09-23-210115.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-09-26-125212.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-10-12-141032.log 1641 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-10-28-184226.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-04-103836.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-04-221717.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-10-194120.log 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-10-194308.log 1471 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-11-191130.log 1634 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-13-105415.log 1458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-16-085245.log 1458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-17-202926.log 1698 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-17-220303.log 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-11-24-183907.log 1509 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-01-222014.log 1471 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-06-222454.log 1471 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-11-153554.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-17-164605.log 1697 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-19-153131.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2010-12-28-135826.log 1758 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-02-114244.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-05-122310.log 1641 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-05-185926.log 1641 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-08-131546.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-08-155210.log 1591 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-15-145316.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-16-192036.log 1641 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-22-111109.log 1518 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-26-181723.log 1638 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-28-212722.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-29-155444.log 1758 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-01-31-193723.log 1758 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-01-204020.log 1578 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\LowMemory-2011-02-05-150225.log 1641 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2010-05-20-211655_iPhone.crash 15755 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-06-125319_iPhone.crash 9729 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-18-163047_iPhone.crash 11725 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-04-27-201739_iPhone.crash 13738 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-12-09-174748_iPhone.crash 18114 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-04-30-181424_iPhone.crash 16031 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-07-26-094132_iPhone.crash 15668 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2010-08-18-234710_iPhone.crash 18577 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-02-12-184918_iPhone.crash 16334 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MyFitnessPal_2011-02-17-131855_iPhone.crash 11568 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-05-30-144933_iPhone.crash 11990 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-07-31-093757_iPhone.crash 12567 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-08-03-083608_iPhone.crash 12567 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\TicTacFree_2009-11-29-190006_iPhone.crash 11155 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-06-125415_iPhone.crash 11614 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-09-172121_iPhone.crash 13781 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-14-142516_iPhone.crash 15411 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-16-131449_iPhone.crash 11023 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-01-20-125710_iPhone.crash 15410 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-02-27-172309_iPhone.crash 14723 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-02-27-191240_iPhone.crash 11687 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2011-03-01-131517_iPhone.crash 15411 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobilePhone_2010-01-18-204804_iPhone.crash 9743 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobilePhone_2010-08-21-154855_iPhone.crash 13184 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobilePhone_2011-03-11-164036_iPhone.crash 12631 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari-2009-06-26-140702.crash 952 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari-2009-11-30-125319.crash 951 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari-2009-11-30-125342.crash 952 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-03-11-144719_iPhone.crash 17139 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-04-20-103653_iPhone.crash 15928 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-04-20-103742_iPhone.crash 14808 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2009-04-23-154113_iPhone.crash 14215 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2010-04-11-163201_iPhone.crash 16288 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2010-08-15-093413_iPhone.crash 19043 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2010-08-26-174147_iPhone.crash 21458 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2011-01-06-132453_iPhone.crash 19374 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2011-01-06-132555_iPhone.crash 14277 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2011-03-03-075306_iPhone.crash 16784 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMail_2011-03-06-123956_iPhone.crash 20271 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileMusicPlayer_2009-06-30-195624_iPhone.crash 12251 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-01-03-214620_iPhone.crash 16869 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-01-09-161719_iPhone.crash 18581 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-01-16-191123_iPhone.crash 18619 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-01-17-114427_iPhone.crash 15869 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-02-09-141920_iPhone.crash 15151 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-02-09-162909_iPhone.crash 15230 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\MobileSafari_2011-02-09-185728_iPhone.crash 17270 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-08-07-095454_iPhone.crash 12570 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-08-16-160146_iPhone.crash 13675 bytes
c:\users\Frank\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\iPhone-ffbaf4d3\Online_2010-08-16-160230_iPhone.crash 12827 bytes
c:\users\Frank\AppData
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,43,8c,55,7f,6a,0c,4c,b1,19,0a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,43,8c,55,7f,6a,0c,4c,b1,19,0a,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-10 23:30:43
ComboFix-quarantined-files.txt 2011-07-11 03:30
.
Pre-Run: 164,130,086,912 bytes free
Post-Run: 171,424,018,432 bytes free
.
- - End Of File - - 10F2EAA847C712C00740745E5E6170B6

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 10 July 2011 - 10:48 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.3.1
Java™ 6 Update 7


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
[Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 brett hull

brett hull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 11 July 2011 - 07:38 PM

Gringo, Thanks for the continued help. This time, I'm having a trouble successfully running HijackThis. Here's a couple of messages I get when I run it:

For some reason your system denied write access to the Hosts File. If any hijacked domains are in this file, Hijack This may not be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run, and type notepad C\windows\system32\drivers\etc\hosts and press enter. Find the line(s) Hijack This reports and delete them. Save the file as 'hosts' (with quotes), and reboot.

For vista: simply, exit Hijack This, right click on the Hijack This icon, choose "Run as Administrator".


I don't have the selection "run as administrator" when I right click on it.

Then when it finishes scanning, I get this:

Can not find the c:\Program Files\Trend Micro\HijackThis\hijackthis log file. Do you want to create a new file?

When I select yes, it opens a blank notepad document.

Otherwise, I've had no more redirects.

Here's the mbam log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7082

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/11/2011 7:49:01 PM
mbam-log-2011-07-11 (19-49-01).txt

Scan type: Quick scan
Objects scanned: 178017
Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000004ce1f3251270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000004ce1f3251270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000004ce1f3251270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000004ce1f3251270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000004ce1f3251270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000004ce1f3251270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000004ce1f3251270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000004ce1f3251270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 12 July 2011 - 07:43 AM

Hello

Sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brett hull

brett hull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 July 2011 - 05:08 PM

Hi Gringo.

I found it in Program Files. But when I right click and select "run as administrator", I get a pop-up that says "HijackThis is already running". I also get the pop-up if I click on the program icon on the desktop. I've tried completely uninstalling it and redownloading it 3 times.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 14 July 2011 - 09:26 PM

restart the computer and try again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brett hull

brett hull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 July 2011 - 10:28 PM

That did it.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:48 PM, on 7/14/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Frank\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Windows\System32\wscript.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com/?fr=fp-ver
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110627201138.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [googletalk] C:\Users\Frank\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5781/mcfscan.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13898 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 14 July 2011 - 11:52 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [googletalk] C:\Users\Frank\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
      O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 brett hull

brett hull
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 15 July 2011 - 12:25 PM

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{0e3c3605-2ea2-4d91-af58-f0eb581b17aa}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\mbwdzsih.default\extensions\{97cf51d0-c9a2-4910-9549-b1872394b542}\chrome\xulcache.jar.vir JS/Agent.NDB trojan

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 15 July 2011 - 01:09 PM

Hello

The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,144 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:23 AM

Posted 18 July 2011 - 07:19 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users