Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe always running, causing my computer to shut down


  • This topic is locked This topic is locked
5 replies to this topic

#1 the5spades

the5spades

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 25 October 2011 - 04:49 PM

Hi and thank you in advance for your help! My computer's problem has already been described by another user, Mynyel. She was given assistance by Gringo_pr:

[/quote]I have actually tried to look this issue up on here and did find one post with the fix and such. However I was reluctant to do what the post wanted as the computer is a different system. This issue started happening about.. thinking... 2 or 3 days ago. I get three different things. One is pop ups in Firefox. The just randomly happen and it also redirects. I click on a link, it redirects to some ad page (different ones) then I click back and I can then get to the page. Sometimes. I hope that is confusing enough! :) I am also getting a threat blocked periodically from AVG. This one is called Exploit Phoenix Exploit Kit. The Process name is C:\Windows\SysWOW64\PING.EXE. The last thing is that PING.EXE is *always* running. I can kill it but it just comes back. This file will take up to 90% of my CPU usage. Needless to say it makes doing anything difficult.[/quote]

I started a new post because I didnt want to go through the steps to correct it without your assistance/advice :)[/font]

In desperation to have this fixed before I have to work tonite, I did run combofix.
Here is the log:
ComboFix 11-10-25.04 - Menesia 10/25/2011 14:15:51.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2238 [GMT -7:00]
Running from: c:\users\Menesia\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Menesia\AppData\Roaming\bOBtzP0yc1v2n4mOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\c9kA36TObWYxpfwOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\DtvHLe14dYB26XPOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\hbF3pnG5aHdKfLgOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\IdnPwQuqHcwJvedOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\jpGaJd8R9TOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\lKm1e7nxhsieRJFOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\wE8RqhYXwkUVlOpenCloud Security.ico
c:\users\Menesia\AppData\Roaming\XK88fRLL9XUeIBzOpenCloud Security.ico
c:\users\Menesia\Documents\~WRL0751.tmp
c:\users\Menesia\Documents\~WRL0771.tmp
c:\users\Menesia\Documents\~WRL1072.tmp
c:\users\Menesia\Documents\~WRL1406.tmp
c:\users\Menesia\Documents\~WRL1793.tmp
c:\users\Menesia\Documents\~WRL1983.tmp
c:\users\Menesia\Documents\~WRL2052.tmp
c:\users\Menesia\Documents\~WRL2271.tmp
c:\users\Menesia\Documents\~WRL2570.tmp
c:\users\Menesia\Documents\~WRL2574.tmp
c:\users\Menesia\Documents\~WRL2667.tmp
c:\users\Menesia\Documents\~WRL3051.tmp
c:\users\Menesia\Documents\~WRL3141.tmp
c:\users\Menesia\Documents\~WRL3212.tmp
c:\users\Menesia\Documents\~WRL3254.tmp
c:\users\Menesia\Documents\~WRL3580.tmp
c:\users\Menesia\Documents\~WRL3950.tmp
c:\users\Menesia\Documents\~WRL4007.tmp
c:\users\Menesia\Documents\~WRL4052.tmp
c:\users\Menesia\g2mdlhlpx.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\00000004.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000004.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\aL1ZDTSTiTbTD.exe
c:\windows\SysWow64\fOLoO82Bf3OLDk5.exe
c:\windows\SysWow64\gPqHcX5AjGN.exe
c:\windows\SysWow64\JlIBtzPNyAuD.exe
c:\windows\SysWow64\nCCCekkIVrzOtx0.exe
c:\windows\SysWow64\oCCCeekIVrzOtx0.exe
c:\windows\SysWow64\oYYCCekkIVzONxA.exe
c:\windows\SysWow64\t25Ew0oWXOimZBS.exe
c:\windows\SysWow64\ynnFF4amH5sWJdL.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))
.
.
2011-10-25 21:24 . 2011-10-25 21:24 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2011-10-25 21:24 . 2011-10-25 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 05:06 . 2011-10-25 05:06 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-10-25 05:06 . 2011-10-25 05:06 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2011-10-06 21:16 . 2006-04-03 07:00 134656 ----a-w- c:\windows\system32\dlsrm.dll
2011-10-06 21:13 . 2011-10-06 21:16 -------- d-----w- c:\program files (x86)\Dell Printers
2011-10-06 21:12 . 2005-04-04 06:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-06 21:12 . 2005-04-04 06:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-06 21:12 . 2005-04-04 06:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-06 21:12 . 2005-04-04 06:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-06 21:12 . 2005-04-04 05:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-06 21:12 . 2011-10-06 21:12 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-06 21:12 . 2011-10-06 21:12 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-06 21:12 . 2005-04-04 06:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-05 19:21 . 2011-10-13 21:04 -------- d-----w- c:\users\Menesia\AppData\Local\CrashDumps
2011-10-04 16:17 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C68811E1-440E-4DDD-B2E7-E68518CBCB07}\mpengine.dll
2011-10-03 05:18 . 2011-10-03 05:18 -------- d-----w- c:\users\Menesia\AppData\Roaming\Malwarebytes
2011-10-03 05:18 . 2011-10-03 05:18 -------- d-----w- c:\programdata\Malwarebytes
2011-10-03 05:18 . 2011-10-03 05:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-03 05:18 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 02:49 . 2011-10-03 05:58 -------- d-----w- c:\users\Menesia\AppData\Roaming\H6ddWWK7fRL9gX
2011-10-03 02:49 . 2011-10-03 02:49 2413568 ----a-w- c:\windows\SysWow64\BnnnG55aQH.exe
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\BddWWK8ffL9hTqU
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\IOONNtxPP0cS1b3
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\oQQQHH6dWK7fL9T
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\IyyycAA1uvD2FpG
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\jgXjCkzx0c2b3Ga
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\IGaHdKfLgXjCkzx
2011-10-03 02:49 . 2011-10-03 02:49 -------- d-----w- c:\users\Menesia\AppData\Roaming\FCeIrOtAuSi3
2011-10-03 02:48 . 2011-10-03 02:48 -------- d-----w- c:\users\Menesia\AppData\Roaming\HffRRZ99hTwjUel
2011-10-03 02:48 . 2011-10-03 02:48 -------- d-----w- c:\users\Menesia\AppData\Roaming\FEELL8ggTZqYCkU
2011-10-03 02:48 . 2011-10-03 02:48 -------- d-----w- c:\users\Menesia\AppData\Roaming\O444aaQH6s
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\JHdKfLgqCkrO
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\exxxA11uvS2bFpm
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\e222ibbF3pnGaH6
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\NTTXXwjjUCeIBzP
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\NTTTXwwjUCelBrP
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\iwwkkUVVrlOtx0y
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\FCkBzNAuSiFpGaH
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\A7R9TqUeIrOy
2011-10-03 02:47 . 2011-10-03 02:47 -------- d-----w- c:\users\Menesia\AppData\Roaming\ohwUrOtPySiDn4m
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\ByyccS1iiv3on4m
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\cdddWKK7f
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\kLLL9hhTXqjCek
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\eRLL9hhTXqjCek
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\eRLL99hTXqjUek
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\eLLL9hhTXqjUek
2011-10-03 02:46 . 2011-10-03 02:46 -------- d-----w- c:\users\Menesia\AppData\Roaming\eLLL9hhTXqjCek
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\ITqCkVltP
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\nBzyAuSiFpGaH79
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\im5JdKfLhXjCIrO
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\K3n4Q6W7Lg
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\FgClyDm7Z
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\eubnQWRTYIN0234
2011-10-03 02:45 . 2011-10-03 02:45 -------- d-----w- c:\users\Menesia\AppData\Roaming\JhjIPADFG6fhjIP
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\EwwjjUVVelBtzNy
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\nzzzOONtxA0uS2b
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\nzzzOONtxA0cS2b
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\cwlzADFG6
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\iaHsJE8ZhC
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\fClBzyAu2b
2011-10-03 02:44 . 2011-10-03 02:44 -------- d-----w- c:\users\Menesia\AppData\Roaming\gHHH5ssWJ7d
2011-10-03 02:43 . 2011-10-03 02:43 -------- d-----w- c:\users\Menesia\AppData\Roaming\A111uvvD2ob4pG5
2011-10-03 02:43 . 2011-10-03 02:43 -------- d-----w- c:\users\Menesia\AppData\Roaming\ezzzONNtxA0uS2b
2011-10-03 02:43 . 2011-10-03 02:43 -------- d-----w- c:\users\Menesia\AppData\Roaming\AOOONttxA0uS2bD
2011-10-03 02:43 . 2011-10-03 02:43 -------- d-----w- c:\users\Menesia\AppData\Roaming\BrrllONtxP0uc
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\NKx8A7t6Omlmknh
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\AwPb6XNbWjNDsqt
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\ErvWY04glvJXy
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\o2KIi7V1sYP48ev
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\A6UnhAJBp
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\anralsOHlH
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\hhzp9N3gNnLt4Ry
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\exWzQVDTmw4qvg
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\kbZxJebLNGYcsVF
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\loq180Qlpw2Lu7N
2011-10-03 02:41 . 2011-10-03 02:41 -------- d-----w- c:\users\Menesia\AppData\Roaming\B6kbLtaX1d
2011-10-03 02:40 . 2011-10-03 02:40 -------- d-----w- c:\users\Menesia\AppData\Roaming\AFdU159zbKevQXx
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\EQQQJ66dWK8fL9T
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\JUVVVrlBPy1v
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\iVVVrlBPy1v3F
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\O36LCOu3HRjrcWZ
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\LLCOu3HRjrcWZO
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\cdKLXjVO0
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\lHKfTYkzxc2Dp4s
2011-10-03 02:39 . 2011-10-03 02:39 -------- d-----w- c:\users\Menesia\AppData\Roaming\IfTYkzxc2
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\IZUNDG8TCzubmQK
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\eQ7E8R9YwUlBzN1
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\NKBvJhzbKIcaTr1
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\Hf9TqYwIlNx0c1b
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\dPuSiDoGaHsJfLT
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\NQ8TePu3Q89qery
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\CoGE9UrAb5WRTUI
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\gELTqYwUrOt
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\DJfELTqYwUrOtPc
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\csgUPD58w
2011-10-03 02:38 . 2011-10-03 02:38 -------- d-----w- c:\users\Menesia\AppData\Roaming\NwI12GKXIyS57C
2011-10-03 02:36 . 2011-10-03 02:36 -------- d-----w- c:\users\Menesia\AppData\Roaming\i777ddEL8g
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\hxxxA00ucS2iD3n
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\mqqhhYXXwk
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\O666sWWJ7fELgTq
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\iiibbD33pn4aQ6s
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\g8hjlzxvbmJ
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\jPySiDoFaHW7LgZ
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\K79lcbQRCN2afjz
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\Jf9TqUeIrzO0SiF
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\elcbQRCN2afjzv
2011-10-03 02:35 . 2011-10-03 02:35 -------- d-----w- c:\users\Menesia\AppData\Roaming\CHdZUt1bsKhUIrx
2011-10-03 02:33 . 2011-10-03 02:33 -------- d-----w- c:\users\Menesia\AppData\Roaming\IkrzOONyxA0u
2011-10-03 02:33 . 2011-10-03 02:33 -------- d-----w- c:\users\Menesia\AppData\Roaming\IVVVellOBtzPyc1
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\GWLZXVtyvnm7g
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\madRTYVN0ipasET
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\i222iibD3pnGa
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\mqqqhhYXwkUVlOt
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\ckkIIVrrO
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\oPPPNNyxA1uv2oF
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\AUUCCelIIrzP
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\A333onnG4am6sJ7
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\Gd9XIzxb3Qd9TqY
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\paKTUrxb6gVv3dg
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\KBcFJhI14J
2011-10-03 02:31 . 2011-10-03 02:31 -------- d-----w- c:\users\Menesia\AppData\Roaming\cHEqwetPyAiD
2011-10-03 02:30 . 2011-10-03 02:30 -------- d-----w- c:\users\Menesia\AppData\Roaming\IdKgZhXjVlBP
2011-10-03 02:30 . 2011-10-03 02:30 -------- d-----w- c:\users\Menesia\AppData\Roaming\jOy3m7Zklzcvn
2011-10-03 02:30 . 2011-10-03 02:30 -------- d-----w- c:\users\Menesia\AppData\Roaming\jjCIrOtPuSiDn
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 22:16 . 2011-08-08 22:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2011-09-12 15:46 832680 ----a-w- c:\progra~2\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-27 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"lxddmon.exe"="c:\program files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496]
"lxddamon"="c:\program files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Dell MFP Color Laser Printer 3115cn Launcher"="c:\program files (x86)\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" [2006-08-10 389120]
.
c:\users\Menesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-2-5 473616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-10-12 3604040]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-9-6 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 136176]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [2011-10-14 1155704]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111022.030\IDSvia64.sys [2011-09-30 488568]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DLSDB;Dell Printer Status Database;c:\program files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2005-08-26 185856]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-05-01 181544]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-10-12 63048]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-30 136824]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 04:21]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 04:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"DLPSP"="c:\program files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2006-02-23 197120]
"combofix"="c:\combofix\CF27943.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80564&lng=en
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll
FF - ProfilePath - c:\users\Menesia\AppData\Roaming\Mozilla\Firefox\Profiles\zkc1f65p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\RebateInformer\RebateInf.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Completion time: 2011-10-25 14:35:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-25 21:35
.
Pre-Run: 335,649,198,080 bytes free
Post-Run: 335,365,701,632 bytes free
.
- - End Of File - - 9CAFBB78D1E7A8ECC585065F460B2806

Edited by the5spades, 25 October 2011 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 30 October 2011 - 04:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425012 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:22 PM

Posted 01 November 2011 - 09:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The ComboFix log shows some traces of a very bad infection.
Other tools would have been suggested before executing ComboFix. I hope that we can clean this computer now.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

===

Please let me know what problem persists.

#4 the5spades

the5spades
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 01 November 2011 - 04:38 PM

Thank you SO much for helping! I am so thankful that there are people like you out there who help others with your knowledge!
I ran the DDS tool, as instructed.
When it was done, two notepads with different logs popped up. I'm not sure which one you need, so here's one:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by Menesia at 14:09:45 on 2011-11-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.1175 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxddcoms.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\RebateInformer\RebateInf.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intuit\QuickBooks 2007\qbw32.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\Intuit\QUICKB~1\dbextclr11.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80564&lng=en
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Dell MFP Color Laser Printer 3115cn Launcher] "C:\Program Files (x86)\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" /s
StartupFolder: C:\Users\Menesia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A0C76796-5756-4A40-8D1F-16AC8F36C705} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A0C76796-5756-4A40-8D1F-16AC8F36C705}\14344594F4E4455434 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{A0C76796-5756-4A40-8D1F-16AC8F36C705}\D6F637169636 : DhcpNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun-x64: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Dell MFP Color Laser Printer 3115cn Launcher] "C:\Program Files (x86)\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe" /s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Menesia\AppData\Roaming\Mozilla\Firefox\Profiles\zkc1f65p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Menesia\AppData\Roaming\Mozilla\Firefox\Profiles\zkc1f65p.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-11-1 1155704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111028.030\IDSviA64.sys [2011-10-28 488568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DLSDB;Dell Printer Status Database;C:\Program Files (x86)\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2011-10-6 185856]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-30 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-6 868896]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-30 13336]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-10-12 63048]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-2 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2011-9-10 102608]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-10-2 130008]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-30 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-30 243232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-30 136824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-16 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxddserv.exe [2007-5-25 34224]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-16 136176]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-01 20:46:45 -------- d-----w- C:\ce0193a132e713327a9f1b5a7dfaef
2011-10-26 15:45:05 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 15:45:05 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-25 21:27:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-25 20:48:34 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-25 20:48:34 256000 ----a-w- C:\Windows\PEV.exe
2011-10-25 20:48:34 208896 ----a-w- C:\Windows\MBR.exe
2011-10-25 20:48:33 98816 ----a-w- C:\Windows\sed.exe
2011-10-06 21:16:34 134656 ----a-w- C:\Windows\System32\dlsrm.dll
2011-10-06 21:13:31 -------- d-----w- C:\Program Files (x86)\Dell Printers
2011-10-06 21:12:41 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-10-06 21:12:41 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-10-06 21:12:41 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-10-06 21:12:41 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-10-06 21:12:41 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-10-06 21:12:40 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-10-06 21:12:40 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-10-06 21:12:40 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-10-05 19:21:22 -------- d-----w- C:\Users\Menesia\AppData\Local\CrashDumps
2011-10-04 16:17:20 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C68811E1-440E-4DDD-B2E7-E68518CBCB07}\mpengine.dll
2011-10-03 06:24:05 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-10-03 06:24:05 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-10-03 06:24:05 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-10-03 06:24:05 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-10-03 06:24:05 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-10-03 06:24:04 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-10-03 05:18:36 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Malwarebytes
2011-10-03 05:18:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-03 05:18:29 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-03 05:18:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-03 02:48:51 -------- d-----w- C:\Users\Menesia\AppData\Roaming\HffRRZ99hTwjUel
2011-10-03 02:48:37 -------- d-----w- C:\Users\Menesia\AppData\Roaming\tRRRZZ9hTXwjCeI
2011-10-03 02:48:10 -------- d-----w- C:\Users\Menesia\AppData\Roaming\FEELL8ggTZqYCkU
2011-10-03 02:48:07 -------- d-----w- C:\Users\Menesia\AppData\Roaming\zTTXXwjjUCeIBzP
2011-10-03 02:48:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\XOOONyxAA0vS2b3
2011-10-03 02:48:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\O444aaQH6s
2011-10-03 02:46:14 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ByyccS1iiv3on4m
2011-10-03 02:46:12 -------- d-----w- C:\Users\Menesia\AppData\Roaming\cdddWKK7f
2011-10-03 02:46:10 -------- d-----w- C:\Users\Menesia\AppData\Roaming\YtttzzP0ycA1vDo
2011-10-03 02:46:08 -------- d-----w- C:\Users\Menesia\AppData\Roaming\yLLL9ggTZqjCwkV
2011-10-03 02:46:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\kLLL9hhTXqjCek
2011-10-03 02:46:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eRLL9hhTXqjCek
2011-10-03 02:46:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eRLL99hTXqjUek
2011-10-03 02:46:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eLLL9hhTXqjUek
2011-10-03 02:46:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eLLL9hhTXqjCek
2011-10-03 02:45:34 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ITqCkVltP
2011-10-03 02:45:33 -------- d-----w- C:\Users\Menesia\AppData\Roaming\nBzyAuSiFpGaH79
2011-10-03 02:45:32 -------- d-----w- C:\Users\Menesia\AppData\Roaming\im5JdKfLhXjCIrO
2011-10-03 02:45:29 -------- d-----w- C:\Users\Menesia\AppData\Roaming\K3n4Q6W7Lg
2011-10-03 02:45:27 -------- d-----w- C:\Users\Menesia\AppData\Roaming\tWZV0osgUPD58wr
2011-10-03 02:45:26 -------- d-----w- C:\Users\Menesia\AppData\Roaming\FgClyDm7Z
2011-10-03 02:45:24 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eubnQWRTYIN0234
2011-10-03 02:45:22 -------- d-----w- C:\Users\Menesia\AppData\Roaming\JhjIPADFG6fhjIP
2011-10-03 02:44:43 -------- d-----w- C:\Users\Menesia\AppData\Roaming\EwwjjUVVelBtzNy
2011-10-03 02:44:40 -------- d-----w- C:\Users\Menesia\AppData\Roaming\vpGaJW8R9TqUeIz
2011-10-03 02:44:40 -------- d-----w- C:\Users\Menesia\AppData\Roaming\nzzzOONtxA0uS2b
2011-10-03 02:44:40 -------- d-----w- C:\Users\Menesia\AppData\Roaming\nzzzOONtxA0cS2b
2011-10-03 02:44:38 -------- d-----w- C:\Users\Menesia\AppData\Roaming\cwlzADFG6
2011-10-03 02:44:37 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Z8ZhCkVlB01v3n4
2011-10-03 02:44:37 -------- d-----w- C:\Users\Menesia\AppData\Roaming\iaHsJE8ZhC
2011-10-03 02:44:36 -------- d-----w- C:\Users\Menesia\AppData\Roaming\zaHsKLZjCkrOt
2011-10-03 02:44:33 -------- d-----w- C:\Users\Menesia\AppData\Roaming\fClBzyAu2b
2011-10-03 02:44:28 -------- d-----w- C:\Users\Menesia\AppData\Roaming\uBSo5EqUt1n5EhV
2011-10-03 02:44:14 -------- d-----w- C:\Users\Menesia\AppData\Roaming\gHHH5ssWJ7d
2011-10-03 02:43:50 -------- d-----w- C:\Users\Menesia\AppData\Roaming\V55ssWJJ7dL8gZq
2011-10-03 02:43:37 -------- d-----w- C:\Users\Menesia\AppData\Roaming\A111uvvD2ob4pG5
2011-10-03 02:43:34 -------- d-----w- C:\Users\Menesia\AppData\Roaming\xGGG4aamH6sW7fL
2011-10-03 02:43:34 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ezzzONNtxA0uS2b
2011-10-03 02:43:14 -------- d-----w- C:\Users\Menesia\AppData\Roaming\XnnFF4aamH
2011-10-03 02:43:08 -------- d-----w- C:\Users\Menesia\AppData\Roaming\AOOONttxA0uS2bD
2011-10-03 02:43:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\BrrllONtxP0uc
2011-10-03 02:43:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\uYYYCwkkI
2011-10-03 02:41:57 -------- d-----w- C:\Users\Menesia\AppData\Roaming\NKx8A7t6Omlmknh
2011-10-03 02:40:16 -------- d-----w- C:\Users\Menesia\AppData\Roaming\AFdU159zbKevQXx
2011-10-03 02:39:16 -------- d-----w- C:\Users\Menesia\AppData\Roaming\TZ99hhYXwjUVlIt
2011-10-03 02:39:11 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ynnnF44pmH5QJdE
2011-10-03 02:39:08 -------- d-----w- C:\Users\Menesia\AppData\Roaming\EQQQJ66dWK8fL9T
2011-10-03 02:39:06 -------- d-----w- C:\Users\Menesia\AppData\Roaming\JUVVVrlBPy1v
2011-10-03 02:39:06 -------- d-----w- C:\Users\Menesia\AppData\Roaming\iVVVrlBPy1v3F
2011-10-03 02:39:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\O36LCOu3HRjrcWZ
2011-10-03 02:39:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\LLCOu3HRjrcWZO
2011-10-03 02:39:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\cdKLXjVO0
2011-10-03 02:39:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\yEEL9ZClNP0ciDo
2011-10-03 02:39:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\lHKfTYkzxc2Dp4s
2011-10-03 02:39:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\IfTYkzxc2
2011-10-03 02:37:58 -------- d-----w- C:\Users\Menesia\AppData\Roaming\DonnGG4amHs7fLg
2011-10-03 02:36:55 -------- d-----w- C:\Users\Menesia\AppData\Roaming\vqhYYCwkUVrlOtP
2011-10-03 02:35:11 -------- d-----w- C:\Users\Menesia\AppData\Roaming\hxxxA00ucS2iD3n
2011-10-03 02:35:08 -------- d-----w- C:\Users\Menesia\AppData\Roaming\mqqhhYXXwk
2011-10-03 02:35:07 -------- d-----w- C:\Users\Menesia\AppData\Roaming\O666sWWJ7fELgTq
2011-10-03 02:35:06 -------- d-----w- C:\Users\Menesia\AppData\Roaming\iiibbD33pn4aQ6s
2011-10-03 02:35:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\g8hjlzxvbmJ
2011-10-03 02:35:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\QW7E8RqYwVlPc1
2011-10-03 02:35:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\jPySiDoFaHW7LgZ
2011-10-03 02:35:01 -------- d-----w- C:\Users\Menesia\AppData\Roaming\rW7RgqYkVzNx
2011-10-03 02:35:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\zaJdKf9TqUeIr
2011-10-03 02:35:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\K79lcbQRCN2afjz
2011-10-03 02:35:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Jf9TqUeIrzO0SiF
2011-10-03 02:35:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\elcbQRCN2afjzv
2011-10-03 02:35:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\CHdZUt1bsKhUIrx
2011-10-03 02:33:17 -------- d-----w- C:\Users\Menesia\AppData\Roaming\r1iivvD2o
2011-10-03 02:33:09 -------- d-----w- C:\Users\Menesia\AppData\Roaming\IkrzOONyxA0u
2011-10-03 02:33:06 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ylOOBBtxP0yc1iD
2011-10-03 02:33:06 -------- d-----w- C:\Users\Menesia\AppData\Roaming\IVVVellOBtzPyc1
2011-10-03 02:33:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ZZZqqjYYCwkVrON
2011-10-03 02:31:59 -------- d-----w- C:\Users\Menesia\AppData\Roaming\GWLZXVtyvnm7g
2011-10-03 02:30:56 -------- d-----w- C:\Users\Menesia\AppData\Roaming\IdKgZhXjVlBP
2011-10-03 02:29:58 -------- d-----w- C:\Users\Menesia\AppData\Roaming\WeByx1uSob3mKfU
2011-10-03 02:29:56 -------- d-----w- C:\Users\Menesia\AppData\Roaming\uHH55sWJJ7EL8Rq
2011-10-03 02:29:23 -------- d-----w- C:\Users\Menesia\AppData\Roaming\I888gRRZqhYXkUe
2011-10-03 02:29:22 -------- d-----w- C:\Users\Menesia\AppData\Roaming\AxxxP00ycS1iD3n
2011-10-03 02:29:21 -------- d-----w- C:\Users\Menesia\AppData\Roaming\SjjjYCCekIVzONx
2011-10-03 02:29:18 -------- d-----w- C:\Users\Menesia\AppData\Roaming\qHs7EgZYw
2011-10-03 02:29:18 -------- d-----w- C:\Users\Menesia\AppData\Roaming\h7ddEEK8g
2011-10-03 02:29:18 -------- d-----w- C:\Users\Menesia\AppData\Roaming\EvD3n4msJdLgZhX
2011-10-03 02:29:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ZEKK88fRZ
2011-10-03 02:29:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\hNNyyxA11uS2oF3
2011-10-03 02:28:50 -------- d-----w- C:\Users\Menesia\AppData\Roaming\efRRZ9TXjelBPx1
2011-10-03 02:28:42 -------- d-----w- C:\Users\Menesia\AppData\Roaming\lrzzOONtxA0uS2b
2011-10-03 02:28:35 -------- d-----w- C:\Users\Menesia\AppData\Roaming\KOOBtPy1i24HJEg
2011-10-03 02:28:34 -------- d-----w- C:\Users\Menesia\AppData\Roaming\S6sJ7EZhYUOPySn
2011-10-03 02:28:34 -------- d-----w- C:\Users\Menesia\AppData\Roaming\gn4a5WJLgYVOBP
2011-10-03 02:28:32 -------- d-----w- C:\Users\Menesia\AppData\Roaming\BG55aaQJ6dWKfR9
2011-10-03 02:28:29 -------- d-----w- C:\Users\Menesia\AppData\Roaming\cgZhCUrOt
2011-10-03 02:28:26 -------- d-----w- C:\Users\Menesia\AppData\Roaming\xrPx1v2b3maJdKf
2011-10-03 02:28:24 -------- d-----w- C:\Users\Menesia\AppData\Roaming\IXUeOtPyA
2011-10-03 02:28:23 -------- d-----w- C:\Users\Menesia\AppData\Roaming\J4aHsK7fEL9TqCk
2011-10-03 02:28:20 -------- d-----w- C:\Users\Menesia\AppData\Roaming\iJJJ77dEK8
2011-10-03 02:28:18 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ncccS22ibD3G
2011-10-03 02:26:58 -------- d-----w- C:\Users\Menesia\AppData\Roaming\zqu6Y1WUDd
2011-10-03 02:25:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\BgggTZZqhYkUrlB
2011-10-03 02:25:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\BgggTZZqhYCwUVl
2011-10-03 02:25:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\BgggTZZqhwUVrOt
2011-10-03 02:25:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\wzzzPNNyxA
2011-10-03 02:25:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ArrzzPNyx
2011-10-03 02:25:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\crrzzPNNy
2011-10-03 02:25:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ArrzzPNyy
2011-10-03 02:25:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ArrzzPNNy
2011-10-03 02:25:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ArrrzPPNy
2011-10-03 02:25:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ArrrzzPNy
2011-10-03 02:24:52 -------- d-----w- C:\Users\Menesia\AppData\Roaming\q666dEEK8fRZhTw
2011-10-03 02:24:51 -------- d-----w- C:\Users\Menesia\AppData\Roaming\giivvD2onF4pH5Q
2011-10-03 02:24:51 -------- d-----w- C:\Users\Menesia\AppData\Roaming\e333oonF4am5sW7
2011-10-03 02:24:48 -------- d-----w- C:\Users\Menesia\AppData\Roaming\m55aQJJ6dWKfRLh
2011-10-03 02:24:46 -------- d-----w- C:\Users\Menesia\AppData\Roaming\rBttzzP0ycA1
2011-10-03 02:24:45 -------- d-----w- C:\Users\Menesia\AppData\Roaming\rBBttzPP0yc1
2011-10-03 02:24:45 -------- d-----w- C:\Users\Menesia\AppData\Roaming\rBBttzPP0yA1
2011-10-03 02:24:45 -------- d-----w- C:\Users\Menesia\AppData\Roaming\rBBttzP00yA1
2011-10-03 02:24:45 -------- d-----w- C:\Users\Menesia\AppData\Roaming\rBBBtzzP0ycA
2011-10-03 02:24:45 -------- d-----w- C:\Users\Menesia\AppData\Roaming\KVVVellOBt
2011-10-03 02:23:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\wPyx1voFpGa6W
2011-10-03 02:23:05 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Ix1SoFm5Jd8LhXU
2011-10-03 02:21:47 -------- d-----w- C:\Users\Menesia\AppData\Roaming\u8ffRRZ9h
2011-10-03 02:20:12 -------- d-----w- C:\Users\Menesia\AppData\Roaming\NjjYYCwwkIVlOt
2011-10-03 02:20:09 -------- d-----w- C:\Users\Menesia\AppData\Roaming\qEEEK88gR
2011-10-03 01:53:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\n7LgRZqhYwUeOtP
2011-10-03 01:53:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eivD2onF4m5Q7E8
2011-10-03 01:53:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\pm6JLgTZqYwUrOt
2011-10-03 01:53:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\fn4am6JLgZhCkVl
2011-10-03 01:53:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\vSps9YIlNu1DGas
2011-10-03 01:53:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\hlYKmvr9nN708DU
2011-10-03 01:52:59 -------- d-----w- C:\Users\Menesia\AppData\Roaming\UdA93karK0f08cE
2011-10-03 01:52:59 -------- d-----w- C:\Users\Menesia\AppData\Roaming\jhE3P9FI6OHrF
2011-10-03 01:52:57 -------- d-----w- C:\Users\Menesia\AppData\Roaming\GF0hdA93ka
2011-10-03 01:52:55 -------- d-----w- C:\Users\Menesia\AppData\Roaming\dkJ2zhQukJ1U7Dl
2011-10-03 01:52:50 -------- d-----w- C:\Users\Menesia\AppData\Roaming\XSq4lsueRGtqHoN
2011-10-03 01:52:37 -------- d-----w- C:\Users\Menesia\AppData\Roaming\jt7BsPK1XGzfi
2011-10-03 01:52:29 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ScduwoXijnImV
2011-10-03 01:52:28 -------- d-----w- C:\Users\Menesia\AppData\Roaming\aB5choqFX2
2011-10-03 01:51:37 -------- d-----w- C:\Users\Menesia\AppData\Roaming\RoLVOia5JZwynEe
2011-10-03 01:51:35 -------- d-----w- C:\Users\Menesia\AppData\Roaming\lAi3naW7TjwV1Dn
2011-10-03 01:51:33 -------- d-----w- C:\Users\Menesia\AppData\Roaming\THRlvQXNo
2011-10-03 01:51:32 -------- d-----w- C:\Users\Menesia\AppData\Roaming\HRktcndhlPumEXB
2011-10-03 01:51:19 -------- d-----w- C:\Users\Menesia\AppData\Roaming\wtxuc3as7LTjw
2011-10-03 01:50:36 -------- d-----w- C:\Users\Menesia\AppData\Roaming\kdWK8fRL9Tq
2011-10-03 01:50:36 -------- d-----w- C:\Users\Menesia\AppData\Roaming\brlONtxP0c1b3n
2011-10-03 01:50:35 -------- d-----w- C:\Users\Menesia\AppData\Roaming\w6dWK8fRLh
2011-10-03 01:50:28 -------- d-----w- C:\Users\Menesia\AppData\Roaming\CtxA0ucS2b3n4Q
2011-10-03 01:50:26 -------- d-----w- C:\Users\Menesia\AppData\Roaming\bpnG5aQH6W7
2011-10-03 01:50:25 -------- d-----w- C:\Users\Menesia\AppData\Roaming\dA1uvS2ob
2011-10-03 01:50:21 -------- d-----w- C:\Users\Menesia\AppData\Roaming\XWK7fRL9gXjCk
2011-10-03 01:50:21 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ewClBzNAuSo
2011-10-03 01:50:20 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ZlItNAuDb
2011-10-03 01:50:14 -------- d-----w- C:\Users\Menesia\AppData\Roaming\knF4pmH5sJdKgZh
2011-10-03 01:50:13 -------- d-----w- C:\Users\Menesia\AppData\Roaming\sZqhYCwkUrOtPyS
2011-10-03 01:50:11 -------- d-----w- C:\Users\Menesia\AppData\Roaming\cS2obF3pm5Q6W8R
2011-10-03 01:49:55 -------- d-----w- C:\Users\Menesia\AppData\Roaming\W2onF4pmHsJdKgZ
2011-10-03 01:49:54 -------- d-----w- C:\Users\Menesia\AppData\Roaming\LtxP0ucS1b3n4m6
2011-10-03 01:49:52 -------- d-----w- C:\Users\Menesia\AppData\Roaming\xS2ibF3pn5Q6W7R
2011-10-03 01:49:40 -------- d-----w- C:\Users\Menesia\AppData\Roaming\uA1uvD2ob
2011-10-03 01:49:17 -------- d-----w- C:\Users\Menesia\AppData\Roaming\E3pmG5aQJd
2011-10-03 01:49:15 -------- d-----w- C:\Users\Menesia\AppData\Roaming\bYXwkUVelBz0c1v
2011-10-03 01:49:04 -------- d-----w- C:\Users\Menesia\AppData\Roaming\L8gTZqhYCkVlBx0
2011-10-03 01:49:03 -------- d-----w- C:\Users\Menesia\AppData\Roaming\PucS2ibD3n4Q6W7
2011-10-03 01:49:01 -------- d-----w- C:\Users\Menesia\AppData\Roaming\OpmG5sQJ6E
2011-10-03 01:49:00 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Cci3Gm67LTqCUr
2011-10-03 01:47:50 -------- d-----w- C:\Users\Menesia\AppData\Roaming\naQH6dWK7R9T
2011-10-03 01:46:57 -------- d-----w- C:\Users\Menesia\AppData\Roaming\uIO0ipQKLqkO
2011-10-03 01:46:54 -------- d-----w- C:\Users\Menesia\AppData\Roaming\aPc1vo4m78hUBcv
2011-10-03 01:46:51 -------- d-----w- C:\Users\Menesia\AppData\Roaming\RKwzvm8wB13
2011-10-03 01:46:51 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Hm5JE9Tlzyvo3GQ
2011-10-03 01:46:46 -------- d-----w- C:\Users\Menesia\AppData\Roaming\nXez12aRU
2011-10-03 01:46:26 -------- d-----w- C:\Users\Menesia\AppData\Roaming\cA1uvD2ob4m5Q6E
2011-10-03 01:46:23 -------- d-----w- C:\Users\Menesia\AppData\Roaming\jH6dWK7fR9TqYeI
2011-10-03 01:40:35 -------- d-----w- C:\Users\Menesia\AppData\Local\NPE
2011-10-03 01:18:21 -------- d-----w- C:\Users\Menesia\AppData\Roaming\PghwUlt0ci2
2011-10-03 01:18:17 -------- d-----w- C:\Users\Menesia\AppData\Roaming\TBNv45E9U
2011-10-03 01:18:07 -------- d-----w- C:\Users\Menesia\AppData\Roaming\zxu2Fm5JEf
2011-10-03 01:17:57 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ZTwClrNAu
2011-10-03 01:17:56 -------- d-----w- C:\Users\Menesia\AppData\Roaming\X7LgRZqhYw
2011-10-03 01:17:53 -------- d-----w- C:\Users\Menesia\AppData\Roaming\wpdRhqCIOy0SFna
2011-10-03 01:17:53 -------- d-----w- C:\Users\Menesia\AppData\Roaming\pxu2Fpa6KRhXUkr
2011-10-03 01:17:30 -------- d-----w- C:\Users\Menesia\AppData\Roaming\d0ucS1ibo
2011-10-03 01:17:28 -------- d-----w- C:\Users\Menesia\AppData\Roaming\VzPNyxA1uSoFpGa
2011-10-03 01:17:19 -------- d-----w- C:\Users\Menesia\AppData\Roaming\UJ6dEK8fR9TwUe
2011-10-03 01:17:19 -------- d-----w- C:\Users\Menesia\AppData\Roaming\A5sQJ6dEKfZh
2011-10-03 01:17:18 -------- d-----w- C:\Users\Menesia\AppData\Roaming\A7LRZhXUlt0Ai2n
2011-10-03 01:17:11 -------- d-----w- C:\Users\Menesia\AppData\Roaming\fgTZqjYCwIrOtPu
2011-10-03 01:17:11 -------- d-----w- C:\Users\Menesia\AppData\Roaming\EgTZqjYCwIrOtPu
2011-10-03 01:17:11 -------- d-----w- C:\Users\Menesia\AppData\Roaming\eaWLqezxS3adfX
2011-10-03 01:15:07 -------- d-----w- C:\Users\Menesia\AppData\Roaming\FuvD2obF4m5Q6E8
2011-10-03 01:15:02 -------- d-----w- C:\Users\Menesia\AppData\Roaming\HlOBtxP0ySiDoF
2011-10-03 01:15:01 -------- d-----w- C:\Users\Menesia\AppData\Roaming\TkUVrlOBtPyS
2011-10-03 01:15:01 -------- d-----w- C:\Users\Menesia\AppData\Roaming\NCwkUVrlOtP
2011-10-03 01:15:01 -------- d-----w- C:\Users\Menesia\AppData\Roaming\CfEL8gTZqCkVlBx
2011-10-03 01:13:59 -------- d-----w- C:\Users\Menesia\AppData\Roaming\DeBzNycA1v2b4m5
2011-10-03 01:12:55 -------- d-----w- C:\Users\Menesia\AppData\Roaming\YcDF5dgYVByvF57
2011-10-03 01:12:46 -------- d-----w- C:\Users\Menesia\AppData\Roaming\SRZ9hYXwjV
2011-10-03 01:12:32 -------- d-----w- C:\Users\Menesia\AppData\Roaming\KwjUCelIBzNx1v2
2011-10-03 01:12:14 -------- d-----w- C:\Users\Menesia\AppData\Roaming\WD3pnG4aQ6W7
2011-10-03 01:10:59 -------- d-----w- C:\Users\Menesia\AppData\Roaming\Xvo4GQd8ZTjeB
2011-10-03 01:10:55 -------- d-----w- C:\Users\Menesia\AppData\Roaming\e6W8RhXjCIrNAv
2011-10-03 01:10:53 -------- d-----w- C:\Users\Menesia\AppData\Roaming\HqhYCkUrlB0inH7
2011-10-03 01:10:52 -------- d-----w- C:\Users\Menesia\AppData\Roaming\tu2DGQs7LT
2011-10-03 01:10:31 -------- d-----w- C:\Users\Menesia\AppData\Roaming\jjUCekIBrOyAu
2011-10-03 01:10:27 -------- d-----w- C:\Users\Menesia\AppData\Roaming\KxA0ucS2iDpGa
2011-10-02 23:22:46 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ctzP0ycA1
2011-10-02 23:22:32 -------- d-----w- C:\Users\Menesia\AppData\Roaming\PUVelIBtzNc
2011-10-02 23:22:29 -------- d-----w- C:\Users\Menesia\AppData\Roaming\ffEL9gTZqYwIrOt
.
==================== Find3M ====================
.
2011-10-03 06:24:06 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-10-03 02:49:33 2413568 ----a-w- C:\Windows\SysWow64\BnnnG55aQH.exe
2011-10-01 20:23:53 2413568 ----a-w- C:\Windows\SysWow64\sxu2bp46KLj.exe
2011-10-01 20:23:51 2413568 ----a-w- C:\Windows\SysWow64\wYzbECvmKq.exe
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-01 00:49:21 2413568 ----a-w- C:\Windows\SysWow64\z6xLiYFeaO.exe
2011-10-01 00:49:21 2413568 ----a-w- C:\Windows\SysWow64\gWr3ElnZ0sUDKrm.exe
2011-10-01 00:49:19 2413568 ----a-w- C:\Windows\SysWow64\ycEPQzHzHVoT0en.exe
2011-09-30 18:26:52 2413568 ----a-w- C:\Windows\SysWow64\RuC7DlEFtZpP9G.exe
2011-09-30 18:26:48 2413568 ----a-w- C:\Windows\SysWow64\XGGQ6Jd7fLgqC.exe
2011-09-30 18:26:48 2413568 ----a-w- C:\Windows\SysWow64\Wp69IyFEUNbshPF.exe
2011-09-30 18:26:48 2413568 ----a-w- C:\Windows\SysWow64\sgGtRFld2kKieWN.exe
2011-09-30 18:26:48 2413568 ----a-w- C:\Windows\SysWow64\n5AwQuC7DlEFtZp.exe
2011-09-30 18:26:46 2413568 ----a-w- C:\Windows\SysWow64\cr0n7XtbH.exe
2011-09-30 18:26:45 2413568 ----a-w- C:\Windows\SysWow64\VA4Ewr0n7XtbHTr.exe
2011-09-30 18:26:42 2413568 ----a-w- C:\Windows\SysWow64\mIlp3GH5sad7E.exe
2011-09-30 18:26:42 2413568 ----a-w- C:\Windows\SysWow64\b3xwfayV8mvI94P.exe
2011-09-30 18:26:34 384000 ----a-w- C:\Windows\SysWow64\kNSaLUNpWjB.exe
2011-09-30 18:26:13 2176000 ----a-w- C:\Windows\SysWow64\vDoGJdKJ776KRjY.exe
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2011-08-08 22:16:53 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:12:41.28 ===============


Here is the 2nd one:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/27/2010 9:44:18 PM
System Uptime: 11/1/2011 7:32:13 AM (7 hours ago)
.
Motherboard: Acer | | Aspire 5742
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 1175/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 311.417 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP263: 10/20/2011 7:40:10 AM - Windows Update
RP264: 10/21/2011 8:51:06 AM - Windows Update
RP265: 10/25/2011 8:29:37 AM - Windows Update
RP266: 10/27/2011 6:44:34 AM - Windows Update
RP267: 11/1/2011 1:44:18 PM - Windows Update
.
==== Installed Programs ======================
.
18 Wheels of Steel - American Long Haul
Acer Backup Manager
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 MUI
Agatha Christie - Death on the Nile
AppGraffiti
Apple Application Support
Apple Software Update
Backup Manager Basic
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Brother MFL-Pro Suite MFC-255CW
Brother MFL-Pro Suite MFC-490CW
Build-a-lot 2
Business Contact Manager for Outlook 2007 SP2
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.0
Canon Utilities EOS Capture 1.5
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Chuzzle Deluxe
Constant Guard Protection Suite
Coupon Printer for Windows
CouponBar
Cricut DesignStudio
CyberLink PowerDVD 9
Dell MFP Laser 3115cn ScanButton Manager Ver.1.0.0.0
Dell MFP Laser 3115cn Scanner Driver Ver.1.0.0.0
Dell MFP Laser 3115cn Utilities Ver.1.0.0.0
Dell Printer Software
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
eBay Worldwide
EOS Capture 1.5
eSobi v2
FATE
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Calendar Sync
Google Chrome
Google Earth
Google Update Helper
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 23
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyWinLocker
MyWinLocker Suite
Norton Security Suite
NTI Media Maker 9
PdaNet for Android 2.45
Penguins!
PhotoStitch
Picasa 3
Plants vs. Zombies
Polar Bowler
Polar Golfer
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks
QuickBooks Pro 2010
QuickTime
RAW Image Task 2.2
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RebateInformer
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shredder
Shutterfly Express Uploader
SupportSoft Assisted Service
TaxACT 2010
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
11/1/2011 1:48:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).
11/1/2011 1:48:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871).
11/1/2011 1:47:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
11/1/2011 1:46:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2572078).
11/1/2011 1:46:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870).
11/1/2011 1:46:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663).
11/1/2011 1:46:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523).
11/1/2011 1:44:13 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00-1D-8C-04-31-A2. Network operations on this system may be disrupted as a result.
10/30/2011 4:54:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
10/30/2011 4:54:01 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2011 4:32:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
10/30/2011 4:32:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
10/30/2011 4:31:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.
10/29/2011 7:36:27 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 00-25-9C-BA-1D-63. Network operations on this system may be disrupted as a result.
10/29/2011 7:36:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IDVaultSvc service.
10/27/2011 6:43:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/26/2011 5:55:13 PM, Error: Service Control Manager [7000] - The Intuit QuickBooks FCS service failed to start due to the following error: A device attached to the system is not functioning.
10/26/2011 5:55:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "31" attempting to start the service QBFCService with arguments "" in order to run the server: {E2F551B5-D7E4-351C-A975-2E8EEE4D1917}
10/26/2011 1:19:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FreeAgentGoNext Service service.
10/25/2011 2:32:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/25/2011 2:25:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/25/2011 2:24:01 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/25/2011 2:14:58 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/25/2011 2:06:47 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/25/2011 2:06:47 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/25/2011 12:46:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
10/25/2011 12:45:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/25/2011 12:45:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/25/2011 12:45:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/25/2011 12:45:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/25/2011 12:43:58 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
10/25/2011 12:43:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
10/25/2011 1:22:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/25/2011 1:22:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
.
==== End Of File ===========================


I hope I did this correctly.
Thanks again,
Menesia

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:22 PM

Posted 02 November 2011 - 08:26 AM

Your DDS log is clean. However the Extra.txt log shows this error.

11/1/2011 1:48:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).


Microsoft has a fix for this error.
http://support.microsoft.com/kb/976982

Execute the fix and let me know if the problem with the PING.exe persists.

===

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\SysWow64\BnnnG55aQH.exe

Folder::
c:\users\Menesia\AppData\Roaming\H6ddWWK7fRL9gX
c:\users\Menesia\AppData\Roaming\BddWWK8ffL9hTqU
c:\users\Menesia\AppData\Roaming\IOONNtxPP0cS1b3
c:\users\Menesia\AppData\Roaming\oQQQHH6dWK7fL9T
c:\users\Menesia\AppData\Roaming\IyyycAA1uvD2FpG
c:\users\Menesia\AppData\Roaming\jgXjCkzx0c2b3Ga
c:\users\Menesia\AppData\Roaming\IGaHdKfLgXjCkzx
c:\users\Menesia\AppData\Roaming\FCeIrOtAuSi3
c:\users\Menesia\AppData\Roaming\HffRRZ99hTwjUel
c:\users\Menesia\AppData\Roaming\FEELL8ggTZqYCkU
c:\users\Menesia\AppData\Roaming\O444aaQH6s
c:\users\Menesia\AppData\Roaming\JHdKfLgqCkrO
c:\users\Menesia\AppData\Roaming\exxxA11uvS2bFpm
c:\users\Menesia\AppData\Roaming\e222ibbF3pnGaH6
c:\users\Menesia\AppData\Roaming\NTTXXwjjUCeIBzP
c:\users\Menesia\AppData\Roaming\NTTTXwwjUCelBrP
c:\users\Menesia\AppData\Roaming\iwwkkUVVrlOtx0y
c:\users\Menesia\AppData\Roaming\FCkBzNAuSiFpGaH
c:\users\Menesia\AppData\Roaming\A7R9TqUeIrOy
c:\users\Menesia\AppData\Roaming\ohwUrOtPySiDn4m
c:\users\Menesia\AppData\Roaming\ByyccS1iiv3on4m
c:\users\Menesia\AppData\Roaming\cdddWKK7f
c:\users\Menesia\AppData\Roaming\kLLL9hhTXqjCek
c:\users\Menesia\AppData\Roaming\eRLL9hhTXqjCek
c:\users\Menesia\AppData\Roaming\eRLL99hTXqjUek
c:\users\Menesia\AppData\Roaming\eLLL9hhTXqjUek
c:\users\Menesia\AppData\Roaming\eLLL9hhTXqjCek
c:\users\Menesia\AppData\Roaming\ITqCkVltP
c:\users\Menesia\AppData\Roaming\nBzyAuSiFpGaH79
c:\users\Menesia\AppData\Roaming\im5JdKfLhXjCIrO
c:\users\Menesia\AppData\Roaming\K3n4Q6W7Lg
c:\users\Menesia\AppData\Roaming\FgClyDm7Z
c:\users\Menesia\AppData\Roaming\eubnQWRTYIN0234
c:\users\Menesia\AppData\Roaming\JhjIPADFG6fhjIP
c:\users\Menesia\AppData\Roaming\EwwjjUVVelBtzNy
c:\users\Menesia\AppData\Roaming\nzzzOONtxA0uS2b
c:\users\Menesia\AppData\Roaming\nzzzOONtxA0cS2b
c:\users\Menesia\AppData\Roaming\cwlzADFG6
c:\users\Menesia\AppData\Roaming\iaHsJE8ZhC
c:\users\Menesia\AppData\Roaming\fClBzyAu2b
c:\users\Menesia\AppData\Roaming\gHHH5ssWJ7d
c:\users\Menesia\AppData\Roaming\A111uvvD2ob4pG5
c:\users\Menesia\AppData\Roaming\ezzzONNtxA0uS2b
c:\users\Menesia\AppData\Roaming\AOOONttxA0uS2bD
c:\users\Menesia\AppData\Roaming\BrrllONtxP0uc
c:\users\Menesia\AppData\Roaming\NKx8A7t6Omlmknh
c:\users\Menesia\AppData\Roaming\AwPb6XNbWjNDsqt
c:\users\Menesia\AppData\Roaming\ErvWY04glvJXy
c:\users\Menesia\AppData\Roaming\o2KIi7V1sYP48ev
c:\users\Menesia\AppData\Roaming\A6UnhAJBp
c:\users\Menesia\AppData\Roaming\anralsOHlH
c:\users\Menesia\AppData\Roaming\hhzp9N3gNnLt4Ry
c:\users\Menesia\AppData\Roaming\exWzQVDTmw4qvg
c:\users\Menesia\AppData\Roaming\kbZxJebLNGYcsVF
c:\users\Menesia\AppData\Roaming\loq180Qlpw2Lu7N
c:\users\Menesia\AppData\Roaming\B6kbLtaX1d
c:\users\Menesia\AppData\Roaming\AFdU159zbKevQXx
c:\users\Menesia\AppData\Roaming\EQQQJ66dWK8fL9T
c:\users\Menesia\AppData\Roaming\JUVVVrlBPy1v
c:\users\Menesia\AppData\Roaming\iVVVrlBPy1v3F
c:\users\Menesia\AppData\Roaming\O36LCOu3HRjrcWZ
c:\users\Menesia\AppData\Roaming\LLCOu3HRjrcWZO
c:\users\Menesia\AppData\Roaming\cdKLXjVO0
c:\users\Menesia\AppData\Roaming\lHKfTYkzxc2Dp4s
c:\users\Menesia\AppData\Roaming\IfTYkzxc2
c:\users\Menesia\AppData\Roaming\IZUNDG8TCzubmQK
c:\users\Menesia\AppData\Roaming\eQ7E8R9YwUlBzN1
c:\users\Menesia\AppData\Roaming\NKBvJhzbKIcaTr1
c:\users\Menesia\AppData\Roaming\Hf9TqYwIlNx0c1b
c:\users\Menesia\AppData\Roaming\dPuSiDoGaHsJfLT
c:\users\Menesia\AppData\Roaming\NQ8TePu3Q89qery
c:\users\Menesia\AppData\Roaming\CoGE9UrAb5WRTUI
c:\users\Menesia\AppData\Roaming\gELTqYwUrOt
c:\users\Menesia\AppData\Roaming\DJfELTqYwUrOtPc
c:\users\Menesia\AppData\Roaming\csgUPD58w
c:\users\Menesia\AppData\Roaming\NwI12GKXIyS57C
c:\users\Menesia\AppData\Roaming\i777ddEL8g
c:\users\Menesia\AppData\Roaming\hxxxA00ucS2iD3n
c:\users\Menesia\AppData\Roaming\mqqhhYXXwk
c:\users\Menesia\AppData\Roaming\O666sWWJ7fELgTq
c:\users\Menesia\AppData\Roaming\iiibbD33pn4aQ6s
c:\users\Menesia\AppData\Roaming\g8hjlzxvbmJ
c:\users\Menesia\AppData\Roaming\jPySiDoFaHW7LgZ
c:\users\Menesia\AppData\Roaming\K79lcbQRCN2afjz
c:\users\Menesia\AppData\Roaming\Jf9TqUeIrzO0SiF
c:\users\Menesia\AppData\Roaming\elcbQRCN2afjzv
c:\users\Menesia\AppData\Roaming\CHdZUt1bsKhUIrx
c:\users\Menesia\AppData\Roaming\IkrzOONyxA0u
c:\users\Menesia\AppData\Roaming\IVVVellOBtzPyc1
c:\users\Menesia\AppData\Roaming\GWLZXVtyvnm7g
c:\users\Menesia\AppData\Roaming\madRTYVN0ipasET
c:\users\Menesia\AppData\Roaming\i222iibD3pnGa
c:\users\Menesia\AppData\Roaming\mqqqhhYXwkUVlOt
c:\users\Menesia\AppData\Roaming\ckkIIVrrO
c:\users\Menesia\AppData\Roaming\oPPPNNyxA1uv2oF
c:\users\Menesia\AppData\Roaming\AUUCCelIIrzP
c:\users\Menesia\AppData\Roaming\A333onnG4am6sJ7
c:\users\Menesia\AppData\Roaming\Gd9XIzxb3Qd9TqY
c:\users\Menesia\AppData\Roaming\paKTUrxb6gVv3dg
c:\users\Menesia\AppData\Roaming\KBcFJhI14J
c:\users\Menesia\AppData\Roaming\cHEqwetPyAiD
c:\users\Menesia\AppData\Roaming\IdKgZhXjVlBP
c:\users\Menesia\AppData\Roaming\jOy3m7Zklzcvn
c:\users\Menesia\AppData\Roaming\jjCIrOtPuSiDn


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:22 PM

Posted 08 November 2011 - 09:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users