Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tidserv Virus/Trojen/Rootkit?


  • This topic is locked This topic is locked
14 replies to this topic

#1 RFTFTFTF1

RFTFTFTF1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 26 November 2011 - 09:36 PM

Hello, my Norton Anti-Virus has been blocking possible incoming attacks I guess? O.o So has my malwarebytes. Both of the say they are coming from Firefox.exe and svchost.exe . Before it was coming from PING.exe which I could end the process but it would come back. So I went into safe mood, opened up Notepad ++ and as stupid as I am I basically just took my face and bashed it into the keyboard till the script was all messed up. Thinking I was crafty and fixed it I re-booted my comp and everything seemed fine. The only issue is it seems to be running a little slow, I've scanned it 10+ times, it finds NOTHING. I've done this with many different anit-viruses. I've followed the Norton fix and it also finds nothing. I would just re-install my drivers, but I do not own a Vista 64bit Disc or have one on me at the moment. This might just be me being a hypochondriac and Norton being bugged? I don't know. This isn't the best computer in the world, but it gets the job done. The Psychical Memory can range from 60% to 75% with firefox, windows messenger, and World Of Warcraft and all of the other basic stuff that is running..
Anyway, this has become an increasing problem and I'd like to get it fixed! Just tell me what to do and I'll gladly follow it to the best of my ability! Thank you and hope to hear back from you soon!:D

Edited by RFTFTFTF1, 26 November 2011 - 09:38 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:27 AM

Posted 27 November 2011 - 02:13 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 27 November 2011 - 08:29 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_20
Run by Lisa at 19:04:02 on 2011-11-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1607 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Quest Software\Toad for Data Analysts Trial 2.6\SQLLIB\BIN\db2mgmtsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mond-wow.com/
uURLSearchHooks: H - No File
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Drop Down Deals\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpqSRMon]
mRun: [SKE]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: pcapwsp.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{46AB288B-B8E3-4A9D-86C2-A90130439DB5} : NameServer = 10.31.48.1
TCP: Interfaces\{B0329704-2F9F-41CD-BA26-6E556290D383} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Drop Down Deals\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpqSRMon]
mRun-x64: [BootSkin Startup Jobs] "C:\PROGRA~2\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
mRun-x64: [SKE]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Tab Scope: tabscope@xuldev.org - %profile%\extensions\tabscope@xuldev.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Hotspot Shield Community Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - %profile%\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF - Ext: XUL Cache: {eb1ce0f6-8892-41e0-838f-826c0fb705c2} - %profile%\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_0_8
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSviA64.sys [2011-11-24 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]
R2 DB2MGMTSVC_TAEVAL26;DB2 Management Service (TAEVAL26);C:\Program Files (x86)\Quest Software\Toad for Data Analysts Trial 2.6\SQLLIB\BIN\db2mgmtsvc.exe [2009-12-17 37736]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-11-26 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-26 138360]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 firewallanalyzer;ManageEngine Firewall Analyzer 7.0;C:\ManageEngine\Firewall\bin\wrapper.exe -s C:\ManageEngine\Firewall\bin\\..\server\default\conf\wrapper.conf --> C:\ManageEngine\Firewall\bin\wrapper.exe -s C:\ManageEngine\Firewall\bin\\..\server\default\conf\wrapper.conf [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2011-11-25 312152]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-8-28 366152]
S2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2011-3-13 1180672]
S2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-2-11 172328]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;C:\Windows\system32\DRIVERS\AN983X64.sys --> C:\Windows\system32\DRIVERS\AN983X64.sys [?]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrxusb.sys --> C:\Windows\system32\DRIVERS\athrxusb.sys [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-24 89920]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-8-2 32512]
S3 pbfilter;pbfilter;C:\PeerBlock\pbfilter.sys [2010-3-28 19544]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS\Ph3xIB64.sys [?]
S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
SUnknown WPFFontCache_v0400;WPFFontCache_v0400; [x]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-27 20:58:39 -------- d-----w- C:\Users\Lisa\AppData\Local\{66146206-5535-42FD-9AA5-9A1623EA5EDE}
2011-11-27 20:58:25 -------- d-----w- C:\Users\Lisa\AppData\Local\{81583EA5-4DB7-4A32-9AE8-EBDD16BC46A7}
2011-11-27 08:58:08 -------- d-----w- C:\Users\Lisa\AppData\Local\{8883ABF5-9EE8-4A4F-89B6-C59EF93B1A1A}
2011-11-27 08:57:54 -------- d-----w- C:\Users\Lisa\AppData\Local\{1D37F0E8-D8E0-4C68-A415-DB8AEC9B41D3}
2011-11-27 01:45:10 -------- d-----w- C:\Users\Lisa\AppData\Local\Solid State Networks
2011-11-26 20:57:32 -------- d-----w- C:\Users\Lisa\AppData\Local\{3241C063-C139-42EC-B657-6F044B8B7F00}
2011-11-26 08:57:06 -------- d-----w- C:\Users\Lisa\AppData\Local\{7621A21B-AE3C-4422-AB67-6ED3FC8F2A85}
2011-11-26 08:56:48 -------- d-----w- C:\Users\Lisa\AppData\Local\{4B645C6A-F5F2-43EF-AA8B-9BECE80A8998}
2011-11-26 06:31:40 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
2011-11-26 06:31:40 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
2011-11-26 06:31:40 432760 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symtdiv.sys
2011-11-26 06:31:40 382584 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
2011-11-26 06:31:39 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
2011-11-26 06:31:39 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
2011-11-26 06:31:39 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
2011-11-26 06:31:13 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
2011-11-26 02:27:59 -------- d-----w- C:\Users\Lisa\AppData\Roaming\IObit
2011-11-26 02:27:56 -------- d-----w- C:\ProgramData\IObit
2011-11-26 02:27:54 -------- d-----w- C:\Program Files (x86)\IObit
2011-11-26 00:02:39 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBA330DC-C681-407E-8532-2EFC4CD7D83F}\offreg.dll
2011-11-26 00:01:01 35 ----a-w- C:\Windows\SysWow64\PING.EXE
2011-11-25 23:27:31 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-11-25 23:27:28 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-11-25 23:27:28 -------- d-----w- C:\Program Files\Symantec
2011-11-25 23:27:28 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-11-25 23:26:48 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-11-25 23:26:48 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-11-25 23:25:46 -------- d-----w- C:\Windows\System32\drivers\N360x64
2011-11-25 23:25:41 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-11-25 23:18:14 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-11-25 20:56:30 -------- d-----w- C:\Users\Lisa\AppData\Local\{7AD3499C-5C0A-4C85-8A05-7C1A186CB1E1}
2011-11-25 20:56:17 -------- d-----w- C:\Users\Lisa\AppData\Local\{2461AD2D-6FFF-4139-95A3-38C024A619B9}
2011-11-25 10:21:08 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBA330DC-C681-407E-8532-2EFC4CD7D83F}\mpengine.dll
2011-11-25 08:56:00 -------- d-----w- C:\Users\Lisa\AppData\Local\{38194EDB-5BCD-4CC5-BA0E-97EA25AB2452}
2011-11-25 08:55:45 -------- d-----w- C:\Users\Lisa\AppData\Local\{B7B5C67B-E3BF-4BE3-9C18-E2D208A63656}
2011-11-25 04:54:03 -------- d-----w- C:\Program Files (x86)\EBC76
2011-11-25 04:53:20 -------- d-----w- C:\Users\Lisa\AppData\Roaming\303EB
2011-11-25 04:53:16 -------- d-----w- C:\Program Files (x86)\LP
2011-11-25 04:53:03 -------- d-----w- C:\Users\Lisa\AppData\Roaming\ExAAA1uvS2ob3
2011-11-25 04:53:02 -------- d-----w- C:\Users\Lisa\AppData\Roaming\cIIIBrzzP
2011-11-25 04:52:57 -------- d-----w- C:\Users\Lisa\AppData\Roaming\leellIBBt
2011-11-25 04:52:56 -------- d-----w- C:\Users\Lisa\AppData\Roaming\rrrrlOOBtxP0cSi
2011-11-25 04:52:56 -------- d-----w- C:\Users\Lisa\AppData\Roaming\GH55ssWJ7dELgRq
2011-11-25 04:52:50 -------- d-----w- C:\Users\Lisa\AppData\Roaming\lccSS1ibb
2011-11-25 04:52:49 -------- d-----w- C:\Users\Lisa\AppData\Roaming\nL99ggTXqjYCeIr
2011-11-25 04:48:53 -------- d-----we C:\Windows\system64
2011-11-24 20:53:35 -------- d-----w- C:\Users\Lisa\AppData\Local\{825F4F1C-D0F2-48A1-8A61-AD12B223B48F}
2011-11-24 08:51:27 -------- d-----w- C:\Users\Lisa\AppData\Local\{34CEC397-85C3-4E9B-AC99-E613B1366AEE}
2011-11-23 20:51:07 -------- d-----w- C:\Users\Lisa\AppData\Local\{658FC31D-A0E0-4CDC-8D33-04F02542262F}
2011-11-23 08:50:48 -------- d-----w- C:\Users\Lisa\AppData\Local\{F316C8A3-FD96-4C1F-8975-BCC6BEE24163}
2011-11-22 20:50:30 -------- d-----w- C:\Users\Lisa\AppData\Local\{78E0301B-2FDB-4B73-8622-1895A85C46AB}
2011-11-22 08:50:10 -------- d-----w- C:\Users\Lisa\AppData\Local\{D3EFC643-EF9A-44CC-BE1F-BCBF90749F1A}
2011-11-21 20:49:52 -------- d-----w- C:\Users\Lisa\AppData\Local\{2A1F2BE8-932F-4034-892C-8151D26F999F}
2011-11-21 08:49:32 -------- d-----w- C:\Users\Lisa\AppData\Local\{564F6732-50DA-43E1-A839-F4C73B2E5DCE}
2011-11-20 20:49:12 -------- d-----w- C:\Users\Lisa\AppData\Local\{294BF62C-CA3F-4A9F-AE3F-55CEAE871F44}
2011-11-20 08:48:51 -------- d-----w- C:\Users\Lisa\AppData\Local\{04BDE335-207F-46F3-90D9-F1AE5F308808}
2011-11-19 20:48:31 -------- d-----w- C:\Users\Lisa\AppData\Local\{5113B49E-5039-4EC5-A95C-3F25DBB4A554}
2011-11-19 08:48:11 -------- d-----w- C:\Users\Lisa\AppData\Local\{AA0EF2CC-73C5-410C-8A29-620820C54C84}
2011-11-18 20:47:52 -------- d-----w- C:\Users\Lisa\AppData\Local\{3B924822-DBAC-41A5-A16B-B67BC1908729}
2011-11-18 08:47:32 -------- d-----w- C:\Users\Lisa\AppData\Local\{D1677691-A3A0-48BF-9586-45759A013D77}
2011-11-17 20:47:11 -------- d-----w- C:\Users\Lisa\AppData\Local\{265F12DF-E2C1-4F6D-9EE9-6227838CA99D}
2011-11-17 08:46:53 -------- d-----w- C:\Users\Lisa\AppData\Local\{6C9FC06B-9529-424F-BEE4-098200592C2D}
2011-11-16 20:46:33 -------- d-----w- C:\Users\Lisa\AppData\Local\{75D8F20C-D096-4C99-BA66-1C4ACA914496}
2011-11-16 08:46:16 -------- d-----w- C:\Users\Lisa\AppData\Local\{B3F68CCB-6880-4890-950E-DC30896FE9B4}
2011-11-16 08:46:03 -------- d-----w- C:\Users\Lisa\AppData\Local\{9EA27B60-C7D5-4C7B-A21F-911F0E1452E4}
2011-11-15 21:21:01 -------- d-----w- C:\Users\Lisa\AppData\Local\Logitech
2011-11-15 20:45:48 -------- d-----w- C:\Users\Lisa\AppData\Local\{BE54AEE7-A6E3-49D8-A4B2-05643AE4FD43}
2011-11-15 08:45:31 -------- d-----w- C:\Users\Lisa\AppData\Local\{C51FA96C-5C01-4AAC-B29E-CD3A2CD3EE2B}
2011-11-15 08:45:17 -------- d-----w- C:\Users\Lisa\AppData\Local\{CF816C6D-D73D-4EE8-8C48-1DF2D83A5FD8}
2011-11-14 20:45:01 -------- d-----w- C:\Users\Lisa\AppData\Local\{CBD70944-5720-4BD2-B411-9C22B0CA5A9A}
2011-11-14 08:44:44 -------- d-----w- C:\Users\Lisa\AppData\Local\{C0BD4CFA-31D5-4D02-9959-4623B46978FA}
2011-11-13 20:44:26 -------- d-----w- C:\Users\Lisa\AppData\Local\{C9975F93-2BB8-4117-9A13-B021E5A8CE55}
2011-11-13 20:44:13 -------- d-----w- C:\Users\Lisa\AppData\Local\{9E01BAA7-186D-40EE-8348-8F5A9BD32B7F}
2011-11-13 08:43:56 -------- d-----w- C:\Users\Lisa\AppData\Local\{45F48A32-16EA-49B2-A1C3-DF14B5709331}
2011-11-12 20:43:35 -------- d-----w- C:\Users\Lisa\AppData\Local\{8BB1C7FD-6DC6-42AC-A544-441CD057896D}
2011-11-12 08:43:13 -------- d-----w- C:\Users\Lisa\AppData\Local\{A68FFACE-C013-4C53-AD4E-24E1DFCEA5E8}
2011-11-12 08:42:58 -------- d-----w- C:\Users\Lisa\AppData\Local\{31B7B10A-B32D-458E-97EE-8F0BADADB60E}
2011-11-12 01:13:34 -------- d-----w- C:\Windows\pss
2011-11-11 20:42:41 -------- d-----w- C:\Users\Lisa\AppData\Local\{6C6F302E-3902-4558-8632-6C00B2479069}
2011-11-11 20:42:27 -------- d-----w- C:\Users\Lisa\AppData\Local\{BA5C015B-29C9-4518-9CF7-5EA61CD9D8A3}
2011-11-11 08:42:23 -------- d-----w- C:\Users\Lisa\AppData\Local\{EFCDE5AB-E703-4C10-99EA-D3A15C374C6E}
2011-11-10 20:42:05 -------- d-----w- C:\Users\Lisa\AppData\Local\{6173DD2F-B458-41D0-9A27-B8E2CFC754C1}
2011-11-10 08:41:47 -------- d-----w- C:\Users\Lisa\AppData\Local\{61B0ADE1-10C6-4904-9C72-329FC6C267F7}
2011-11-09 20:41:29 -------- d-----w- C:\Users\Lisa\AppData\Local\{E0DAB8DA-B813-4AAB-BD80-87AF8A01A1BB}
2011-11-09 20:41:16 -------- d-----w- C:\Users\Lisa\AppData\Local\{4A4EA1F2-BDCE-4201-B83A-8B908DA5FC53}
2011-11-09 08:28:47 -------- d-----w- C:\Users\Lisa\AppData\Local\{E294603D-733F-43A6-B5E8-72C2EC18C471}
2011-11-09 08:28:33 -------- d-----w- C:\Users\Lisa\AppData\Local\{0D7C1625-685C-4C22-87CE-F0860B184302}
2011-11-09 00:59:07 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 00:59:04 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-09 00:59:04 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 00:59:03 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 00:59:02 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 00:59:02 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-08 20:28:28 -------- d-----w- C:\Users\Lisa\AppData\Local\{9789FEFA-3C0E-456A-A65A-16B9FDCD7330}
2011-11-08 20:28:14 -------- d-----w- C:\Users\Lisa\AppData\Local\{FB08C9ED-0595-41E4-B299-15F8E62226A8}
2011-11-08 08:28:08 -------- d-----w- C:\Users\Lisa\AppData\Local\{2FA78801-F599-48DD-8DC3-865795F91BD7}
2011-11-07 20:27:50 -------- d-----w- C:\Users\Lisa\AppData\Local\{F0485505-06A5-411B-9AD3-DE8E3F17655F}
2011-11-07 08:27:32 -------- d-----w- C:\Users\Lisa\AppData\Local\{CC43485B-D63A-44B1-BD80-DB5B839C5A18}
2011-11-06 20:27:11 -------- d-----w- C:\Users\Lisa\AppData\Local\{06D1D74D-8F4E-4C69-A250-3B9DE0747BF7}
2011-11-06 08:26:49 -------- d-----w- C:\Users\Lisa\AppData\Local\{7B73D5B3-4B55-48DD-8C6F-586B75D83BFB}
2011-11-05 20:26:30 -------- d-----w- C:\Users\Lisa\AppData\Local\{02B1945C-C336-4BB6-8ED7-12999BAC7E42}
2011-11-05 20:26:21 -------- d-----w- C:\Users\Lisa\AppData\Local\{2AB0B099-59D6-4CF6-AB32-046B3C4A8E3B}
2011-11-04 20:05:59 -------- d-----w- C:\Users\Lisa\AppData\Local\{E0C2ECB3-F297-488E-B246-08E3306C79D6}
2011-11-04 20:05:43 -------- d-----w- C:\Users\Lisa\AppData\Local\{3D601970-63D8-4E80-A5F7-8C70C7D71FAA}
2011-11-04 08:05:38 -------- d-----w- C:\Users\Lisa\AppData\Local\{5A81AC23-F2AC-4AAA-8F22-E12F5EAB9CF8}
2011-11-04 08:05:23 -------- d-----w- C:\Users\Lisa\AppData\Local\{F8881262-2936-473C-BC82-976D1BC19A5E}
2011-11-03 20:05:19 -------- d-----w- C:\Users\Lisa\AppData\Local\{0189B438-FDC1-4A70-B333-76780F3D6752}
2011-11-03 20:05:04 -------- d-----w- C:\Users\Lisa\AppData\Local\{3E69C368-1E10-49C6-8FD8-E6437EFBC028}
2011-11-03 08:04:59 -------- d-----w- C:\Users\Lisa\AppData\Local\{69C37E20-581D-488F-8424-8887FF68C372}
2011-11-03 08:04:44 -------- d-----w- C:\Users\Lisa\AppData\Local\{00C6B3F6-242F-47FA-B8C9-CBAB02318F24}
2011-11-02 20:04:39 -------- d-----w- C:\Users\Lisa\AppData\Local\{B703AF73-6FA1-470C-8C07-B4ECEF2DA08E}
2011-11-02 20:04:24 -------- d-----w- C:\Users\Lisa\AppData\Local\{CA5C049E-F6FD-4ADE-9C91-371EFC694568}
2011-11-02 08:04:20 -------- d-----w- C:\Users\Lisa\AppData\Local\{8FA7DC1E-9177-45BF-9760-6F92141B19FA}
2011-11-02 08:04:04 -------- d-----w- C:\Users\Lisa\AppData\Local\{33F7E145-BC0A-4017-80A0-0116B4313F26}
2011-11-01 20:04:00 -------- d-----w- C:\Users\Lisa\AppData\Local\{362FE80E-EA72-48FB-B0A4-C13F51D27606}
2011-11-01 20:03:46 -------- d-----w- C:\Users\Lisa\AppData\Local\{BD7EE1F4-51AE-4341-8E79-DDFA0A376DF0}
2011-11-01 19:26:58 -------- d-----w- C:\Users\Lisa\AppData\Local\Apple Computer
2011-11-01 08:03:41 -------- d-----w- C:\Users\Lisa\AppData\Local\{274D325D-C8C5-411F-844D-74481560FFA4}
2011-11-01 08:03:26 -------- d-----w- C:\Users\Lisa\AppData\Local\{2E1575D4-6C5E-4B2F-A461-B885EAFFFC7C}
2011-10-31 20:03:22 -------- d-----w- C:\Users\Lisa\AppData\Local\{07100FC7-A08A-4B21-A734-4BD63D40B8B2}
2011-10-31 20:03:08 -------- d-----w- C:\Users\Lisa\AppData\Local\{263A6F3A-40D0-4C1F-B09D-E5E79B443D15}
2011-10-31 08:03:04 -------- d-----w- C:\Users\Lisa\AppData\Local\{98BD0ED0-7F8D-42FC-97BD-569DC3C273BC}
2011-10-31 08:02:49 -------- d-----w- C:\Users\Lisa\AppData\Local\{3011C512-A848-41A2-A4D8-5C4A0993F043}
2011-10-30 20:02:44 -------- d-----w- C:\Users\Lisa\AppData\Local\{47C5F560-F9E8-4F01-8D2D-2D4F66EE4E4B}
2011-10-30 20:02:30 -------- d-----w- C:\Users\Lisa\AppData\Local\{E6F1A58F-5BC3-4465-9596-FE480896CD82}
2011-10-30 08:02:26 -------- d-----w- C:\Users\Lisa\AppData\Local\{07E6A9F2-6184-4661-BDFE-8DF5F60AAC46}
2011-10-30 08:02:11 -------- d-----w- C:\Users\Lisa\AppData\Local\{2194B6F1-E079-47BA-A484-D3977F61B2A3}
2011-10-29 20:02:07 -------- d-----w- C:\Users\Lisa\AppData\Local\{2A78F949-6C7A-4BED-A844-C0BA44662371}
2011-10-29 20:01:52 -------- d-----w- C:\Users\Lisa\AppData\Local\{C52B4119-F6EE-477C-81EC-CB02EDBFA31C}
2011-10-29 08:01:47 -------- d-----w- C:\Users\Lisa\AppData\Local\{0AD049FE-C326-4F20-B6F0-7C1C26E7ECFE}
2011-10-29 08:01:32 -------- d-----w- C:\Users\Lisa\AppData\Local\{EC2BE451-F93F-4197-8A19-B20957082142}
.
==================== Find3M ====================
.
2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec
2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 23:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:05:21.17 ===============

Edited by RFTFTFTF1, 27 November 2011 - 08:30 PM.


#4 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 27 November 2011 - 08:31 PM

a.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/23/2010 6:56:43 PM
System Uptime: 11/27/2011 12:11:03 PM (7 hours ago)
.
Motherboard: Acer | | F690GVM
Processor: AMD Phenom™ 9500 Quad-Core Processor | Socket AM2 | 2200/231mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 211.547 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: RADEON X600 Series Secondary (Microsoft Corporation - WDDM)
Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&293A8DB9&0&0110
Manufacturer: ATI Technologies Inc.
Name: RADEON X600 Series Secondary (Microsoft Corporation - WDDM)
PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&293A8DB9&0&0110
Service: R300
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&2B8E0B4B&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&2B8E0B4B&0
Service: i8042prt
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ADS Instant HDTV PCI
Device ID: ROOT\MEDIA\0000
Manufacturer: ADS Technologies
Name: ADS Instant HDTV PCI
PNP Device ID: ROOT\MEDIA\0000
Service: Ph3xIB64
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ADS Instant HDTV PCI
Device ID: ROOT\MEDIA\0001
Manufacturer: ADS Technologies
Name: ADS Instant HDTV PCI
PNP Device ID: ROOT\MEDIA\0001
Service: Ph3xIB64
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ADS Instant HDTV PCI
Device ID: ROOT\MEDIA\0002
Manufacturer: ADS Technologies
Name: ADS Instant HDTV PCI
PNP Device ID: ROOT\MEDIA\0002
Service: Ph3xIB64
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Audacity 1.2.6
Auto Clicker v1.1
Battlefield 1942
Battlefield 2142 Deluxe Edition
BufferChm
C4400
C4400_Help
Canon CanoScan 5600F User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
Crayon Physics Deluxe Demo - release 52
Curse Client
CustomerResearchQFolder
D3DX10
Debut Video Capture Software
Defcon
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DragonNest
EA Download Manager
EA Download Manager UI
Easy WiFi Radar 1.0.5
eSupportQFolder
EVEREST Home Edition v2.20
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
FileZilla Client 3.3.4.1
Free NaturalReader
Gimp 2.6.2 Debug
Google Chrome
Google Update Helper
GPBaseService
GPBaseService2
HHD Software Free Hex Editor Neo 4.95
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.5
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
IDA Pro Free v5.0
IRS v2.0
Java™ 6 Update 20
LAME v3.98.3 for Audacity
LCP 5.04
Malwarebytes' Anti-Malware version 1.51.2.1300
ManageEngine Firewall Analyzer 7
MarketResearch
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.24)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
NetTools 5.0
Network Stumbler 0.4.0 (remove only)
Nexon Game Manager
Norton 360
Notepad++
Opera 10.62
Pando Media Booster
Panopreter Basic version 3.0.9
PanoStandAlone
Password Decryptor 1.0
Polipo 1.0.4.1
PremiumSoft Navicat Lite 9.1
PremiumSoft Navicat Premium 9.1
Prism Video File Converter
Proxifier version 3.0
ProxyFirewall 1.0.4 Beta
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Quake Live Mozilla Plugin
Quest Software Toad for Data Analysts Trial 2.6
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Scan
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Skins
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Stardock Impulse
Status
sTerm v1.7
TeamViewer 5
TIM 0.3
Toolbox
Tor 0.2.1.30
TrayApp
Uniblue DriverScanner
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Uplink Demo (remove only)
Vidalia 0.2.10
VideoPad Video Editor
VideoToolkit01
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 3.0
WinSesame
WinSynchro
Wireshark 1.2.10
Your Freedom 20110704-01
.

#5 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 27 November 2011 - 08:34 PM

This is Eevents, for some reason it wouldn't let me post it : \Attached File  EVENTS.txt   17.34KB   3 downloads

Edited by RFTFTFTF1, 27 November 2011 - 08:36 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 27 November 2011 - 11:54 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 29 November 2011 - 09:07 PM

ComboFix 11-11-27.02 - Lisa 11/28/2011 1:04.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1932 [GMT -6:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Drop Down Deals
c:\program files (x86)\Drop Down Deals\YontooIEClient.dll
c:\program files (x86)\LP
c:\program files (x86)\LP\E7D3\1EA4.tmp
c:\program files (x86)\LP\E7D3\97DB.tmp
c:\program files (x86)\LP\E7D3\BBFC.tmp
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Lisa\AppData\Local\Windows Server
c:\users\Lisa\AppData\Roaming\.#
c:\users\Lisa\AppData\Roaming\.#\MBX@15B8@602748.###
c:\users\Lisa\AppData\Roaming\.#\MBX@15B8@602778.###
c:\users\Lisa\AppData\Roaming\ExAAA1uvS2ob3
c:\users\Lisa\AppData\Roaming\ExAAA1uvS2ob3\Cloud AV 2012.ico
c:\users\Lisa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\chrome.manifest
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\chrome\xulcache.jar
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\defaults\preferences\xulcache.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\install.rdf
c:\users\Lisa_2\AppData\Roaming\Mozilla\Firefox\Profiles\cnt10nho.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}
c:\users\Lisa_2\AppData\Roaming\Mozilla\Firefox\Profiles\cnt10nho.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\chrome.manifest
c:\users\Lisa_2\AppData\Roaming\Mozilla\Firefox\Profiles\cnt10nho.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\chrome\xulcache.jar
c:\users\Lisa_2\AppData\Roaming\Mozilla\Firefox\Profiles\cnt10nho.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\defaults\preferences\xulcache.js
c:\users\Lisa_2\AppData\Roaming\Mozilla\Firefox\Profiles\cnt10nho.default\extensions\{eb1ce0f6-8892-41e0-838f-826c0fb705c2}\install.rdf
c:\windows\Directory
c:\windows\Directory\msvcp100.dll
c:\windows\Directory\msvcr100.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\My.ini
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\PING.EXE
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 10:14 . 2011-11-28 10:14 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0AFB802-46CF-4208-A82D-226FA827FEAD}\offreg.dll
2011-11-28 10:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0AFB802-46CF-4208-A82D-226FA827FEAD}\mpengine.dll
2011-11-28 09:59 . 2011-11-28 12:03 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2011-11-27 01:45 . 2011-11-27 01:45 -------- d-----w- c:\users\Lisa\AppData\Local\Solid State Networks
2011-11-26 02:27 . 2011-11-26 02:27 -------- d-----w- c:\users\Lisa\AppData\Roaming\IObit
2011-11-26 02:27 . 2011-11-26 02:27 -------- d-----w- c:\programdata\IObit
2011-11-26 02:27 . 2011-11-26 02:27 -------- d-----w- c:\program files (x86)\IObit
2011-11-25 23:27 . 2011-11-25 23:27 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-25 23:27 . 2011-07-06 18:44 34288 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-25 23:27 . 2011-11-26 06:32 -------- d-----w- c:\program files\Symantec
2011-11-25 23:27 . 2011-11-26 06:31 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-11-25 23:27 . 2011-11-25 23:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-25 23:26 . 2010-08-21 04:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-25 23:26 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-25 23:25 . 2011-11-27 01:07 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-11-25 23:25 . 2011-11-25 23:25 -------- d-----w- c:\program files (x86)\Norton 360
2011-11-25 23:18 . 2011-11-25 23:18 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-11-25 04:54 . 2011-11-25 15:46 -------- d-----w- c:\program files (x86)\EBC76
2011-11-25 04:53 . 2011-11-25 18:29 -------- d-----w- c:\users\Lisa\AppData\Roaming\303EB
2011-11-25 04:53 . 2011-11-25 04:53 -------- d-----w- c:\users\Lisa\AppData\Roaming\cIIIBrzzP
2011-11-25 04:52 . 2011-11-25 04:52 -------- d-----w- c:\users\Lisa\AppData\Roaming\leellIBBt
2011-11-25 04:52 . 2011-11-25 04:57 -------- d-----w- c:\users\Lisa\AppData\Roaming\GH55ssWJ7dELgRq
2011-11-25 04:52 . 2011-11-25 04:52 -------- d-----w- c:\users\Lisa\AppData\Roaming\rrrrlOOBtxP0cSi
2011-11-25 04:52 . 2011-11-25 04:52 -------- d-----w- c:\users\Lisa\AppData\Roaming\lccSS1ibb
2011-11-25 04:52 . 2011-11-25 04:52 -------- d-----w- c:\users\Lisa\AppData\Roaming\nL99ggTXqjYCeIr
2011-11-15 21:21 . 2011-11-15 21:21 -------- d-----w- c:\users\Lisa\AppData\Local\Logitech
2011-11-15 21:09 . 2011-11-15 21:09 -------- d-----w- c:\programdata\Logitech
2011-11-15 21:09 . 2011-11-15 21:09 -------- d-----w- c:\program files (x86)\Logitech
2011-11-15 21:09 . 2011-11-15 21:09 -------- d-----w- c:\program files\Logitech
2011-11-09 00:59 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:59 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 00:59 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 00:59 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 00:59 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 00:59 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-01 19:26 . 2011-11-01 19:26 -------- d-----w- c:\users\Lisa\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2010-06-14 00:38 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-30 23:25 . 2011-10-11 21:40 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-11 21:40 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-11 21:40 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-11 21:40 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-11 21:40 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-11 21:40 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-11 21:40 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-11 21:40 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-11 21:40 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 23:01 . 2011-10-11 21:40 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 22:29 . 2011-10-11 21:40 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-11 21:40 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-11 21:40 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-11 21:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-11 21:40 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-11 21:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 13:56 . 2011-10-11 21:40 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 23:00 . 2010-08-28 14:22 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-01 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\progra~2\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2006-4-16 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
R3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-15 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111124.030\IDSvia64.sys [2011-11-24 488568]
S2 DB2MGMTSVC_TAEVAL26;DB2 Management Service (TAEVAL26);c:\program files (x86)\Quest Software\Toad for Data Analysts Trial 2.6\SQLLIB\BIN\db2mgmtsvc.exe [2009-12-17 37736]
S2 firewallanalyzer;ManageEngine Firewall Analyzer 7.0;c:\manageengine\Firewall\bin\wrapper.exe [2010-07-27 126976]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-26 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 14:07]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 14:07]
.
2011-11-28 c:\windows\Tasks\User_Feed_Synchronization-{02542EC7-E61A-45CC-8791-6C41DAC6E2D8}.job
- c:\windows\system32\msfeedssync.exe [2011-10-11 21:29]
.
2011-11-28 c:\windows\Tasks\User_Feed_Synchronization-{39341375-8419-4313-8372-1F661A12318D}.job
- c:\windows\system32\msfeedssync.exe [2011-10-11 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"combofix"="c:\combofix\CF16683.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mond-wow.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: pcapwsp.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: Interfaces\{46AB288B-B8E3-4A9D-86C2-A90130439DB5}: NameServer = 10.31.48.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mond-wow.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Tab Scope: tabscope@xuldev.org - %profile%\extensions\tabscope@xuldev.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Hotspot Shield Community Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - %profile%\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_2_3
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\Hotspot_Shield\tbHots.dll
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\Hotspot_Shield\tbHots.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Drop Down Deals\YontooIEClient.dll
Toolbar-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files (x86)\Hotspot_Shield\tbHots.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-SKE - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0} - c:\program files (x86)\Mercs Letifer\Xbox 360 Modding Tools\MAIN FILES\Setup\uninstHEX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mysql]
"ImagePath"="\"c:\undercover repack v3.5.0\Server\mysql\bin\mysqld-nt\" \"--defaults-file=c:\undercover repack v3.5.0\Server\mysql\bin\my.cnf\" mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2590512721-2905626223-1035241326-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,c8,94,b7,4b,72,23,9b,78,63,d0,27,a1,9f,85,24,41,50,57,8d,14,dd,42,
17,c6,dc,6b,3f,02,ef,9c,f0,e2,75,11,56,f7,ab,18,c6,34,7a,46,4a,61,bb,7f,57,\
"??"=hex:45,9c,61,23,5b,2b,83,94,c3,05,fe,44,91,3e,ad,71
.
[HKEY_USERS\S-1-5-21-2590512721-2905626223-1035241326-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,73,1e,f9,a8,6d,33,52,7e,bf,32,1d,53,69,b7,30,77,ca,b0,3d,3a,
03,27,7a,b1,c5,ca,db,96,20,f4,ab,b1,ba,b5,26,0a,35,d0,81,9a,c5,42,8e,4c,82,\
"rkeysecu"=hex:3c,eb,9b,c1,61,36,c9,52,a1,e5,b3,e4,2e,a9,5d,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\manageengine\Firewall\jre\bin\java.exe
c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-11-28 06:09:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 12:09
.
Pre-Run: 245,165,662,208 bytes free
Post-Run: 242,505,232,384 bytes free
.
- - End Of File - - 4520AB1BBB5017509F332B8B1E930A70

#8 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 29 November 2011 - 09:08 PM

Norton is no longer telling me that there is a Tidserv Virus that needs to be manually removed. My computer is running better, still a little slow, but I don't recall what it was like before exactly so it might just be me, haha.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 30 November 2011 - 08:12 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files (x86)\EBC76
c:\users\Lisa\AppData\Roaming\303EB
c:\users\Lisa\AppData\Roaming\cIIIBrzzP
c:\users\Lisa\AppData\Roaming\leellIBBt
c:\users\Lisa\AppData\Roaming\GH55ssWJ7dELgRq
c:\users\Lisa\AppData\Roaming\rrrrlOOBtxP0cSi
c:\users\Lisa\AppData\Roaming\lccSS1ibb
c:\users\Lisa\AppData\Roaming\nL99ggTXqjYCeIr

Firefox::
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Hotspot Shield Community Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - %profile%\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 30 November 2011 - 06:01 PM

ComboFix 11-11-30.03 - Lisa 11/30/2011 16:32:49.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1806 [GMT -6:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
Command switches used :: c:\users\Lisa\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\EBC76
c:\users\Lisa\AppData\Roaming\303EB
c:\users\Lisa\AppData\Roaming\303EB\BC76.03E
c:\users\Lisa\AppData\Roaming\cIIIBrzzP
c:\users\Lisa\AppData\Roaming\GH55ssWJ7dELgRq
c:\users\Lisa\AppData\Roaming\lccSS1ibb
c:\users\Lisa\AppData\Roaming\leellIBBt
c:\users\Lisa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome.manifest
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\hotspot_shield.jar
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitAutoCompleteSearch.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitAutoCompleteSearch.xpt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitToolbar.idl
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitToolbar.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\ConduitToolbar.xpt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.dll
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCore.xpt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\alertSettingsComponent.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\appContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\engineContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\engineSettings.json
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\fbAlert.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\getAppsContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\postAppsContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\toolbarContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\unsharedAppsContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\install.rdf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\lib\xpcom.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF\manifest.mf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF\zigbert.rsa
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF\zigbert.sf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.gif
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.ico
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.PNG
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.src
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\searchplugin\conduit.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\setup.ini
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\version.txt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\chrome.manifest
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\chrome\conduitengine.jar
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\ConduitToolbar.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\engineSettings.json
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\fbAlert.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\DualPackage\install.rdf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\install.rdf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\lib\xpcom.js
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\META-INF\manifest.mf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\META-INF\zigbert.sf
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\searchplugin\conduit.gif
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\searchplugin\conduit.ico
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\searchplugin\conduit.src
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\searchplugin\conduit.xml
c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\extensions\engine@conduit.com\version.txt
c:\users\Lisa\AppData\Roaming\nL99ggTXqjYCeIr
c:\users\Lisa\AppData\Roaming\rrrrlOOBtxP0cSi
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 22:47 . 2011-11-30 22:53 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2011-11-30 22:47 . 2011-11-30 22:47 -------- d-----w- c:\users\Lisa_2\AppData\Local\temp
2011-11-30 22:47 . 2011-11-30 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 01:00 . 2011-11-30 08:18 -------- d-----w- c:\users\Lisa\AppData\Local\CrashDumps
2011-11-28 10:14 . 2011-11-30 22:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0AFB802-46CF-4208-A82D-226FA827FEAD}\offreg.dll
2011-11-28 10:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0AFB802-46CF-4208-A82D-226FA827FEAD}\mpengine.dll
2011-11-27 01:45 . 2011-11-27 01:45 -------- d-----w- c:\users\Lisa\AppData\Local\Solid State Networks
2011-11-26 02:27 . 2011-11-26 02:27 -------- d-----w- c:\users\Lisa\AppData\Roaming\IObit
2011-11-26 02:27 . 2011-11-26 02:27 -------- d-----w- c:\programdata\IObit
2011-11-26 02:27 . 2011-11-26 02:27 -------- d-----w- c:\program files (x86)\IObit
2011-11-25 23:27 . 2011-11-25 23:27 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-25 23:27 . 2011-07-06 18:44 34288 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-25 23:27 . 2011-11-26 06:32 -------- d-----w- c:\program files\Symantec
2011-11-25 23:27 . 2011-11-26 06:31 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-11-25 23:27 . 2011-11-25 23:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-25 23:26 . 2010-08-21 04:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-25 23:26 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-25 23:25 . 2011-11-27 01:07 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-11-25 23:25 . 2011-11-25 23:25 -------- d-----w- c:\program files (x86)\Norton 360
2011-11-25 23:18 . 2011-11-25 23:18 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-11-15 21:21 . 2011-11-15 21:21 -------- d-----w- c:\users\Lisa\AppData\Local\Logitech
2011-11-15 21:09 . 2011-11-15 21:09 -------- d-----w- c:\programdata\Logitech
2011-11-15 21:09 . 2011-11-15 21:09 -------- d-----w- c:\program files (x86)\Logitech
2011-11-15 21:09 . 2011-11-15 21:09 -------- d-----w- c:\program files\Logitech
2011-11-09 00:59 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 00:59 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 00:59 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 00:59 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 00:59 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-09 00:59 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-01 19:26 . 2011-11-01 19:26 -------- d-----w- c:\users\Lisa\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 04:16 . 2010-06-14 00:38 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-30 23:25 . 2011-10-11 21:40 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-11 21:40 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-11 21:40 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-11 21:40 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-11 21:40 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-11 21:40 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-11 21:40 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-11 21:40 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-11 21:40 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 23:01 . 2011-10-11 21:40 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 22:29 . 2011-10-11 21:40 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-11 21:40 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-11 21:40 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-11 21:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-11 21:40 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-11 21:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 13:56 . 2011-10-11 21:40 2764288 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-28_12.03.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2011-11-30 22:53 49188 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-30 22:54 86700 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-24 01:57 . 2011-11-30 22:54 13090 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2590512721-2905626223-1035241326-1000_UserData.bin
+ 2010-01-24 01:10 . 2011-11-29 06:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-24 01:10 . 2011-11-28 11:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-24 01:10 . 2011-11-28 11:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-24 01:10 . 2011-11-29 06:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-24 01:10 . 2011-11-28 11:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-24 01:10 . 2011-11-29 06:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-31 20:46 . 2011-11-28 05:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-31 20:46 . 2011-11-28 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-31 20:46 . 2011-11-28 05:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-31 20:46 . 2011-11-28 20:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-31 20:46 . 2011-11-28 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-31 20:46 . 2011-11-28 05:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-24 15:05 . 2011-11-28 10:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-24 15:05 . 2011-11-30 22:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-24 15:05 . 2011-11-30 22:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-24 15:05 . 2011-11-28 10:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-28 10:02 . 2011-11-28 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-30 22:50 . 2011-11-30 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-28 10:02 . 2011-11-28 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-30 22:50 . 2011-11-30 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-01 21:15 . 2011-11-30 22:48 233692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-01 21:15 . 2011-11-28 10:00 233692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-27 01:19 . 2011-11-30 22:48 1563032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2590512721-2905626223-1035241326-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
c:\program files (x86)\Hotspot_Shield\tbHots.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Drop Down Deals\YontooIEClient.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\tbHots.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-01 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\progra~2\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"IObit Security 360"="c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2006-4-16 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 firewallanalyzer;ManageEngine Firewall Analyzer 7.0;c:\manageengine\Firewall\bin\wrapper.exe [2010-07-27 126976]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 136176]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111123.001\BHDrvx64.sys [2011-11-15 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111129.030\IDSvia64.sys [2011-11-24 488568]
S2 DB2MGMTSVC_TAEVAL26;DB2 Management Service (TAEVAL26);c:\program files (x86)\Quest Software\Toad for Data Analysts Trial 2.6\SQLLIB\BIN\db2mgmtsvc.exe [2009-12-17 37736]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-26 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 14:07]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 14:07]
.
2011-11-30 c:\windows\Tasks\User_Feed_Synchronization-{02542EC7-E61A-45CC-8791-6C41DAC6E2D8}.job
- c:\windows\system32\msfeedssync.exe [2011-10-11 21:29]
.
2011-11-30 c:\windows\Tasks\User_Feed_Synchronization-{39341375-8419-4313-8372-1F661A12318D}.job
- c:\windows\system32\msfeedssync.exe [2011-10-11 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mond-wow.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: pcapwsp.dll
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: Interfaces\{46AB288B-B8E3-4A9D-86C2-A90130439DB5}: NameServer = 10.31.48.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lagu05cj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mond-wow.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Tab Scope: tabscope@xuldev.org - %profile%\extensions\tabscope@xuldev.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6
FF - user.js: yahoo.homepage.dontask - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mysql]
"ImagePath"="\"c:\undercover repack v3.5.0\Server\mysql\bin\mysqld-nt\" \"--defaults-file=c:\undercover repack v3.5.0\Server\mysql\bin\my.cnf\" mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2590512721-2905626223-1035241326-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,c8,94,b7,4b,72,23,9b,78,63,d0,27,a1,9f,85,24,41,50,57,8d,14,dd,42,
17,c6,dc,6b,3f,02,ef,9c,f0,e2,75,11,56,f7,ab,18,c6,34,7a,46,4a,61,bb,7f,57,\
"??"=hex:45,9c,61,23,5b,2b,83,94,c3,05,fe,44,91,3e,ad,71
.
[HKEY_USERS\S-1-5-21-2590512721-2905626223-1035241326-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,73,1e,f9,a8,6d,33,52,7e,bf,32,1d,53,69,b7,30,77,ca,b0,3d,3a,
03,27,7a,b1,c5,ca,db,96,20,f4,ab,b1,ba,b5,26,0a,35,d0,81,9a,c5,42,8e,4c,82,\
"rkeysecu"=hex:3c,eb,9b,c1,61,36,c9,52,a1,e5,b3,e4,2e,a9,5d,43
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-11-30 16:59:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-30 22:59
ComboFix2.txt 2011-11-28 12:09
.
Pre-Run: 242,964,000,768 bytes free
Post-Run: 242,867,023,872 bytes free
.
- - End Of File - - 4A6DD145E4AD820F60612D0E04AF4943

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 30 November 2011 - 08:51 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.1

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 03 December 2011 - 02:15 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 RFTFTFTF1

RFTFTFTF1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 05 December 2011 - 11:33 PM

Everything seems to be working fine now. Thank you for your help! :D

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 05 December 2011 - 11:55 PM

it is still best to keep with me untill I give the all clear


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 09 December 2011 - 12:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users