Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2nd Computer - Service Provider Suspects Malware on my Laptop(s)


  • This topic is locked This topic is locked
5 replies to this topic

#1 Daniel B.

Daniel B.

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 19 November 2011 - 02:24 PM

Hi Everyone.
Here are the files from the 2nd computer. If someone can check to see if there is malware in these files I would most appreciate it.
This is a 2nd part of a post and the first computer is in another post.
Regards,
Dan.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 24 November 2011 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428535 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Daniel B.

Daniel B.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 24 November 2011 - 06:30 PM

The issue still is not looked at.
I spoke to the service provider this morning and they syspect the DNSChanger is the malware, but couldn't give me any more information to go on.
I just had the other laptop checked today for this issue and provided all the logs, but now this is the 2nd on in question that my room mate owns.

Here are the logs you requested.


DDS LOG
=======
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Craig at 17:03:52 on 2011-11-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3836.2084 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iBryte\playbryte\iBryteDesktop.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\atibtmon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mDefault_Page_URL = hxxp://ca.yahoo.com/?fr=mkg029
mStart Page = hxxp://ca.yahoo.com/?fr=mkg029
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - C:\Program Files (x86)\alot\bin\alot.dll
TB: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
mRun: [autodetect] C:\windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
StartupFolder: C:\Users\Craig\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Craig\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Craig\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://mail1.timsown.com/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6639A626-550A-4B58-AA94-8478F2E51317} : DhcpNameServer = 100.100.0.101
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7}\23E24375966496 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7}\2454C4C4137333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7}\2454C4C4839333 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7}\84F44554C4F5354554E234144584542594E454 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7}\96755626 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D21A81E6-8833-4146-8C11-2EAF4B015DF7}\96D284F64756C6 : DhcpNameServer = 172.16.48.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: ALOT Toolbar Helper: {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll
BHO-X64: ALOT Toolbar Helper - No File
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: PlayBryte BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
TB-X64: ALOT Toolbar: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll
TB-X64: {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iBryte playbryte Desktop] C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe
mRun-x64: [autodetect] C:\windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\zs6dmf3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://ca.search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/?fr=mkg031
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Craig\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111123.030\IDSviA64.sys [2011-11-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-11-18 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-2 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-2 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\system32\drivers\massfilter.sys --> C:\windows\system32\drivers\massfilter.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\windows\system32\DRIVERS\ZTEusbnet.sys --> C:\windows\system32\DRIVERS\ZTEusbnet.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-24 21:59:58 -------- d-----w- C:\Users\Craig\AppData\Local\{B04E2442-47C7-4F0B-B3C9-A527DDC07B02}
2011-11-24 21:59:44 -------- d-----w- C:\Users\Craig\AppData\Local\{8631EA09-2A7D-435D-AA44-7B834C77C9CE}
2011-11-24 09:20:41 -------- d-----w- C:\Users\Craig\AppData\Local\{C233E739-B2EC-4678-9C14-A1FBD330343F}
2011-11-24 09:20:31 -------- d-----w- C:\Users\Craig\AppData\Local\{CD919254-F520-45DA-BBCD-3F8F5EDE342B}
2011-11-23 21:20:13 -------- d-----w- C:\Users\Craig\AppData\Local\{F34BE298-E7E8-4F29-99BA-E08BD84884FB}
2011-11-23 21:20:00 -------- d-----w- C:\Users\Craig\AppData\Local\{C4777A5E-EB91-42EB-9875-C523842036B5}
2011-11-22 21:29:22 -------- d-----w- C:\Users\Craig\AppData\Local\{87C2EED9-F16C-472F-9F87-A3A86F3DB8AD}
2011-11-22 21:29:11 -------- d-----w- C:\Users\Craig\AppData\Local\{773D893F-F331-4386-863D-870A99DD02B8}
2011-11-22 20:39:58 -------- d-----w- C:\Program Files (x86)\Hallmark
2011-11-22 09:28:56 -------- d-----w- C:\Users\Craig\AppData\Local\{E36CB4BB-6A65-4D27-872E-D99A49C3EB5B}
2011-11-22 09:28:37 -------- d-----w- C:\Users\Craig\AppData\Local\{F89FD24E-D54F-4D7D-AA5D-3CC8D135E48A}
2011-11-21 19:38:06 -------- d-----w- C:\Users\Craig\AppData\Local\{A096F1B9-4769-49F1-9744-29683F3E4ADE}
2011-11-21 19:37:55 -------- d-----w- C:\Users\Craig\AppData\Local\{C7F2F3C4-5D78-4903-AE38-DBD066F1E627}
2011-11-21 00:07:16 -------- d-----w- C:\Users\Craig\AppData\Local\{345A88BC-BBD8-438F-912C-B8BE173C85CF}
2011-11-21 00:07:04 -------- d-----w- C:\Users\Craig\AppData\Local\{719F8BEE-4803-4DCF-8115-B22675CDAFFC}
2011-11-20 09:24:15 -------- d-----w- C:\Users\Craig\AppData\Local\{0BD300ED-73B8-48D2-9D70-8E94E8B22AB9}
2011-11-20 09:24:11 -------- d-----w- C:\Users\Craig\AppData\Local\{D25F48DF-E4C8-4D78-B893-C608A2AA9154}
2011-11-19 20:42:46 -------- d-----w- C:\Users\Craig\AppData\Local\{5CB9460C-6F1B-4609-8496-76000E976602}
2011-11-19 08:16:34 -------- d-----w- C:\Users\Craig\AppData\Local\{4F3318E3-9EEE-4B73-BC58-70B7E93ECFF9}
2011-11-19 08:16:16 -------- d-----w- C:\Users\Craig\AppData\Local\{23424FDA-692F-4570-B24A-52314E50EC00}
2011-11-18 21:21:16 -------- d-----w- C:\windows\SysWow64\N360_BACKUP
2011-11-18 19:42:48 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2011-11-18 19:42:45 174200 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2011-11-18 19:42:45 -------- d-----w- C:\Program Files\Symantec
2011-11-18 19:42:45 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-11-18 19:41:19 912504 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\SymEFA64.sys
2011-11-18 19:41:19 744568 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-11-18 19:41:19 450680 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\SymDS64.sys
2011-11-18 19:41:19 40568 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-11-18 19:41:19 386168 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-11-18 19:41:19 171128 ----a-r- C:\windows\System32\drivers\N360x64\0501000.01D\Ironx64.sys
2011-11-18 19:41:06 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2011-11-18 19:41:06 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-11-18 19:40:22 -------- d-----w- C:\windows\System32\drivers\N360x64\0501000.01D
2011-11-18 19:40:22 -------- d-----w- C:\windows\System32\drivers\N360x64
2011-11-18 19:40:15 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-11-18 19:35:59 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54380914-9080-4D0D-8C92-AC9BF5C3B9FB}\mpengine.dll
2011-11-18 19:33:32 -------- d-----w- C:\ProgramData\PCSettings
2011-11-18 19:24:49 -------- d-----w- C:\Users\Craig\AppData\Local\{4AA00D20-9011-4E01-A37F-4331CB6D2875}
2011-11-18 19:24:38 -------- d-----w- C:\Users\Craig\AppData\Local\{7DE396DF-C6FB-4B48-8E14-740EEAAE232B}
2011-11-17 23:18:29 -------- d-----w- C:\Users\Craig\AppData\Local\{28D83950-2B30-47E5-AFEA-87F1D265D300}
2011-11-17 23:18:18 -------- d-----w- C:\Users\Craig\AppData\Local\{E2C730C1-0B8A-412B-B6AD-DA9EFAAAFE80}
2011-11-17 11:18:02 -------- d-----w- C:\Users\Craig\AppData\Local\{F99D2627-49ED-4B0B-8D95-3807A038C195}
2011-11-17 11:17:50 -------- d-----w- C:\Users\Craig\AppData\Local\{CD6B8738-187A-49E9-A1EF-D35C4C171DA6}
2011-11-16 23:17:35 -------- d-----w- C:\Users\Craig\AppData\Local\{EAE2F830-2347-4B5D-BC6E-0D8F0FD8BF88}
2011-11-16 23:17:22 -------- d-----w- C:\Users\Craig\AppData\Local\{28AC5F44-120E-4C51-A000-569A3341D4D3}
2011-11-16 11:17:09 -------- d-----w- C:\Users\Craig\AppData\Local\{5BDEB4AF-635A-4F5E-8DF2-4B6C59371994}
2011-11-16 11:16:58 -------- d-----w- C:\Users\Craig\AppData\Local\{577F6345-FE10-4B4C-9945-A15DE29342DC}
2011-11-15 19:49:20 -------- d-----w- C:\Users\Craig\AppData\Local\{CB06E687-277F-46DC-8264-773EAAC0E019}
2011-11-15 19:49:07 -------- d-----w- C:\Users\Craig\AppData\Local\{8B24EBC3-BF83-4FD4-9E7A-1647414D18C9}
2011-11-14 18:25:07 -------- d-----w- C:\Users\Craig\AppData\Local\{1FF34653-DBCC-42A8-8817-8C1820D786EE}
2011-11-14 18:24:55 -------- d-----w- C:\Users\Craig\AppData\Local\{A3EFC715-8A2A-4393-9FEA-800E52496BFD}
2011-11-13 21:17:10 -------- d-----w- C:\Users\Craig\AppData\Roaming\Blackberry Desktop
2011-11-13 14:50:33 -------- d-----w- C:\Users\Craig\AppData\Local\{D03801C1-3620-4162-9BDE-CB14032E2071}
2011-11-13 14:50:23 -------- d-----w- C:\Users\Craig\AppData\Local\{0884CCF5-EE35-4370-AEF8-D2F22C9EBFDD}
2011-11-13 02:19:00 -------- d-----w- C:\Users\Craig\AppData\Local\{88346401-7B6E-4141-A36B-068B864F2707}
2011-11-13 02:18:47 -------- d-----w- C:\Users\Craig\AppData\Local\{A860A20D-42DC-44A0-9F4F-992A782D21BA}
2011-11-12 09:19:43 -------- d-----w- C:\Users\Craig\AppData\Local\{278C8D10-056C-4F9E-9B95-0B7158B8F178}
2011-11-12 09:19:21 -------- d-----w- C:\Users\Craig\AppData\Local\{FE14E25E-FF47-4F41-8799-0E8242C6525C}
2011-11-11 19:24:21 -------- d-----w- C:\Users\Craig\AppData\Local\{762F6469-F10A-4FB0-8D1A-C29826FDC848}
2011-11-11 19:24:06 -------- d-----w- C:\Users\Craig\AppData\Local\{7D544ADF-6A72-476F-A5CD-CA7F5D2511CC}
2011-11-10 23:30:18 -------- d-----w- C:\Users\Craig\AppData\Local\{899884FA-F747-477E-904D-159EF9B3459F}
2011-11-10 23:30:08 -------- d-----w- C:\Users\Craig\AppData\Local\{9750BE6D-61AA-45A0-A1E2-60813AD83FF5}
2011-11-10 11:29:55 -------- d-----w- C:\Users\Craig\AppData\Local\{3E837A47-4146-49C5-A4CF-648E11CE87CC}
2011-11-10 11:29:45 -------- d-----w- C:\Users\Craig\AppData\Local\{A953068C-D6B3-4D73-85D0-E05E6714C6D7}
2011-11-09 18:02:13 -------- d-----w- C:\Users\Craig\AppData\Local\{7EB540D4-37E4-4D42-877C-4E086F68D4EA}
2011-11-09 18:01:58 -------- d-----w- C:\Users\Craig\AppData\Local\{9B5A1862-D303-47BF-A8CE-F7A213786033}
2011-11-08 20:47:02 -------- d-----w- C:\Users\Craig\AppData\Local\{FF2ECAD1-16A4-4CAC-AAFB-37583408CABC}
2011-11-08 20:46:51 -------- d-----w- C:\Users\Craig\AppData\Local\{2CBAAAFA-950A-44F1-9192-6DF299F4A2F7}
2011-11-08 19:28:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-08 19:28:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-08 19:28:01 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-11-08 19:28:00 3144704 ----a-w- C:\windows\System32\win32k.sys
2011-11-08 08:46:39 -------- d-----w- C:\Users\Craig\AppData\Local\{FD2FF385-195E-4C50-9144-A6A939F0058F}
2011-11-08 08:46:28 -------- d-----w- C:\Users\Craig\AppData\Local\{6684F21B-2D2B-4C4C-8061-DE42157CA777}
2011-11-07 20:33:45 -------- d-----w- C:\Users\Craig\AppData\Local\{B3610D55-32D0-48A6-A6E1-737D1081D863}
2011-11-07 20:33:34 -------- d-----w- C:\Users\Craig\AppData\Local\{C1A55D46-6464-4D8E-8006-049622542FE1}
2011-11-07 00:17:07 -------- d-----w- C:\Users\Craig\AppData\Local\{14F2565C-880A-4FB1-99D4-3D3416E9DD79}
2011-11-07 00:16:56 -------- d-----w- C:\Users\Craig\AppData\Local\{E5BBF1AC-6191-4F94-997C-BBCE75338FFE}
2011-11-06 12:08:50 -------- d-----w- C:\Users\Craig\AppData\Local\{E62A92EE-A408-445B-BEC2-578043DD6DE3}
2011-11-06 12:08:39 -------- d-----w- C:\Users\Craig\AppData\Local\{AFE60E82-805A-4DB0-A4BD-EED36D4B3519}
2011-11-05 22:26:34 -------- d-----w- C:\Users\Craig\AppData\Local\{4618CFC4-61BC-4449-9577-F7F60EE7787D}
2011-11-05 22:26:23 -------- d-----w- C:\Users\Craig\AppData\Local\{BBEBDB27-B5EE-452E-8426-B02FD522E25C}
2011-11-05 21:24:56 -------- d-----w- C:\Users\Craig\AppData\Local\Research In Motion
2011-11-05 21:24:54 -------- d-----w- C:\Users\Craig\AppData\Roaming\Research In Motion
2011-11-05 21:24:05 31744 ----a-w- C:\windows\System32\drivers\RimSerial_AMD64.sys
2011-11-05 21:23:38 -------- d-----w- C:\ProgramData\Research In Motion
2011-11-05 21:23:26 -------- d-----w- C:\Program Files (x86)\Research In Motion
2011-11-05 21:23:26 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2011-11-05 10:26:10 -------- d-----w- C:\Users\Craig\AppData\Local\{372AF92E-FC2C-4148-B620-6E58DB2F2C0F}
2011-11-05 10:25:59 -------- d-----w- C:\Users\Craig\AppData\Local\{C7EA9755-6A3C-4B2C-88F4-E13DCE3D05A3}
2011-11-04 21:40:19 -------- d-----w- C:\Users\Craig\AppData\Local\{55729D88-B754-41AE-9822-6D2290CE5C9A}
2011-11-04 21:40:07 -------- d-----w- C:\Users\Craig\AppData\Local\{E15FCD36-8C64-4A28-91B4-43B82ECDF069}
2011-11-04 01:28:16 -------- d-----w- C:\Users\Craig\AppData\Local\{D60CCAC4-C551-460F-8D4C-AA6BAF51F880}
2011-11-04 01:28:05 -------- d-----w- C:\Users\Craig\AppData\Local\{E954E9BB-6716-40CE-BC04-F19BE468FC07}
2011-11-03 19:48:09 -------- d-----w- C:\Users\Craig\AppData\Local\Yahoo!
2011-11-03 19:45:37 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-11-03 14:14:11 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-11-03 14:04:01 -------- d-----w- C:\ProgramData\Ask
2011-11-03 14:03:28 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-11-03 13:27:52 -------- d-----w- C:\Users\Craig\AppData\Local\{6E6983BC-D319-4C65-8EC1-BE2C7579C213}
2011-11-03 13:27:41 -------- d-----w- C:\Users\Craig\AppData\Local\{21119A6E-4BB4-49DE-971A-02AEFC9B8C4B}
2011-11-02 21:39:20 -------- d-----w- C:\Users\Craig\AppData\Local\{7BC0D412-66E9-4200-8774-1235110BBB7D}
2011-11-02 21:39:03 -------- d-----w- C:\Users\Craig\AppData\Local\{A020F1A2-1E36-41F8-87C4-87FFEC4E5A75}
2011-11-01 23:17:59 -------- d-----w- C:\Users\Craig\AppData\Local\{6947B91A-90B3-4FD9-8949-51B3418D6340}
2011-11-01 23:17:48 -------- d-----w- C:\Users\Craig\AppData\Local\{AB135BB8-659C-4E21-8345-373961157A57}
2011-11-01 11:17:35 -------- d-----w- C:\Users\Craig\AppData\Local\{3006EA85-7C9B-46B1-B4F5-CEFBED130DCB}
2011-11-01 11:17:24 -------- d-----w- C:\Users\Craig\AppData\Local\{90347CFD-8F00-4A3F-AFCF-52864D2C9C67}
2011-10-31 17:26:07 -------- d-----w- C:\Users\Craig\AppData\Local\{40BFF330-E352-4659-8151-E9D428172547}
2011-10-31 17:25:55 -------- d-----w- C:\Users\Craig\AppData\Local\{74A33FDF-3B82-482B-91DF-EE5DAF0AEFBC}
2011-10-30 13:37:17 -------- d-----w- C:\Users\Craig\AppData\Local\{D59CEB0D-DA72-45EB-B08F-E9E8E255D441}
2011-10-30 13:37:07 -------- d-----w- C:\Users\Craig\AppData\Local\{FB983CF0-8D6E-43E8-8042-4E0F8D0790E3}
2011-10-30 00:18:07 -------- d-----w- C:\Users\Craig\AppData\Local\{5443E22E-AD34-4011-8BC9-E44EC0FD494E}
2011-10-30 00:17:56 -------- d-----w- C:\Users\Craig\AppData\Local\{AE500B8D-1567-4B47-80C0-557FAB9B2459}
2011-10-29 12:17:43 -------- d-----w- C:\Users\Craig\AppData\Local\{4E5B2708-26D8-4B6F-9E63-DFE76F7587CB}
2011-10-29 12:17:31 -------- d-----w- C:\Users\Craig\AppData\Local\{32B5D811-0C13-4C02-B1B3-76CC1CAD6024}
2011-10-28 23:25:27 -------- d-----w- C:\Users\Craig\AppData\Local\{1A3E895D-4CD5-43AE-8918-D1AE820239DE}
2011-10-28 23:25:16 -------- d-----w- C:\Users\Craig\AppData\Local\{5116B738-5BFB-46A0-B4E6-9D63266ED1D9}
2011-10-28 11:25:04 -------- d-----w- C:\Users\Craig\AppData\Local\{7E944321-7E3C-400B-94F0-AD4C72151AE7}
2011-10-28 11:24:53 -------- d-----w- C:\Users\Craig\AppData\Local\{60FC1D16-5EF9-4FAC-9718-BC6B095FD36B}
2011-10-27 15:51:11 -------- d-----w- C:\Users\Craig\AppData\Local\{617E40FF-5EAD-4DB4-B247-06304E06C5B5}
2011-10-27 15:51:01 -------- d-----w- C:\Users\Craig\AppData\Local\{1C38BC2B-7367-44D4-8145-8139B4012914}
2011-10-26 20:30:24 -------- d-----w- C:\Users\Craig\AppData\Local\{E87BDA7F-FEFD-4278-8077-E01C45D83F91}
2011-10-26 20:30:10 -------- d-----w- C:\Users\Craig\AppData\Local\{2DC8E8E4-55C5-4D29-ABBC-F9BC46560C43}
2011-10-26 00:44:39 -------- d-----w- C:\Users\Craig\AppData\Local\{9B2A3ACB-D478-41EE-92E3-536EB05B2072}
2011-10-26 00:44:28 -------- d-----w- C:\Users\Craig\AppData\Local\{6DE19395-D351-43D8-92CD-C4D24A2E2E20}
.
==================== Find3M ====================
.
2011-11-18 19:41:52 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-07 00:08:23 505 ----a-w- C:\Program Files (x86)\09201117082304.bat
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37:49 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-14 17:01:19 480 ----a-w- C:\Program Files (x86)\08201110011903.bat
.
============= FINISH: 17:05:08.73 ===============



ATTACHE LOG
===========
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03/01/2011 4:42:39 AM
System Uptime: 23/11/2011 9:29:31 AM (32 hours ago)
.
Motherboard: TOSHIBA | | NDU11
Processor: AMD Athlon™ II Neo K325 Dual-Core Processor | Socket M2/S1G1 | 1300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 268 GiB total, 225.709 GiB free.
D: is FIXED (FAT) - 0 GiB total, 0.396 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP75: 03/11/2011 10:02:14 AM - Installed Java™ 6 Update 29
RP76: 03/11/2011 10:03:34 AM - Installed Java Runtime Environment
RP77: 05/11/2011 5:22:24 PM - Installed BlackBerry Desktop Software.
RP78: 08/11/2011 2:25:12 PM - Windows Update
RP79: 09/11/2011 4:24:57 AM - Windows Update
RP80: 09/11/2011 12:39:25 PM - Windows Modules Installer
RP81: 12/11/2011 4:19:10 AM - Windows Update
RP82: 15/11/2011 2:59:51 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
ALOT Toolbar
Amazon Kindle For PC v1.1
Ask Toolbar
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
BlackBerry Desktop Software 6.1
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
D3DX10
Dropbox
Escape The Emerald Star
FATE
GamesBar 2.0.1.82
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 29
Jewel Quest - Heritage
JMicron Flash Media Controller Driver
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Live Meeting 2007
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0.2 (x86 en-GB)
MSVCRT
MSVCRT_amd64
Norton 360
Plants vs. Zombies
PlayBryte
PokerStars.net
Polar Bowler
PriceGong 2.5.0
Realtek Ethernet Controller Driver For Windows 7
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Rogers Connection Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Toolbars
Skype™ 4.2
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update Installer for WildTangent Games App
Utility Common Driver
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.5
Wedding Salon
Wheel of Fortune 2
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizard of Oz
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
24/11/2011 5:01:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
24/11/2011 5:00:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
23/11/2011 7:39:46 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
22/11/2011 7:49:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D21A81E6-8833-4146-8C11-2EAF4B015DF7}. The master browser is stopping or an election is being forced.
19/11/2011 3:15:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
18/11/2011 4:15:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
18/11/2011 2:39:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
.
==== End Of File ===========================



GMER LOG
========
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-24 18:12:37
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@700ccdfb0e107b823186d0bf34422c8b\r\n 0xC1 0x2C 0xEE 0xC4 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@7bfc39e0fb6f2e92b00f1b4cef7643a7\r\n 0x10 0x32 0x54 0xF6 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@9dd079bfcc9fcd79cf9bc30749637dad\r\n 0x70 0x53 0x8C 0x1A ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@04ef10d7279be2c7700247b1fcff89fc\r\n 0x84 0x01 0xD4 0x7B ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@5993714d76e8effaea5e98957ac7a46a\r\n 0x0B 0xB6 0x60 0x8B ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@39bc2614ea50a8aa6e7f40cfaaa17eb4\r\n 0xF3 0x6A 0xE2 0x99 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@9a8c8d712a671b8ba4b8bab2046ba1fb\r\n 0xBD 0x9A 0x78 0xD6 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@569d833f16f988f4c14cc8b08c664e38\r\n 0x5E 0x58 0xFD 0x4C ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@0021c4c7deca04b04b2822cace0ab47f\r\n 0x5C 0x9A 0x83 0x97 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@1abb7c51cc682b3e6e44fd561668c935\r\n 0x0E 0x69 0x19 0x1F ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@9f64e43ebee13560f11216d67d4569e9\r\n 0x10 0x32 0x54 0x76 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@9b4f1bec800e9379704a98c1aaec425b\r\n 0xAA 0xB5 0x6B 0xCC ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@28e118c5a1359ccf1276a73f7a05960c\r\n 0xF8 0xDB 0x14 0x23 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@edd15ae205602ed95d724a04c5dc1308\r\n 0xFD 0x4C 0x47 0xEC ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@c9ad6bd7b0350652915687910742305f\r\n 0xCE 0xAB 0x89 0x67 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@0da8fb56d6acd280607cccc0451cf9cd\r\n 0xBB 0xDC 0xFE 0xA0 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@063ecb352ef669e8364e87aed23cac69\r\n 0xE1 0x7A 0x14 0xEE ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@2f845eb38504b95dd92b4f3bcc866740\r\n 0x9F 0x0A 0xCC 0xE2 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@6b5408b94f6d11982231a98b4af5b6d2\r\n 0x55 0x60 0x16 0x37 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\mlseguy@hotmail.com@27e238b207642755a16ea32559f3c431\r\n 0x65 0x87 0xA9 0x0B ...

---- EOF - GMER 1.0.15 ----


Thanking you in advance,
Dan.

#4 Daniel B.

Daniel B.
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 24 November 2011 - 06:33 PM

Sorry, I fogot to add in the thread link from the first computer I had checked just in case you need to cross reference that.
http://www.bleepingcomputer.com/forums/topic428486.html/page__pid__2485720#entry2485720

Please remember, this is the 2nd laptop that resides in this house.
Thanks
Dan.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 PM

Posted 26 November 2011 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the logs for my review.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:34 PM

Posted 01 December 2011 - 09:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users