Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
46 replies to this topic

#1 anothayou

anothayou

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 28 May 2012 - 02:03 AM

Every time I do a google search and click on the search topic I want i get redirected to other pages like yellowpages or family fun pages. I have tried many security scans but nothing works. Any help you can provide would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 28 May 2012 - 02:46 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 31 May 2012 - 01:26 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 03 June 2012 - 02:02 PM

Thank you so much for responding. I was checking bleeping computer every day but looking at my messages to see if there was a reply. I finally figured out I was looking in the wrong place. I hope you will have the time to help me fix this issue. Thank you again very much!

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Spyware Doctor with AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0
Malwarebytes Anti-Malware version 1.61.0.1400
TuneUp Companion 2.2.3
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0)
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Privatefirewall 6.1 pfsvc.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#5 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 03 June 2012 - 02:03 PM

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Darin at 12:00:33 on 2012-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1820 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
FW: Privatefirewall *Disabled* {ADE53067-43C2-2B76-05F6-A92000CC501A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Darin\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Darin\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Darin\Desktop\SecurityCheck.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\notepad.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\WmiApSrv.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Disabled:{0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Disabled:{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File
BHO: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Disabled:{B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File
BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Disabled:{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll"
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Darin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{79661767-F92A-4775-BD95-946EAC081C8F} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{79661767-F92A-4775-BD95-946EAC081C8F}\0343A5430393036343335323 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{79661767-F92A-4775-BD95-946EAC081C8F}\2454757463 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{79661767-F92A-4775-BD95-946EAC081C8F}\2554D4148502D2026596C6C6167656 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79661767-F92A-4775-BD95-946EAC081C8F}\74271607566796E656 : DhcpNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{79661767-F92A-4775-BD95-946EAC081C8F}\96E64756273747164756D233 : DhcpNameServer = 192.168.6.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Disabled:{0347C33E-8762-4905-BF09-768834316C61} - No File
BHO-X64: HP Print Enhancer - No File
BHO-X64: Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO-X64: Disabled:{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File
BHO-X64: Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO-X64: Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Disabled:{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO-X64: Disabled:{B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-X64: Disabled:{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
BHO-X64: HP Smart BHO Class - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BingExt.dll"
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Darin\AppData\Roaming\Mozilla\Firefox\Profiles\k150nuz3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Darin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\windows\system32\drivers\PCTCore64.sys --> C:\windows\system32\drivers\PCTCore64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 pwipf6;Privacyware Filter Driver;C:\windows\system32\DRIVERS\pwipf6.sys --> C:\windows\system32\DRIVERS\pwipf6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-4 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-18 654408]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2012-4-5 374120]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-5-6 245760]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-19 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 257696]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-19 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro36.sys --> C:\windows\system32\drivers\hitmanpro36.sys [?]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?]
S3 htcusbnet;HTC USB-NDIS miniport;C:\windows\system32\DRIVERS\htcusbnet.sys --> C:\windows\system32\DRIVERS\htcusbnet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-23 113120]
S3 NMRKUSBA;Numark USB2 WDM;C:\windows\system32\drivers\nmrkusba.sys --> C:\windows\system32\drivers\nmrkusba.sys [?]
S3 NMRKUSBU;Numark USB2 driver;C:\windows\system32\Drivers\nmrkusbu.sys --> C:\windows\system32\Drivers\nmrkusbu.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\windows\system32\DRIVERS\nwusbmdm_000.sys [?]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\windows\system32\DRIVERS\nwusbser_000.sys --> C:\windows\system32\DRIVERS\nwusbser_000.sys [?]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\windows\system32\DRIVERS\nwusbser2_000.sys --> C:\windows\system32\DRIVERS\nwusbser2_000.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-12-12 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-12-12 1142224]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-05-31 22:50:13 8072272 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE
2012-05-29 18:17:40 -------- d-----w- C:\Users\Darin\AppData\Local\Privatefirewall
2012-05-29 18:15:40 128064 ----a-w- C:\windows\System32\drivers\pwipf6.sys
2012-05-29 18:15:25 -------- d-----w- C:\ProgramData\Privacyware
2012-05-29 18:15:25 -------- d-----w- C:\Program Files (x86)\Privacyware
2012-05-29 16:54:04 -------- d-----w- C:\Users\Darin\AppData\Local\CrashDumps
2012-05-28 15:56:52 -------- d-----w- C:\ProgramData\GFI Software
2012-05-27 17:58:29 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-05-26 06:38:48 -------- d-----w- C:\Users\Darin\AppData\Local\NPE
2012-05-26 06:10:50 30496 ----a-w- C:\windows\System32\drivers\hitmanpro36.sys
2012-05-24 06:14:14 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-24 04:07:03 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-24 04:06:12 -------- d-----w- C:\Users\Darin\AppData\Local\adawarebp
2012-05-24 04:06:08 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-05-24 04:04:28 -------- d-----w- C:\Users\Darin\AppData\Roaming\Ad-Aware Antivirus
2012-05-22 06:26:12 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-05-11 14:47:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5D93D09-F385-4575-83F4-408CE636223D}\offreg.dll
2012-05-11 12:33:29 8917360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A5D93D09-F385-4575-83F4-408CE636223D}\mpengine.dll
2012-05-11 05:33:03 -------- d-----w- C:\Users\Darin\AppData\Roaming\Zeon
2012-05-10 03:42:24 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-10 03:42:23 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-10 03:42:21 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-10 03:42:20 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-10 03:42:19 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-10 03:42:18 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 03:41:38 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-10 03:41:13 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-10 03:41:10 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 03:41:10 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 03:41:10 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 03:41:10 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 03:41:10 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 00:24:11 -------- d-----w- C:\Users\Darin\AppData\Roaming\ControlCenter4
2012-05-07 00:23:23 -------- d-----w- C:\Users\Darin\AppData\Roaming\FLEXnet
2012-05-07 00:14:07 -------- d-----w- C:\Brother
2012-05-07 00:14:05 73728 ------w- C:\windows\SysWow64\BRCrypt.dll
2012-05-07 00:14:01 -------- d-----w- C:\ProgramData\ControlCenter4
2012-05-07 00:14:01 -------- d-----w- C:\Program Files (x86)\Browny02
2012-05-07 00:10:44 -------- d-----w- C:\ProgramData\zeon
2012-05-07 00:06:58 -------- d-----w- C:\Users\Darin\AppData\Roaming\Nuance
2012-05-07 00:06:07 -------- d-----w- C:\ProgramData\Nuance
2012-05-07 00:06:07 -------- d-----w- C:\Program Files (x86)\Nuance
2012-05-07 00:02:57 -------- d-----w- C:\ProgramData\Brother
2012-05-06 07:48:15 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-22 00:53:16 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 00:53:16 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-18 23:48:19 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 12:01:38.76 ===============

#6 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 03 June 2012 - 02:05 PM

DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2010 4:51:14 PM
System Uptime: 6/2/2012 4:10:36 PM (20 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 307.197 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro L7500
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP340: 5/21/2012 11:05:50 AM - Windows Update
RP341: 5/25/2012 11:15:37 PM - ARO 2011- Before One Click
RP342: 5/27/2012 10:57:06 AM - Windows Update
RP343: 5/27/2012 10:40:48 PM - Windows Backup
RP344: 5/29/2012 1:09:19 PM - ARO 2011- Before One Click
RP345: 5/29/2012 1:25:05 PM - Removed HiJackThis
RP346: 5/30/2012 3:52:12 PM - Windows Update
.
==== Installed Programs ======================
.
6500_E709_eDocs
6500_E709_Help
6500_E709a
Adobe AIR
Adobe Community Help
Adobe Illustrator CS5
Adobe Media Player
Adobe Reader X (10.1.3)
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ARO 2011
BeatportDownloader
Bing Bar
BitTorrent
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite MFC-J825DW
BufferChm
Compatibility Pack for the 2007 Office system
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocMgr
DocProc
eMule
ESET Online Scanner v3
Fax
FLAC To MP3 V4.0.4
foobar2000 v1.1.6
Free RAR Extract Frog
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
HiJackThis
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Live 8.1.1
Live 8.2.2
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Native Instruments Traktor 2
Nuance PDF Viewer Plus
PC Connectivity Solution
PDF Settings CS5
Privatefirewall 7.0
ProductContext
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.06.03.02
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
SA25x5 & SA26x5 Device Manager
Safari
Scan
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Toolbars
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Spyware Doctor 7.0
Status
Toolbox
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
TuneUp Companion 2.2.3
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Verizon Mobile Broadband Drivers
Verizon Wireless USB760 Firmware Updates
VirtualDJ
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.1
VZAccess Manager
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
6/3/2012 2:21:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Definition Update for Windows Defender - KB915597 (Definition 1.127.1171.0).
6/3/2012 2:21:28 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:59:57 AM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2012 11:59:40 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/3/2012 11:59:40 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/3/2012 10:13:55 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/1/2012 6:32:35 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{79661767-F92A-4775-BD95-946EAC081C8F} because another computer on the network has the same name. The server could not start.
6/1/2012 6:32:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/1/2012 11:47:26 PM, Error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/1/2012 11:47:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WMI Performance Adapter service to connect.
5/31/2012 9:22:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sdCoreService service.
5/31/2012 10:53:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Definition Update for Windows Defender - KB915597 (Definition 1.127.930.0).
5/31/2012 10:11:17 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
5/30/2012 3:54:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.930.0).
5/30/2012 3:53:35 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/29/2012 12:59:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/29/2012 12:58:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/29/2012 12:58:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/29/2012 12:58:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/29/2012 12:58:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/29/2012 12:58:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/29/2012 12:58:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/29/2012 12:58:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched pwipf6 rdbss SBRE spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 12:58:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 12:34:19 PM, Error: Service Control Manager [7022] - The PC Tools Security Service service hung on starting.
5/29/2012 12:21:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
5/29/2012 11:29:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
5/29/2012 11:28:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
5/29/2012 11:28:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
5/29/2012 11:22:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
5/29/2012 1:20:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
5/29/2012 1:19:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/29/2012 1:19:27 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/29/2012 1:19:23 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/29/2012 1:07:48 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/29/2012 1:00:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2012 9:00:07 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/28/2012 8:50:14 AM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.
5/28/2012 7:17:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.601.0).
5/27/2012 10:49:32 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
5/27/2012 10:49:32 AM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#7 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 03 June 2012 - 02:09 PM

Once again thank you so much for taking the time to respond. I apologize for my delay in response as I was looking in the wrong place. My bad. I will be checking this post periodically today and tonight for a reply. Thank you.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 04 June 2012 - 10:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 05 June 2012 - 01:42 PM

I did as you instructed. Closed all antivirus and spyware, closed browsers and windows. Ran combofix. I had to click the ignore button about 8 times for combofix to continue. When it finished the combofix window disappeared and no log report came up. I searched my computer for combofix logs and didn't find anything. My computer is still having the redirect problem when searching on google.
I will wait for further instructions. Thank you very much.

#10 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 05 June 2012 - 01:47 PM

I just ran combofix a second time and still do not see a log from it.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 05 June 2012 - 02:22 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 06 June 2012 - 04:19 AM

I ran tdskiller as you instructed and it did it's scan and found nothing. It did not leave a report. I searched for the report as you posted and could not find anything. I searched for the report/log other ways to locate them and found nothing. I then ran aswMBR and it did it's scan and after it went to a crazy looking DOS screen then it restarted my computer on its own. After the restart there was no log from that.
I can't tell you enough how much I appreciate the time you are taking with this.
I am patiently waiting for further instructions.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 06 June 2012 - 08:29 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 anothayou

anothayou
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 06 June 2012 - 01:23 PM

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 03
Ran by Darin at 06-06-2012 11:18:48
Running from C:\Users\Darin\Desktop
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-06 11:18 - 2012-06-06 11:18 - 00000000 ____D C:\FRST
2012-06-06 11:17 - 2012-06-06 11:17 - 01396583 ____A C:\Users\Darin\Desktop\FRST64.exe
2012-06-06 02:05 - 2012-06-06 02:05 - 581164280 ____A C:\Windows\MEMORY.DMP
2012-06-06 02:05 - 2012-06-06 02:05 - 00277680 ____A C:\Windows\Minidump\060612-34367-01.dmp
2012-06-06 02:02 - 2012-06-06 02:02 - 04731392 ____A (AVAST Software) C:\Users\Darin\Desktop\aswMBR.exe
2012-06-06 01:57 - 2012-06-06 01:58 - 00140624 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_01.57.38_log.txt
2012-06-06 01:56 - 2012-06-06 01:56 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Darin\Desktop\tdsskiller(1).exe
2012-06-05 11:17 - 2012-06-05 11:17 - 04538040 ____R (Swearware) C:\Users\Darin\Desktop\ComboFix(1).exe
2012-06-04 00:48 - 2012-06-04 00:48 - 00006965 ____A C:\Users\Darin\Desktop\blank-black-card.png
2012-06-04 00:38 - 2012-06-04 00:48 - 00006144 __ASH C:\Users\Darin\Desktop\Thumbs.db
2012-06-04 00:38 - 2012-06-04 00:45 - 00012599 ____A C:\Users\Darin\Desktop\fullsize-prodphoto_main_89 (2).jpg
2012-06-04 00:37 - 2012-06-04 00:37 - 00000000 ____D C:\Users\Darin\AppData\Local\{58B03826-7AB5-43A5-AE52-BBBB8A561FFB}
2012-06-04 00:35 - 2012-06-04 00:36 - 00022852 ____A C:\Users\Darin\Desktop\fullsize-prodphoto_main_89.jpg
2012-06-03 12:12 - 2012-06-03 12:12 - 03735376 ____A (PWI, Inc. ) C:\Users\Darin\privatefirewall.exe
2012-06-03 12:02 - 2012-06-03 12:02 - 00031387 ____A C:\Users\Darin\Desktop\DDS.txt
2012-06-03 11:58 - 2012-06-03 11:58 - 00607260 ___RA (Swearware) C:\Users\Darin\Desktop\dds.scr
2012-06-03 11:47 - 2012-06-03 11:47 - 00853862 ____A C:\Users\Darin\Desktop\SecurityCheck.exe
2012-06-03 11:46 - 2012-06-03 11:46 - 00000000 ____A C:\Users\Darin\defogger_reenable
2012-06-03 11:45 - 2012-06-03 11:45 - 00050477 ____A C:\Users\Darin\Desktop\Defogger.exe
2012-06-02 00:10 - 2012-06-02 00:10 - 00070175 ____A C:\Users\Darin\Desktop\spec_huntsman.jpg
2012-06-02 00:06 - 2012-06-02 00:06 - 00006229 ____A C:\Users\Darin\Desktop\108070l.jpg
2012-06-02 00:05 - 2012-06-02 00:05 - 00220312 ____A C:\Users\Darin\Desktop\arturo_fuente_chat_nat_5lpk.jpg
2012-05-31 22:39 - 2012-05-31 22:39 - 00045361 ____A C:\Users\Darin\Desktop\10662-Harry-And-David-Moose-Munch-All.jpg
2012-05-31 22:36 - 2012-05-31 22:36 - 00003055 ____A C:\Users\Darin\Desktop\eUll0rI7sPmnnRJ4CqyTG71CqziSk8yCtmjevt7DKrj4_VwzBtXC1wsQuODRKJzsRaV1Aqhx27cHdnPy_ksxaebILa_W-vBVnWF9Wa-GOiNN_gWF6po3Al1y9M3BCPRS
2012-05-31 21:57 - 2012-05-31 21:57 - 00020967 ____A C:\Users\Darin\Desktop\Acid_Blondie_Belicoso.jpg
2012-05-31 15:54 - 2012-05-31 15:54 - 00000000 ____D C:\Windows\Installer\{A9739666-2235-42F8-85D6-9B4005DC7951}
2012-05-31 15:44 - 2012-05-31 15:44 - 00153090 ____A C:\Users\Darin\Desktop\1755570559.bmp
2012-05-31 15:44 - 2012-05-31 15:44 - 00049654 ____A C:\Users\Darin\Desktop\facebook_icon - Copy.bmp
2012-05-31 15:43 - 2012-05-31 15:43 - 00014280 ____A C:\Users\Darin\Desktop\like-us-facebook.jpg
2012-05-31 15:30 - 2012-05-31 15:30 - 00038052 ____A C:\Users\Darin\Desktop\like_us_on_facebook.jpg
2012-05-31 14:58 - 2012-05-31 14:58 - 01916799 ____A C:\Users\Darin\Desktop\IMAG0210.jpg
2012-05-31 14:50 - 2012-05-31 15:59 - 00008645 ____A C:\Users\Darin\Desktop\logo.png
2012-05-29 15:45 - 2012-05-29 15:45 - 00014280 ____A C:\Users\Darin\Desktop\Beer.docx
2012-05-29 13:36 - 2012-05-29 13:40 - 00000000 ____D C:\Users\Darin\Desktop\Wine Bar
2012-05-29 11:17 - 2012-05-29 11:17 - 00000000 ____D C:\Users\Darin\AppData\Local\Privatefirewall
2012-05-29 11:15 - 2012-05-29 11:15 - 03488768 ____A C:\Windows\Installer\1f93aa.msi
2012-05-29 11:15 - 2012-05-29 11:15 - 00000146 ____A C:\Windows\ODBC.INI
2012-05-29 11:15 - 2012-05-29 11:15 - 00000000 ____D C:\Windows\Installer\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}
2012-05-29 11:15 - 2012-05-29 11:15 - 00000000 ____D C:\Users\All Users\Privacyware
2012-05-29 11:15 - 2012-05-29 11:15 - 00000000 ____D C:\Program Files (x86)\Privacyware
2012-05-29 11:15 - 2012-03-29 15:04 - 00128064 ____A (Privacyware/PWI, Inc.) C:\Windows\System32\Drivers\pwipf6.sys
2012-05-29 11:14 - 2012-05-29 11:14 - 03734312 ____A (PWI, Inc. ) C:\Users\Darin\Downloads\privatefirewall.exe
2012-05-29 09:54 - 2012-05-29 09:54 - 00000000 ____D C:\Users\Darin\AppData\Local\CrashDumps
2012-05-28 09:00 - 2012-05-28 09:00 - 01413561 ____A (Flexera Software, Inc.) C:\Windows\Installer\MSIBA81.tmp
2012-05-28 09:00 - 2012-05-28 09:00 - 01413561 ____A (Flexera Software, Inc.) C:\Windows\Installer\MSIBA70.tmp
2012-05-28 08:56 - 2012-05-28 08:56 - 00000000 ____D C:\Users\All Users\GFI Software
2012-05-26 00:02 - 2012-05-29 13:00 - 00290002 ____A C:\Windows\ntbtlog.txt
2012-05-26 00:00 - 2012-05-26 00:00 - 04528808 ___RA (Swearware) C:\Users\Darin\Desktop\ComboFix.exe
2012-05-25 23:38 - 2012-05-25 23:55 - 00000000 ____D C:\Users\Darin\AppData\Local\NPE
2012-05-25 23:10 - 2012-05-25 23:10 - 00030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-05-25 22:54 - 2012-05-25 22:55 - 00141662 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_22.54.33_log.txt
2012-05-24 10:10 - 2012-05-24 10:10 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-05-23 23:40 - 2012-05-23 23:41 - 00141662 ____A C:\TDSSKiller.2.7.37.0_23.05.2012_23.40.29_log.txt
2012-05-23 23:40 - 2012-05-23 23:40 - 02126936 ____A (Kaspersky Lab ZAO) C:\Users\Darin\Desktop\tdsskiller.exe
2012-05-23 23:29 - 2012-05-25 23:07 - 00000372 ____A C:\Windows\System32\.crusader
2012-05-23 23:14 - 2012-05-23 23:29 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-05-23 22:58 - 2012-05-23 22:58 - 01012656 ____A C:\Users\Darin\Desktop\rkill.com
2012-05-23 21:08 - 2012-05-29 11:15 - 00000000 ____D C:\Windows\Installer\{fc8208f2-b1c1-4253-9e89-d518e983b7bb}
2012-05-23 21:07 - 2012-05-28 09:00 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-23 21:07 - 2012-05-23 21:07 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-05-23 21:06 - 2012-05-28 09:04 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-05-23 21:06 - 2012-05-23 21:06 - 00000000 ____D C:\Users\Darin\AppData\Local\adawarebp
2012-05-23 21:04 - 2012-05-28 08:52 - 00000000 ____D C:\Users\Darin\AppData\Roaming\Ad-Aware Antivirus
2012-05-21 23:26 - 2012-05-21 23:26 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-15 15:39 - 2012-05-15 15:39 - 00221982 ____A C:\Users\Darin\Desktop\Attachments_2012_05_15.zip
2012-05-10 22:33 - 2012-05-10 22:33 - 00000000 ____D C:\Users\Darin\AppData\Roaming\Zeon
2012-05-10 22:32 - 2012-05-10 22:32 - 00000000 ____D C:\Users\Darin\Documents\My PaperPort Documents
2012-05-10 07:56 - 2012-05-10 07:56 - 20343808 ___RA C:\Windows\Installer\129554ed.msp
2012-05-09 21:36 - 2012-05-09 21:36 - 00000000 ____D C:\Windows\Sun
2012-05-09 20:42 - 2012-03-30 23:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 20:42 - 2012-03-30 21:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 20:42 - 2012-03-30 21:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 20:42 - 2012-03-30 20:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 20:42 - 2012-03-02 23:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 20:42 - 2012-03-02 22:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 20:41 - 2012-03-30 04:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 20:41 - 2012-03-17 00:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-07 10:57 - 2012-05-19 11:59 - 00028160 ____A C:\Users\Darin\Desktop\OL150.doc
2012-05-07 10:56 - 2012-05-07 10:56 - 00019457 ____A C:\Users\Darin\Desktop\OL500.doc

============ 3 Months Modified Files and Folders =============

2012-06-06 11:18 - 2012-06-06 11:18 - 0000000 ____D C:\FRST
2012-06-06 11:17 - 2012-06-06 11:17 - 1396583 ____A C:\Users\Darin\Desktop\FRST64.exe
2012-06-06 11:14 - 2012-04-18 10:51 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-06 11:14 - 2011-09-15 15:59 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332799912-2346207237-3317149279-1001UA.job
2012-06-06 11:14 - 2011-09-15 15:59 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332799912-2346207237-3317149279-1001Core.job
2012-06-06 11:14 - 2010-05-19 17:07 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-06 11:14 - 2010-05-19 17:07 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-06 03:00 - 2010-03-04 03:03 - 1185678 ____A C:\Windows\WindowsUpdate.log
2012-06-06 02:17 - 2009-07-13 21:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-06 02:17 - 2009-07-13 21:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-06 02:07 - 2012-04-18 11:33 - 0000000 ____D C:\Users\Darin\AppData\Local\Htc
2012-06-06 02:05 - 2012-06-06 02:05 - 581164280 ____A C:\Windows\MEMORY.DMP
2012-06-06 02:05 - 2012-06-06 02:05 - 0277680 ____A C:\Windows\Minidump\060612-34367-01.dmp
2012-06-06 02:05 - 2011-09-17 02:38 - 0000000 ____D C:\Windows\Minidump
2012-06-06 02:05 - 2010-12-12 14:54 - 0030831 ____A C:\Windows\setupact.log
2012-06-06 02:05 - 2010-03-04 02:57 - 3063029760 __ASH C:\hiberfil.sys
2012-06-06 02:05 - 2009-07-13 22:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-06 02:02 - 2012-06-06 02:02 - 4731392 ____A (AVAST Software) C:\Users\Darin\Desktop\aswMBR.exe
2012-06-06 01:58 - 2012-06-06 01:57 - 0140624 ____A C:\TDSSKiller.2.7.36.0_06.06.2012_01.57.38_log.txt
2012-06-06 01:56 - 2012-06-06 01:56 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\Darin\Desktop\tdsskiller(1).exe
2012-06-05 12:12 - 2010-07-19 16:29 - 0000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-06-05 11:43 - 2011-07-24 15:21 - 0000000 ___SD C:\32788R22FWJFW
2012-06-05 11:43 - 2009-07-13 22:08 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-05 11:18 - 2010-07-19 17:22 - 0000000 ____D C:\Program Files (x86)\Spyware Doctor
2012-06-05 11:17 - 2012-06-05 11:17 - 4538040 ____R (Swearware) C:\Users\Darin\Desktop\ComboFix(1).exe
2012-06-04 00:48 - 2012-06-04 00:48 - 0006965 ____A C:\Users\Darin\Desktop\blank-black-card.png
2012-06-04 00:48 - 2012-06-04 00:38 - 0006144 __ASH C:\Users\Darin\Desktop\Thumbs.db
2012-06-04 00:45 - 2012-06-04 00:38 - 0012599 ____A C:\Users\Darin\Desktop\fullsize-prodphoto_main_89 (2).jpg
2012-06-04 00:37 - 2012-06-04 00:37 - 0000000 ____D C:\Users\Darin\AppData\Local\{58B03826-7AB5-43A5-AE52-BBBB8A561FFB}
2012-06-04 00:36 - 2012-06-04 00:35 - 0022852 ____A C:\Users\Darin\Desktop\fullsize-prodphoto_main_89.jpg
2012-06-03 12:12 - 2012-06-03 12:12 - 3735376 ____A (PWI, Inc. ) C:\Users\Darin\privatefirewall.exe
2012-06-03 12:12 - 2010-05-19 16:51 - 0000000 ____D C:\users\Darin
2012-06-03 12:02 - 2012-06-03 12:02 - 0031387 ____A C:\Users\Darin\Desktop\DDS.txt
2012-06-03 11:58 - 2012-06-03 11:58 - 0607260 ___RA (Swearware) C:\Users\Darin\Desktop\dds.scr
2012-06-03 11:47 - 2012-06-03 11:47 - 0853862 ____A C:\Users\Darin\Desktop\SecurityCheck.exe
2012-06-03 11:46 - 2012-06-03 11:46 - 0000000 ____A C:\Users\Darin\defogger_reenable
2012-06-03 11:46 - 2010-05-19 17:05 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-03 11:45 - 2012-06-03 11:45 - 0050477 ____A C:\Users\Darin\Desktop\Defogger.exe
2012-06-02 00:10 - 2012-06-02 00:10 - 0070175 ____A C:\Users\Darin\Desktop\spec_huntsman.jpg
2012-06-02 00:06 - 2012-06-02 00:06 - 0006229 ____A C:\Users\Darin\Desktop\108070l.jpg
2012-06-02 00:05 - 2012-06-02 00:05 - 0220312 ____A C:\Users\Darin\Desktop\arturo_fuente_chat_nat_5lpk.jpg
2012-05-31 22:39 - 2012-05-31 22:39 - 0045361 ____A C:\Users\Darin\Desktop\10662-Harry-And-David-Moose-Munch-All.jpg
2012-05-31 22:36 - 2012-05-31 22:36 - 0003055 ____A C:\Users\Darin\Desktop\eUll0rI7sPmnnRJ4CqyTG71CqziSk8yCtmjevt7DKrj4_VwzBtXC1wsQuODRKJzsRaV1Aqhx27cHdnPy_ksxaebILa_W-vBVnWF9Wa-GOiNN_gWF6po3Al1y9M3BCPRS
2012-05-31 21:57 - 2012-05-31 21:57 - 0020967 ____A C:\Users\Darin\Desktop\Acid_Blondie_Belicoso.jpg
2012-05-31 15:59 - 2012-05-31 14:50 - 0008645 ____A C:\Users\Darin\Desktop\logo.png
2012-05-31 15:55 - 2011-03-19 05:50 - 0000000 ____D C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
2012-05-31 15:54 - 2012-05-31 15:54 - 0000000 ____D C:\Windows\Installer\{A9739666-2235-42F8-85D6-9B4005DC7951}
2012-05-31 15:44 - 2012-05-31 15:44 - 0153090 ____A C:\Users\Darin\Desktop\1755570559.bmp
2012-05-31 15:44 - 2012-05-31 15:44 - 0049654 ____A C:\Users\Darin\Desktop\facebook_icon - Copy.bmp
2012-05-31 15:43 - 2012-05-31 15:43 - 0014280 ____A C:\Users\Darin\Desktop\like-us-facebook.jpg
2012-05-31 15:30 - 2012-05-31 15:30 - 0038052 ____A C:\Users\Darin\Desktop\like_us_on_facebook.jpg
2012-05-31 14:58 - 2012-05-31 14:58 - 1916799 ____A C:\Users\Darin\Desktop\IMAG0210.jpg
2012-05-29 15:45 - 2012-05-29 15:45 - 0014280 ____A C:\Users\Darin\Desktop\Beer.docx
2012-05-29 13:40 - 2012-05-29 13:36 - 0000000 ____D C:\Users\Darin\Desktop\Wine Bar
2012-05-29 13:24 - 2010-05-19 16:53 - 0000000 ____D C:\Users\Darin\AppData\Local\VirtualStore
2012-05-29 13:18 - 2011-09-08 20:48 - 0000000 ____D C:\Windows\System32\config\RCCBakup
2012-05-29 13:08 - 2009-07-13 22:13 - 0006426 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-29 13:03 - 2010-12-15 16:01 - 0053586 ____A C:\Windows\PFRO.log
2012-05-29 13:02 - 2011-04-20 13:31 - 0000000 ____D C:\Program Files (x86)\Inkscape
2012-05-29 13:01 - 2011-04-20 13:35 - 0000000 ____D C:\Users\Darin\AppData\Roaming\inkscape
2012-05-29 13:00 - 2012-05-26 00:02 - 0290002 ____A C:\Windows\ntbtlog.txt
2012-05-29 13:00 - 2010-05-22 15:45 - 0000000 ____D C:\Program Files (x86)\Graboid
2012-05-29 11:17 - 2012-05-29 11:17 - 0000000 ____D C:\Users\Darin\AppData\Local\Privatefirewall
2012-05-29 11:15 - 2012-05-29 11:15 - 3488768 ____A C:\Windows\Installer\1f93aa.msi
2012-05-29 11:15 - 2012-05-29 11:15 - 0000146 ____A C:\Windows\ODBC.INI
2012-05-29 11:15 - 2012-05-29 11:15 - 0000000 ____D C:\Windows\Installer\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}
2012-05-29 11:15 - 2012-05-29 11:15 - 0000000 ____D C:\Users\All Users\Privacyware
2012-05-29 11:15 - 2012-05-29 11:15 - 0000000 ____D C:\Program Files (x86)\Privacyware
2012-05-29 11:15 - 2012-05-23 21:08 - 0000000 ____D C:\Windows\Installer\{fc8208f2-b1c1-4253-9e89-d518e983b7bb}
2012-05-29 11:14 - 2012-05-29 11:14 - 3734312 ____A (PWI, Inc. ) C:\Users\Darin\Downloads\privatefirewall.exe
2012-05-29 09:54 - 2012-05-29 09:54 - 0000000 ____D C:\Users\Darin\AppData\Local\CrashDumps
2012-05-28 09:04 - 2012-05-23 21:06 - 0000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-05-28 09:04 - 2010-05-19 16:51 - 0000000 ____D C:\Users\Darin\AppData\LocalLow
2012-05-28 09:00 - 2012-05-28 09:00 - 1413561 ____A (Flexera Software, Inc.) C:\Windows\Installer\MSIBA81.tmp
2012-05-28 09:00 - 2012-05-28 09:00 - 1413561 ____A (Flexera Software, Inc.) C:\Windows\Installer\MSIBA70.tmp
2012-05-28 09:00 - 2012-05-23 21:07 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-05-28 08:56 - 2012-05-28 08:56 - 0000000 ____D C:\Users\All Users\GFI Software
2012-05-28 08:52 - 2012-05-23 21:04 - 0000000 ____D C:\Users\Darin\AppData\Roaming\Ad-Aware Antivirus
2012-05-26 00:00 - 2012-05-26 00:00 - 4528808 ___RA (Swearware) C:\Users\Darin\Desktop\ComboFix.exe
2012-05-25 23:55 - 2012-05-25 23:38 - 0000000 ____D C:\Users\Darin\AppData\Local\NPE
2012-05-25 23:38 - 2010-03-04 03:44 - 0000000 ____D C:\Users\All Users\Norton
2012-05-25 23:10 - 2012-05-25 23:10 - 0030496 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-05-25 23:07 - 2012-05-23 23:29 - 0000372 ____A C:\Windows\System32\.crusader
2012-05-25 22:55 - 2012-05-25 22:54 - 0141662 ____A C:\TDSSKiller.2.7.37.0_25.05.2012_22.54.33_log.txt
2012-05-25 22:54 - 2011-03-02 12:54 - 0000532 ____A C:\rkill.log
2012-05-25 14:06 - 2010-10-27 10:25 - 0000000 ____D C:\Users\Darin\AppData\Local\Windows Live
2012-05-24 10:10 - 2012-05-24 10:10 - 0001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-05-24 00:49 - 2011-05-22 13:03 - 0000000 ____D C:\Users\Darin\Downloads\Ableton Live Suite 8.1.1 Quick Authorize Patch
2012-05-23 23:41 - 2012-05-23 23:40 - 0141662 ____A C:\TDSSKiller.2.7.37.0_23.05.2012_23.40.29_log.txt
2012-05-23 23:40 - 2012-05-23 23:40 - 2126936 ____A (Kaspersky Lab ZAO) C:\Users\Darin\Desktop\tdsskiller.exe
2012-05-23 23:29 - 2012-05-23 23:14 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-05-23 22:58 - 2012-05-23 22:58 - 1012656 ____A C:\Users\Darin\Desktop\rkill.com
2012-05-23 22:31 - 2010-08-05 09:48 - 0000000 ____D C:\Users\Darin\Downloads\Ableton Live Suite 8.1.1 + Easy Patch
2012-05-23 21:07 - 2012-05-23 21:07 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-05-23 21:06 - 2012-05-23 21:06 - 0000000 ____D C:\Users\Darin\AppData\Local\adawarebp
2012-05-21 23:26 - 2012-05-21 23:26 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-05-21 17:53 - 2012-04-18 10:51 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-21 17:53 - 2011-05-13 22:09 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-21 17:52 - 2012-04-18 11:25 - 0000000 __SHD C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}
2012-05-21 11:09 - 2012-04-23 10:32 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-19 11:59 - 2012-05-07 10:57 - 0028160 ____A C:\Users\Darin\Desktop\OL150.doc
2012-05-15 15:39 - 2012-05-15 15:39 - 0221982 ____A C:\Users\Darin\Desktop\Attachments_2012_05_15.zip
2012-05-11 05:27 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-11 05:20 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-11 05:10 - 2010-03-04 03:46 - 0000000 ___HD C:\Users\All Users\~0
2012-05-11 05:10 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\registration
2012-05-10 22:39 - 2011-09-15 12:22 - 0000000 ____D C:\Windows\Installer\{D63FFA4F-6405-4782-8E3C-6F1C6807C66D}
2012-05-10 22:39 - 2011-09-15 12:22 - 0000000 ____D C:\Users\Darin\AppData\Roaming\Speckie
2012-05-10 22:38 - 2012-05-06 17:06 - 0000000 ____D C:\Windows\Installer\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}
2012-05-10 22:38 - 2012-05-06 17:06 - 0000000 ____D C:\Users\All Users\ScanSoft
2012-05-10 22:38 - 2012-05-06 17:06 - 0000000 ____D C:\Program Files (x86)\Nuance
2012-05-10 22:34 - 2010-03-04 03:46 - 0000000 ____D C:\Users\All Users\Best Buy Software Installer
2012-05-10 22:33 - 2012-05-10 22:33 - 0000000 ____D C:\Users\Darin\AppData\Roaming\Zeon
2012-05-10 22:32 - 2012-05-10 22:32 - 0000000 ____D C:\Users\Darin\Documents\My PaperPort Documents
2012-05-10 22:32 - 2012-05-06 17:06 - 0000000 ____D C:\Users\Darin\AppData\Roaming\Nuance
2012-05-10 16:41 - 2009-07-13 21:45 - 4986312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 16:40 - 2009-12-11 23:35 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 12:15 - 2012-04-20 16:59 - 0000000 ____D C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}
2012-05-10 12:15 - 2010-07-13 09:09 - 0000000 ____D C:\Windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}
2012-05-10 12:15 - 2010-05-22 11:16 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 12:15 - 2010-03-04 03:08 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 09:24 - 2010-07-21 09:08 - 0000000 ____D C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
2012-05-10 07:56 - 2012-05-10 07:56 - 20343808 ___RA C:\Windows\Installer\129554ed.msp
2012-05-10 07:55 - 2009-07-14 00:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 21:36 - 2012-05-09 21:36 - 0000000 ____D C:\Windows\Sun
2012-05-07 10:56 - 2012-05-07 10:56 - 0019457 ____A C:\Users\Darin\Desktop\OL500.doc
2012-05-06 17:28 - 2012-05-06 17:06 - 0000000 ____D C:\Users\All Users\Nuance
2012-05-06 17:24 - 2012-05-06 17:24 - 0000000 ____D C:\Users\Darin\AppData\Roaming\ControlCenter4
2012-05-06 17:24 - 2010-05-19 16:56 - 0112872 ____A C:\Users\Darin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-06 17:23 - 2012-05-06 17:23 - 0000000 ____D C:\Users\Darin\AppData\Roaming\FLEXnet
2012-05-06 17:18 - 2010-03-04 03:43 - 0000000 ____D C:\Users\All Users\InstallShield
2012-05-06 17:17 - 2012-05-06 17:17 - 0002151 ____A C:\Users\Public\Desktop\Brother Creative Center.lnk
2012-05-06 17:16 - 2012-05-06 17:16 - 0003303 ____A C:\Windows\BRPARAM.INI
2012-05-06 17:16 - 2012-05-06 17:16 - 0000247 ____A C:\Windows\Brpfx04a.ini
2012-05-06 17:16 - 2012-05-06 17:16 - 0000093 ____A C:\Windows\brpcfx.ini
2012-05-06 17:16 - 2012-05-06 17:02 - 0000000 ____D C:\Users\All Users\Brother
2012-05-06 17:14 - 2012-05-06 17:14 - 0000000 ____D C:\Users\Public\Documents\BrFaxRx
2012-05-06 17:14 - 2012-05-06 17:14 - 0000000 ____D C:\Users\All Users\ControlCenter4
2012-05-06 17:14 - 2012-05-06 17:14 - 0000000 ____D C:\Program Files (x86)\Browny02
2012-05-06 17:14 - 2012-05-06 17:14 - 0000000 ____D C:\Brother
2012-05-06 17:14 - 2012-05-06 17:13 - 0000066 ____A C:\Windows\Brfaxrx.ini
2012-05-06 17:14 - 2012-05-06 17:13 - 0000000 ____D C:\Program Files (x86)\ControlCenter4
2012-05-06 17:13 - 2012-05-06 17:13 - 0000000 ____D C:\Program Files (x86)\Brother
2012-05-06 17:12 - 2009-12-11 23:22 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-06 17:10 - 2012-05-06 17:10 - 0000000 ____D C:\Windows\Installer\{28656860-4728-433C-8AD4-D1A930437BC8}
2012-05-06 17:10 - 2012-05-06 17:10 - 0000000 ____D C:\Users\All Users\zeon
2012-05-06 17:06 - 2012-05-06 17:06 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-05-06 00:48 - 2012-05-06 00:48 - 8744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-06 00:48 - 2012-05-06 00:48 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-02 12:28 - 2011-09-15 12:50 - 0001060 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-30 13:00 - 2011-09-15 03:14 - 0000000 ____D C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
2012-04-30 11:57 - 2009-12-11 23:27 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-28 21:43 - 2012-04-28 21:43 - 8459264 ___RA C:\Windows\Installer\12955538.msp
2012-04-24 06:58 - 2010-05-30 14:16 - 0000000 ____D C:\Users\Darin\AppData\Roaming\BitTorrent
2012-04-23 10:32 - 2012-04-23 10:32 - 3460096 ___RA C:\Windows\Installer\1377bf1a.msp
2012-04-23 10:32 - 2012-04-23 10:32 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-23 10:19 - 2012-04-23 10:15 - 0000000 ____D C:\tmp
2012-04-23 10:14 - 2012-04-23 10:14 - 0000608 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk
2012-04-23 10:14 - 2012-04-23 10:14 - 0000000 ____D C:\FLAC To MP3
2012-04-23 10:14 - 2012-04-23 10:13 - 4968179 ____A (FLAC To MP3, http://www.FlacMP3.net/ ) C:\Users\Darin\Desktop\flac2mp3.exe
2012-04-23 10:00 - 2010-05-20 16:30 - 0000000 ____D C:\Users\Darin\AppData\Roaming\Apple Computer
2012-04-23 09:55 - 2011-09-17 01:04 - 0000000 ____D C:\Windows\Installer\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}
2012-04-23 09:54 - 2012-04-23 09:54 - 0000000 ____D C:\Windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}
2012-04-23 09:54 - 2010-06-24 14:26 - 0000000 ____D C:\Program Files\iTunes
2012-04-23 09:54 - 2010-06-24 14:26 - 0000000 ____D C:\Program Files\iPod
2012-04-23 09:54 - 2010-06-24 14:26 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-23 09:52 - 2012-04-23 09:52 - 0000000 ____D C:\Windows\Installer\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}
2012-04-23 09:52 - 2012-04-23 09:52 - 0000000 ____A C:\Windows\Installer\wix{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}.SchedServiceConfig.rmi
2012-04-23 09:52 - 2011-06-16 22:49 - 0000000 ____D C:\Windows\Installer\{439760BC-7737-4386-9B1D-A90A3E8A22EA}
2012-04-23 09:52 - 2010-05-20 16:27 - 0000000 ____D C:\Users\All Users\Apple
2012-04-23 09:51 - 2012-04-23 09:51 - 0000000 ____D C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
2012-04-23 09:51 - 2011-09-17 01:00 - 0000000 ____D C:\Windows\Installer\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}
2012-04-23 09:51 - 2011-03-02 11:43 - 0000000 ____D C:\Program Files\Bonjour
2012-04-23 09:51 - 2011-03-02 11:43 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-23 09:50 - 2012-04-23 09:50 - 49125888 ____A C:\Windows\Installer\70723.msi
2012-04-23 09:48 - 2012-04-23 09:48 - 2682368 ____A C:\Windows\Installer\6fc91.msi
2012-04-23 09:48 - 2012-04-23 09:48 - 11105280 ____A C:\Windows\Installer\6fcee.msi
2012-04-23 09:48 - 2012-04-23 09:48 - 0000000 ____D C:\Windows\Installer\{7BE15435-2D3E-4B58-867F-9C75BED0208C}
2012-04-23 09:48 - 2011-09-17 01:01 - 0000000 ____D C:\Windows\Installer\{C9E14402-3631-4182-B377-6B0DFB1C0339}
2012-04-23 09:48 - 2010-10-22 16:38 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-23 09:47 - 2012-04-23 09:47 - 26820096 ____A C:\Windows\Installer\6fc6d.msi
2012-04-23 09:46 - 2012-04-23 09:46 - 0000000 ____D C:\Windows\Installer\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
2012-04-23 09:46 - 2011-06-16 22:18 - 0000000 ____D C:\Windows\Installer\{B3575D00-27EF-49C2-B9E0-14B3D954E992}
2012-04-23 09:45 - 2012-04-23 09:45 - 20396032 ____A C:\Windows\Installer\6f97a.msi
2012-04-22 03:14 - 2009-07-13 19:34 - 0000513 ____A C:\Windows\win.ini
2012-04-22 03:13 - 2010-08-20 19:50 - 0000000 ____D C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}
2012-04-21 14:47 - 2011-05-03 14:50 - 0000000 ____D C:\Program Files (x86)\VirtualDJ
2012-04-20 16:59 - 2009-07-14 00:45 - 0000000 ____D C:\Windows\ShellNew
2012-04-20 16:59 - 2009-07-13 22:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-20 16:58 - 2012-04-20 16:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-04-20 16:58 - 2012-04-20 16:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-04-20 16:58 - 2010-03-04 03:05 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-20 16:58 - 2009-12-11 23:34 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-20 16:57 - 2010-08-20 19:52 - 0000000 ____D C:\Windows\Installer\{90140000-002A-0000-1000-0000000FF1CE}
2012-04-20 16:56 - 2012-04-20 16:56 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-20 16:54 - 2012-04-20 16:54 - 3025408 ____A C:\Windows\Installer\166f466.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 24809472 ____A C:\Windows\Installer\166f471.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 2413568 ____A C:\Windows\Installer\166f44b.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 2115584 ____A C:\Windows\Installer\166f423.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 1819648 ____A C:\Windows\Installer\166f460.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 1813504 ____A C:\Windows\Installer\166f451.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 1810944 ____A C:\Windows\Installer\166f45b.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 1804800 ____A C:\Windows\Installer\166f41e.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 1800704 ____A C:\Windows\Installer\166f446.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0667648 ____A C:\Windows\Installer\166f437.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0663040 ____A C:\Windows\Installer\166f432.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0656896 ____A C:\Windows\Installer\166f43c.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0653824 ____A C:\Windows\Installer\166f428.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0650240 ____A C:\Windows\Installer\166f456.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0650240 ____A C:\Windows\Installer\166f441.msi
2012-04-20 16:54 - 2012-04-20 16:54 - 0650240 ____A C:\Windows\Installer\166f42d.msi
2012-04-20 16:53 - 2012-04-20 16:53 - 2863104 ____A C:\Windows\Installer\166f40a.msi
2012-04-20 16:53 - 2012-04-20 16:53 - 1802240 ____A C:\Windows\Installer\166f419.msi
2012-04-20 16:53 - 2012-04-20 16:53 - 1800704 ____A C:\Windows\Installer\166f414.msi
2012-04-20 16:53 - 2012-04-20 16:53 - 0650240 ____A C:\Windows\Installer\166f40f.msi
2012-04-20 16:53 - 2012-04-20 16:53 - 0000000 __RHD C:\MSOCache
2012-04-20 16:16 - 2012-04-20 15:01 - 987942848 ____A (Microsoft Corporation) C:\Users\Darin\Desktop\X17-75058.exe
2012-04-20 15:47 - 2012-04-20 14:54 - 0000000 ____D C:\Users\Darin\Downloads\Microsoft Office Professional Plus 2010 (full activated)
2012-04-20 14:52 - 2012-04-20 14:51 - 0000000 ____D C:\Users\Darin\Downloads\MS 2010 Activatior
2012-04-20 14:50 - 2012-04-20 14:50 - 0000974 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-04-20 14:50 - 2010-05-30 14:16 - 0000000 ____D C:\Program Files (x86)\BitTorrent
2012-04-20 10:07 - 2012-04-20 10:07 - 0261710 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-04-18 18:37 - 2009-07-13 20:20 - 0000000 ____D C:\Windows\rescache
2012-04-18 18:36 - 2010-07-29 18:11 - 0000000 ____D C:\Users\Darin\AppData\Local\ElevatedDiagnostics
2012-04-18 17:15 - 2010-08-23 23:31 - 0000000 ____D C:\Windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}
2012-04-18 17:15 - 2010-08-20 20:08 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-04-18 17:14 - 2010-08-20 20:12 - 0000000 ____D C:\Users\Darin\AppData\Roaming\SoftGrid Client
2012-04-18 17:13 - 2010-03-04 03:10 - 0000000 ____D C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}
2012-04-18 17:11 - 2010-03-04 03:09 - 0000000 ____D C:\Windows\Installer\{90120000-002A-0000-1000-0000000FF1CE}
2012-04-18 17:09 - 2010-08-20 19:54 - 0000000 ____D C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}
2012-04-18 17:05 - 2010-11-11 11:21 - 0000000 ____D C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}
2012-04-18 16:48 - 2012-04-18 16:48 - 0207360 ____A C:\Windows\Installer\156120.msi
2012-04-18 16:48 - 2012-04-18 16:48 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-18 16:48 - 2012-04-18 16:48 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-18 16:48 - 2012-04-18 16:48 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-18 16:48 - 2012-04-18 16:48 - 0000000 ____D C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83216031FF}
2012-04-18 16:48 - 2011-07-27 07:40 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-18 16:46 - 2012-04-18 16:46 - 12938752 ____A C:\Windows\Installer\156110.msi
2012-04-18 15:37 - 2010-12-12 02:16 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-18 15:36 - 2012-04-18 15:07 - 0001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-18 15:20 - 2011-03-08 13:05 - 0000000 ____D C:\Windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}
2012-04-18 14:54 - 2009-07-13 20:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-18 14:28 - 2010-03-04 03:04 - 0000000 ____D C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
2012-04-18 14:07 - 2012-04-18 14:07 - 20333056 ___RA C:\Windows\Installer\a009ab.msp
2012-04-18 13:40 - 2012-04-18 13:40 - 0000000 ____D C:\Users\Darin\Documents\My Photos
2012-04-18 13:39 - 2012-04-18 13:39 - 0000000 ____D C:\Program Files\HTC
2012-04-18 13:37 - 2012-04-18 13:37 - 0000000 ____D C:\Users\Darin\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-04-18 13:25 - 2012-04-18 13:25 - 0000000 ____D C:\Users\Darin\Documents\My Documents
2012-04-18 11:47 - 2012-04-18 11:47 - 0000000 ____D C:\Windows\Installer\{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}
2012-04-18 11:47 - 2010-05-19 17:08 - 0000000 ____D C:\Users\Darin\AppData\Local\Downloaded Installations
2012-04-18 11:41 - 2012-04-18 11:41 - 30464196 ____A C:\Windows\Installer\1e1086.msi
2012-04-18 11:40 - 2012-04-18 11:40 - 15234048 ____A C:\Windows\Installer\1e0be6.msi
2012-04-18 11:40 - 2012-04-18 11:40 - 0032256 ____A C:\Windows\Installer\1e0bca.msi
2012-04-18 11:40 - 2012-04-18 11:24 - 0000000 ____D C:\Windows\Installer\{6D6664A9-3342-4948-9B7E-034EFE366F0F}
2012-04-18 11:40 - 2010-12-12 15:27 - 0053240 ____A C:\Windows\DPINST.LOG
2012-04-18 11:33 - 2012-04-18 11:32 - 0000000 ____D C:\Users\Darin\AppData\Roaming\HTC
2012-04-18 11:31 - 2010-07-21 16:21 - 0000000 ____D C:\Program Files (x86)\HTC
2012-04-18 11:24 - 2012-04-18 11:24 - 0000000 ____D C:\Program Files (x86)\Spirent Communications
2012-04-18 11:23 - 2012-04-18 11:23 - 1471488 ____A C:\Windows\Installer\1e0ba1.msi
2012-04-18 11:23 - 2012-04-18 11:23 - 0000000 ____D C:\Windows\Installer\{31A559C1-9E4D-423B-9DD3-34A6C5398752}
2012-04-18 11:22 - 2012-04-18 11:22 - 2434048 ____A C:\Windows\Installer\1e0b6c.msi
2012-04-18 11:22 - 2010-07-17 09:21 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-04-18 10:51 - 2012-04-18 10:51 - 0025600 ____A C:\Windows\Installer\3e8ee.msi
2012-04-16 17:56 - 2012-04-16 17:56 - 0475136 ____A C:\Windows\Installer\ada7ee6.msi
2012-04-04 22:38 - 2012-04-04 22:38 - 3620864 ___RA C:\Windows\Installer\1377bece.msp
2012-04-04 22:38 - 2012-04-04 22:38 - 2831360 ___RA C:\Windows\Installer\1377bf04.msp
2012-04-04 15:56 - 2010-12-12 02:16 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 06:32 - 2012-04-04 06:32 - 16613376 ___RA C:\Windows\Installer\59070.msp
2012-04-01 16:27 - 2012-04-01 16:27 - 3463168 ___RA C:\Windows\Installer\4433ec.msp
2012-03-30 23:05 - 2012-05-09 20:42 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 21:39 - 2012-05-09 20:42 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 21:39 - 2012-05-09 20:42 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 20:10 - 2012-05-09 20:42 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 04:35 - 2012-05-09 20:41 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 15:04 - 2012-05-29 11:15 - 0128064 ____A (Privacyware/PWI, Inc.) C:\Windows\System32\Drivers\pwipf6.sys
2012-03-21 05:58 - 2012-03-21 05:58 - 0133120 ___RA C:\Windows\Installer\443307.msp
2012-03-21 05:57 - 2012-03-21 05:57 - 1591808 ___RA C:\Windows\Installer\443300.msp
2012-03-17 00:58 - 2012-05-09 20:41 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 13:12 - 2012-03-15 13:12 - 4968960 ___RA C:\Windows\Installer\12955530.msp
2012-03-15 13:11 - 2012-03-15 13:11 - 66812928 ___RA C:\Windows\Installer\12955519.msp
2012-03-15 13:11 - 2012-03-15 13:11 - 1989632 ___RA C:\Windows\Installer\12955502.msp
2012-03-15 13:09 - 2012-03-15 13:09 - 17165312 ___RA C:\Windows\Installer\1377bebf.msp

C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L\00000004.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L\1afb2d56
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L\201d3dde
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\00000004.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\00000008.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\000000cb.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\80000000.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\80000032.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 16:19] - [2009-07-13 18:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 47%
Total physical RAM: 3894.84 MB
Available physical RAM: 2038.32 MB
Total Pagefile: 7787.88 MB
Available Pagefile: 5654.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

======================= Partitions =========================

1 Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:305.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 10 GB 455 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105322W0F NTFS Partition 453 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

==========================================================

Last Boot: 2012-05-21 18:55

======================= End Of Log ==========================

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 AM

Posted 06 June 2012 - 10:50 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L\00000004.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L\1afb2d56
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\L\201d3dde
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\00000004.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\00000008.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\000000cb.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\80000000.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\80000032.@
C:\Windows\Installer\{5e52bfba-36e4-b6eb-58b5-eff0d3ca0cd0}\U\80000064.@


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]

Edited by gringo_pr, 06 June 2012 - 10:52 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users