Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove Open Cloud Scan Stops


  • This topic is locked This topic is locked
4 replies to this topic

#1 Mike.OB

Mike.OB

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 27 September 2011 - 09:09 AM

When following the instructions for removing the Open Cloud Security, I get to the Malwarebytes Anti-Malware scanner and can see the scanning screen, but after a short period of time, less than 1 minute, I return to my desktop. I do not get the scan finished message box, or the dialog box showing the scan results. What do I need to do? Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:29 AM

Posted 27 September 2011 - 12:39 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Mike.OB

Mike.OB
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 27 September 2011 - 01:18 PM

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Bar at 11:55:02 on 2011-09-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1932 [GMT -6:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\2387295497:4139955313.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080126
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.0.0.125\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.0.0.125\coIEPlg.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [OpenCloud Security] c:\users\bar\appdata\roaming\opencloud security\OpenCloud Security.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\bar\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{11A64041-F938-4B21-8731-AF29F14DF7AE} : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{3598845C-4F50-4082-88EA-1800B2472688} : DhcpNameServer = 172.16.2.5 172.18.82.11 172.18.82.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bar\appdata\roaming\mozilla\firefox\profiles\ww0won89.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bar\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\bar\appdata\roaming\move networks\plugins\npqmp071505000010.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0500000.07d\SymDS.sys [2011-9-26 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0500000.07d\SymEFA.sys [2011-9-26 652336]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20101123.003\BHDrvx86.sys [2011-9-26 691248]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20101201.001\IDSvix86.sys [2011-9-26 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0500000.07d\Ironx86.sys [2011-9-26 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0500000.07d\symtdiv.sys [2011-9-26 330360]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-1-25 73728]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-11-16 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 135664]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.0.0.125\ccSvcHst.exe [2011-9-26 130000]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S2 SessionLauncher;SessionLauncher; [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-26 105592]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-25 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 135664]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-1-26 209408]
.
=============== Created Last 30 ================
.
2011-09-27 15:29:43 -------- d-----w- c:\users\bar\appdata\local\{C994DE08-EB92-46E5-944F-5F9A7A29AC25}
2011-09-27 15:22:12 -------- d-----w- c:\users\bar\appdata\local\{DA8FA116-055A-41F0-BA3E-FB3BA062ECD2}
2011-09-27 15:10:22 -------- d-----w- c:\users\bar\appdata\local\{43857252-70CF-410B-9C0B-3B53B651DE54}
2011-09-27 13:55:06 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-27 13:55:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-27 04:35:03 110080 ----a-r- c:\users\bar\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconF7A21AF7.exe
2011-09-27 04:35:03 110080 ----a-r- c:\users\bar\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconD7F16134.exe
2011-09-27 04:35:03 110080 ----a-r- c:\users\bar\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconCF33A0CE.exe
2011-09-27 04:35:02 -------- d-----w- C:\sh4ldr
2011-09-27 04:35:02 -------- d-----w- c:\program files\Enigma Software Group
2011-09-27 04:34:38 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-09-27 04:14:39 -------- d-----w- c:\program files\STOPzilla!
2011-09-27 04:14:39 -------- d-----w- c:\program files\common files\iS3
2011-09-27 04:14:38 -------- d-----w- c:\programdata\STOPzilla!
2011-09-27 04:06:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-27 04:06:13 -------- d-----w- c:\users\bar\appdata\roaming\Malwarebytes
2011-09-27 04:05:50 -------- d-----w- c:\programdata\Malwarebytes
2011-09-27 03:46:44 -------- d-----w- c:\users\bar\appdata\local\CrashDumps
2011-09-27 03:05:06 -------- d-----w- c:\users\bar\appdata\roaming\Tific
2011-09-27 03:04:47 -------- d-----w- c:\users\bar\appdata\local\Symantec
2011-09-27 02:30:01 -------- d-----w- c:\programdata\Norton
2011-09-27 02:26:48 -------- d-----w- c:\programdata\IsolatedStorage
2011-09-27 02:26:47 -------- d-----w- c:\users\bar\appdata\local\ID Vault
2011-09-27 02:26:25 -------- d-----w- c:\users\bar\appdata\roaming\ID Vault
2011-09-27 02:25:58 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-09-27 02:25:52 -------- d-----w- c:\programdata\White Sky, Inc
2011-09-27 01:56:14 -------- d-----w- c:\users\bar\appdata\local\{60B03890-61E8-4A61-8CFD-2791AA43BB7B}
2011-09-27 01:55:48 -------- d-----w- c:\users\bar\appdata\local\{3055FF3F-0E7D-4B06-9B3A-69BA843EB885}
2011-09-27 01:24:14 -------- d-----w- c:\program files\Adware Professional
2011-09-26 21:00:58 -------- d--h--w- C:\$AVG
2011-09-26 20:42:25 -------- d-----w- c:\users\bar\appdata\roaming\AVG2012
2011-09-26 20:41:22 -------- d--h--w- c:\programdata\Common Files
2011-09-26 20:39:39 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-26 20:39:39 -------- d-----w- c:\programdata\AVG2012
2011-09-26 20:36:36 -------- d-----w- c:\program files\AVG
2011-09-26 20:29:15 -------- d-----w- c:\programdata\MFAData
2011-09-26 16:00:38 -------- d-----w- c:\users\bar\appdata\roaming\OpenCloud Security
2011-09-26 13:21:51 -------- d-----w- c:\users\bar\appdata\local\{3FE1F9A2-92E7-4F04-826A-F9AA3EDAAC4C}
2011-09-26 13:21:35 -------- d-----w- c:\users\bar\appdata\local\{863D4303-2477-4CED-B9F1-49B5BC3D1EAE}
2011-09-24 00:10:48 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-09-24 00:10:46 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-09-24 00:10:46 480720 ----a-r- c:\windows\system32\SZBase5.dll
2011-09-24 00:10:46 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-09-24 00:10:46 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-09-24 00:10:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-09-24 00:10:44 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-09-24 00:10:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-09-24 00:10:44 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-09-24 00:10:42 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-09-24 00:10:42 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-09-24 00:10:42 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-09-23 13:16:49 -------- d-----w- c:\users\bar\appdata\local\{E6E5E6F5-7676-47E4-A454-6CD087A4F872}
2011-09-23 13:16:37 -------- d-----w- c:\users\bar\appdata\local\{781E34B2-5909-4957-885D-A8D913FFFE19}
2011-09-22 13:16:42 -------- d-----w- c:\users\bar\appdata\local\{C7D8EEF7-0FEB-461B-8AB8-E5D2C3FCD36D}
2011-09-22 13:16:30 -------- d-----w- c:\users\bar\appdata\local\{5C96DD79-0967-420D-A66B-9ECF58F5622E}
2011-09-21 13:43:08 -------- d-----w- c:\users\bar\appdata\local\{169787CF-AE0E-4D5C-AD79-2F8AB186D63D}
2011-09-21 13:42:57 -------- d-----w- c:\users\bar\appdata\local\{A055E591-4956-4151-B865-168F65484F58}
2011-09-20 13:28:47 -------- d-----w- c:\users\bar\appdata\local\{84519290-5C06-4C02-B177-1368142004D4}
2011-09-20 13:28:34 -------- d-----w- c:\users\bar\appdata\local\{14B2FBE2-DC25-4E2B-B984-4D10269D83B9}
2011-09-19 13:30:42 -------- d-----w- c:\users\bar\appdata\local\{10AE63C0-2A9A-466F-A19C-E7F5E66A5BAE}
2011-09-19 13:30:26 -------- d-----w- c:\users\bar\appdata\local\{31E188EE-4270-4382-8C9F-7828AFA17914}
2011-09-16 13:10:43 -------- d-----w- c:\users\bar\appdata\local\{62BCF83D-45B2-481D-A34A-90D7800833C5}
2011-09-16 13:10:28 -------- d-----w- c:\users\bar\appdata\local\{03DC3747-6082-4508-AB31-AEC9A57E1F8D}
2011-09-15 13:29:51 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-15 13:19:42 -------- d-----w- c:\users\bar\appdata\local\{9C4496CB-F3E0-4E08-BFE0-3DF8285EDF66}
2011-09-15 13:19:25 -------- d-----w- c:\users\bar\appdata\local\{42DD6EB8-AD91-4727-8359-A4F25259FB49}
2011-09-14 17:07:59 -------- d-----w- c:\users\bar\appdata\local\{9061FD59-7153-4F09-AB1D-801D0DCC0B09}
2011-09-14 17:07:44 -------- d-----w- c:\users\bar\appdata\local\{845165FD-E627-4D62-A237-B2C9796EB847}
2011-09-13 13:19:57 -------- d-----w- c:\users\bar\appdata\local\{A5692CAA-87BB-4F6E-9ADE-A6F84B78A5DB}
2011-09-13 13:19:44 -------- d-----w- c:\users\bar\appdata\local\{C2FA66FE-63DD-4631-9816-79695227CE30}
2011-09-12 13:02:52 -------- d-----w- c:\users\bar\appdata\local\{660D1920-77F7-4561-B618-620D09C7E0F7}
2011-09-12 13:02:39 -------- d-----w- c:\users\bar\appdata\local\{8D3D023E-F086-42C1-A612-BF537A2CCAF5}
2011-09-09 13:25:50 -------- d-----w- c:\users\bar\appdata\local\{957C438F-74F8-4FE2-B399-79F0507AF1E5}
2011-09-09 13:25:38 -------- d-----w- c:\users\bar\appdata\local\{329417C4-A643-4C24-8D73-0AB17D81B9B2}
2011-09-08 13:16:40 -------- d-----w- c:\users\bar\appdata\local\{DD0832B7-EBD2-404F-B460-AA0C9175C1A0}
2011-09-08 13:16:22 -------- d-----w- c:\users\bar\appdata\local\{7DC7F87E-31E7-458D-B253-DE1F892621C0}
2011-09-07 13:41:07 -------- d-----w- c:\users\bar\appdata\local\{A3F5C6A8-7C39-4A1A-A5F1-C89F4E263754}
2011-09-07 13:40:51 -------- d-----w- c:\users\bar\appdata\local\{B624314C-7CE2-449E-BA17-EB7ACED5B242}
2011-09-06 13:27:59 -------- d-----w- c:\users\bar\appdata\local\{54A42B40-8E5B-49A6-9E26-5D2D82EC4D4F}
2011-09-06 13:27:38 -------- d-----w- c:\users\bar\appdata\local\{A8259B3B-6FDB-459C-A1D9-977614CC4022}
2011-09-02 13:43:25 -------- d-----w- c:\users\bar\appdata\local\{6CAE0CFA-DCF8-42C8-90D0-8C80DC412D94}
2011-09-02 13:43:03 -------- d-----w- c:\users\bar\appdata\local\{81EB5514-4BD1-4A4F-902A-84C80AC4B7D8}
2011-09-01 13:25:38 -------- d-----w- c:\users\bar\appdata\local\{212FE301-A199-4B5C-BF65-09C630CACFD3}
2011-09-01 13:25:25 -------- d-----w- c:\users\bar\appdata\local\{2C0A9576-F3A6-4ED2-BDAF-C48647CBB1D8}
2011-08-31 13:41:43 -------- d-----w- c:\users\bar\appdata\local\{094C8341-E9F1-4A2A-AC31-A5167C615255}
2011-08-31 13:41:30 -------- d-----w- c:\users\bar\appdata\local\{0F0BE8E0-7DE4-4C80-9638-EEFC731E51E7}
2011-08-30 14:52:14 -------- d-----w- c:\users\bar\appdata\local\{BE5B30F9-28D8-4E60-9514-31E9D42B9676}
2011-08-30 14:51:59 -------- d-----w- c:\users\bar\appdata\local\{1CE110AB-A877-4484-8B1F-0EB7E02E630A}
2011-08-29 15:47:22 -------- d-----w- c:\users\bar\appdata\local\{4403EC43-D2C6-49FF-9D6B-065E33D863D0}
2011-08-29 15:47:08 -------- d-----w- c:\users\bar\appdata\local\{C8C1FD85-0FEE-47D5-89BC-06420AF8813B}
2011-08-29 13:26:25 -------- d-----w- c:\users\bar\appdata\local\{CD18D3E2-3BD4-4080-9D14-C981DFEFCBE8}
.
==================== Find3M ====================
.
2011-09-27 02:38:51 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-08 13:26:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 23:48:30 59080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 07:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 07:14:02 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 07:14:02 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 07:14:00 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 07:13:58 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 07:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 07:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2008-02-09 04:36:28 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 11:58:09.46 ===============

#4 Mike.OB

Mike.OB
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 28 September 2011 - 09:20 AM

I'm working with Malwarebytes' on this problem.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:29 AM

Posted 28 September 2011 - 09:34 AM

Thank you for letting us know. This topic is now closed.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users