Jump to content

Swinta

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Swinta
    Hi there! My boss asked me to look at her computer and see if I could do something about some nasty malware that hijacked her browsers and keeps popping up everywhere. Malwarebytes wasn't able to fix this, and several removal attempts may have cleaned up bits and pieces, but it keeps coming back, specifically a RegCleaner clone and Whitesmoke toolbars. The Requested DDS logs are attached. Any help is appreciated! Thanks, Swinta . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_20 Run by Simons at 21:32:24 on 2011-11-18 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.579 [GMT -5:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Windows\system32\atashost.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Backblaze\bzserv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\lxcgcoms.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe C:\TOSHIBA\IVP\ISM\pinger.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe C:\Windows\system32\svchost.exe -k imgsvc c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Windows\system32\DllHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Backblaze\bzbui.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Backblaze\bzfilelist.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Backblaze\bztransmit.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\servicing\TrustedInstaller.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394 uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.dimdimsecure.com;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon" uRun: [Google Update] "c:\users\simons\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL mRun: [NDSTray.exe] NDSTray.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16 mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet StartupFolder: c:\users\simons\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2 StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dimdim.lnk - c:\program files\dimdim\plugin\application\Dimdim.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: bmnet.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} - hxxps://accounting.quickbooks.com/c1/v27.125/qboimax6.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v22.157/qboax10.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {B66A992D-C262-496E-8328-2F14FD80443A} - hxxps://qbo.intuit.com/c30/v34.118/qboimax7.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.34/ttinst.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{2150CF52-668B-4F16-A2D1-4C85CF9C69B9} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F9C078CD-07C1-422E-AFF7-F2710F6E942A} : DhcpNameServer = 192.168.2.1 Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\simons\appdata\roaming\mozilla\firefox\profiles\ixcgvenu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13 FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\dimdim\plugin\application\npDimDimControl.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\simons\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\users\simons\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\simons\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-11-18 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-11-18 744568] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111117.030\IDSvix86.sys [2011-11-17 368248] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-11-18 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-11-18 331384] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 34128] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-18 106104] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 319488] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456] S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [2010-4-28 56392] S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [2010-4-28 164552] S3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [2010-4-28 164552] S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [2010-5-4 105544] S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [2010-4-28 164552] S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [2010-4-28 164552] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272] S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-11-18 27192] . =============== Created Last 30 ================ . 2011-11-19 02:23:39 -------- d-----w- c:\users\simons\appdata\local\{A49BA6FA-5EF2-4B76-A829-507F0E0FE94D} 2011-11-19 02:23:14 -------- d-----w- c:\users\simons\appdata\local\{FF9A4812-611B-4B2F-A81C-550FB0E76A22} 2011-11-19 00:38:58 -------- d-----w- c:\users\simons\appdata\local\CrashDumps 2011-11-19 00:27:03 -------- d-----w- c:\users\simons\appdata\local\{0955C9DA-7373-4BF5-8382-C7F335F13FB3} 2011-11-19 00:26:36 -------- d-----w- c:\users\simons\appdata\local\{BA7CC171-34E0-4923-823E-5C3BC51E8A6D} 2011-11-19 00:07:59 -------- d-----w- c:\users\simons\appdata\local\VS Revo Group 2011-11-19 00:07:54 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-11-19 00:07:52 -------- d-----w- c:\program files\VS Revo Group 2011-11-18 22:16:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-11-18 22:16:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-11-18 22:10:01 -------- d-----w- c:\users\simons\appdata\local\{26FFECCC-56C3-44ED-8DFF-5575248ACE53} 2011-11-18 22:09:36 -------- d-----w- c:\users\simons\appdata\local\{353CBEE7-7630-477C-A2AE-8A5B811AD518} 2011-11-18 20:33:20 -------- d-----w- c:\users\simons\appdata\local\{565872B0-4869-4920-8552-30B00C633B41} 2011-11-18 20:32:43 -------- d-----w- c:\users\simons\appdata\local\{0EE27486-63BA-46C5-9305-358FC559D244} 2011-11-18 20:12:36 -------- d-----w- c:\users\simons\appdata\local\{E1724C5D-0697-423B-97F8-780DC9256C60} 2011-11-18 20:11:56 -------- d-----w- c:\users\simons\appdata\local\{0258D425-BA5D-4CEF-A83C-1F91791DE659} 2011-11-18 19:39:06 -------- d-----w- c:\users\simons\appdata\local\{EE34AA3B-F79C-476A-B253-FFF9D0EEF28A} 2011-11-18 19:38:15 -------- d-----w- c:\users\simons\appdata\local\{916A968C-5408-4E24-9EB2-C67D4BE8DCE6} 2011-11-18 19:18:42 -------- d-----w- c:\programdata\STOPzilla! 2011-11-18 18:03:25 -------- d-----w- c:\users\simons\appdata\local\{E63F7B5B-979B-4459-A234-3E83A3237F41} 2011-11-18 18:02:40 -------- d-----w- c:\users\simons\appdata\local\{54A047C7-3BA3-436A-B2CE-94578BE7603D} 2011-11-18 18:02:24 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-11-18 18:02:08 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-11-18 18:02:07 -------- d-----w- c:\program files\Symantec 2011-11-18 18:00:32 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys 2011-11-18 18:00:32 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys 2011-11-18 18:00:32 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys 2011-11-18 18:00:32 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys 2011-11-18 18:00:32 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys 2011-11-18 18:00:32 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys 2011-11-18 18:00:32 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys 2011-11-18 17:59:57 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D 2011-11-18 17:59:57 -------- d-----w- c:\windows\system32\drivers\N360 2011-11-18 17:59:52 -------- d-----w- c:\program files\Norton 360 2011-11-18 17:57:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4bb88ea-1629-4a4f-afa1-15ef9efdce59}\offreg.dll 2011-11-18 16:17:19 -------- d-----w- c:\users\simons\appdata\local\{38D56F53-00FD-41A9-9743-ABC3A08400BF} 2011-11-18 16:16:28 -------- d-----w- c:\users\simons\appdata\local\{61C0D489-B690-4533-8C81-1B75BEBEAB4F} 2011-11-18 16:12:13 -------- d-----w- c:\users\simons\appdata\local\{1305ED66-4503-4133-832D-99548713901A} 2011-11-18 16:11:26 -------- d-----w- c:\users\simons\appdata\local\{25F76C9F-F6FF-42D6-BC55-CCEABEDE2BD4} 2011-11-18 15:05:59 -------- d-----w- c:\windows\system32\drivers\nst\0102000.007 2011-11-18 15:05:59 -------- d-----w- c:\windows\system32\drivers\NST 2011-11-18 15:05:59 -------- d-----w- c:\program files\Norton Safe Web Lite 2011-11-18 14:45:12 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4bb88ea-1629-4a4f-afa1-15ef9efdce59}\mpengine.dll 2011-11-18 14:17:19 -------- d-----w- c:\users\simons\appdata\local\{3C5774B4-F670-472B-A1A1-8DF3AD549D6E} 2011-11-18 14:16:23 -------- d-----w- c:\users\simons\appdata\local\{69BDB7FE-433A-4F31-A512-85A7DBC69B7D} 2011-11-18 14:10:44 -------- d-----w- c:\users\simons\appdata\local\{D72E6051-6B7C-4783-9545-D2A751A23795} 2011-11-18 14:10:06 -------- d-----w- c:\users\simons\appdata\local\{1E13AA01-8190-4BA9-9E04-3AE575D45DFB} 2011-11-17 14:23:33 -------- d-----w- c:\users\simons\appdata\local\{C01983DA-7E83-4EA3-9DE8-1979FA6A8E0D} 2011-11-17 14:22:47 -------- d-----w- c:\users\simons\appdata\local\{ECCE2073-E7FE-45AE-9AD4-CC9D6B0B7112} 2011-11-16 14:19:50 -------- d-----w- c:\users\simons\appdata\local\{7E839C66-D991-44DA-AEF6-93A45F9CFAD2} 2011-11-16 14:19:14 -------- d-----w- c:\users\simons\appdata\local\{58777FFB-7644-43D2-9A08-B7DF92F0E893} 2011-11-16 13:27:56 -------- d-----w- c:\users\simons\appdata\local\{85C8B0C9-71A2-4114-B2CB-864B6978E5A7} 2011-11-16 13:27:23 -------- d-----w- c:\users\simons\appdata\local\{0FD3EB49-7BE9-4F7D-BF02-DB61271EBC93} 2011-11-16 01:38:25 -------- d-----w- c:\users\simons\appdata\local\{04295695-18DE-44D0-A6C0-ACBF15921E37} 2011-11-16 01:38:01 -------- d-----w- c:\users\simons\appdata\local\{550AC0F0-7BEA-4B21-BA27-70EDC2FE5FA9} 2011-11-15 15:19:22 -------- d-----w- c:\users\simons\appdata\local\{89BB061E-DBF1-4B93-8CA8-ADAAE5829B62} 2011-11-15 15:18:34 -------- d-----w- c:\users\simons\appdata\local\{304C2946-BE65-46E9-9C46-37D4E0EE0DD1} 2011-11-15 15:08:55 -------- d-----w- c:\users\simons\appdata\local\{AC17E653-B91A-4604-B8BA-0F370A1D317F} 2011-11-15 15:08:19 -------- d-----w- c:\users\simons\appdata\local\{9BDF7F81-DFD2-4D36-9DCD-AD458636980E} 2011-11-14 15:56:06 -------- d-----w- c:\users\simons\appdata\local\{0781CE36-E633-4480-833D-C093B34F904C} 2011-11-14 15:55:15 -------- d-----w- c:\users\simons\appdata\local\{0B2C3764-1F44-498D-A463-128FD7008E77} 2011-11-11 14:15:04 -------- d-----w- c:\users\simons\appdata\local\{9FE4C1F1-D90B-4173-ADE3-BF4185981ED5} 2011-11-11 14:14:24 -------- d-----w- c:\users\simons\appdata\local\{E6A63DA3-0A7C-4935-BAF3-6500D8CF95CD} 2011-11-10 17:00:23 -------- d-----w- c:\users\simons\appdata\local\{CF4659DE-4648-4A73-A502-E94FEF73ACC8} 2011-11-10 16:59:46 -------- d-----w- c:\users\simons\appdata\local\{AB4446BF-05B4-49B4-B34D-868BF0DE8A53} 2011-11-10 15:27:08 -------- d-----w- c:\users\simons\appdata\local\{16F82922-83FC-4BAE-9D5E-0DF110730968} 2011-11-10 15:26:44 -------- d-----w- c:\users\simons\appdata\local\{B00BFDCD-D84C-40B3-BAB1-82CF48D660E9} 2011-11-10 14:26:58 -------- d-----w- c:\users\simons\appdata\local\{3CAB5B0C-E384-4D58-8A0F-BE68AD1DB12E} 2011-11-10 14:26:36 -------- d-----w- c:\users\simons\appdata\local\{82C7F098-DA73-4FBF-BDD1-88638CA9B9F9} 2011-11-09 21:05:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-11-09 21:05:24 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:05:20 707584 ----a-w- c:\program files\common files\system\wab32.dll 2011-11-09 11:53:57 -------- d-----w- c:\users\simons\appdata\local\{AC557819-C6E2-4F60-A16B-B9D1B6797AAB} 2011-11-09 11:53:35 -------- d-----w- c:\users\simons\appdata\local\{5F7441AD-5797-4173-A8BB-6682F150D3E6} 2011-11-08 23:54:19 -------- d-----w- c:\users\simons\appdata\local\{826704CF-3086-4EA2-AC2F-8800B4F8A176} 2011-11-08 23:53:46 -------- d-----w- c:\users\simons\appdata\local\{C96828FD-CF42-4922-B575-63674BD7C986} 2011-11-08 23:45:48 -------- d-----w- c:\users\simons\appdata\local\{D6E5614E-D194-4CAB-B46B-85903EB6F2FC} 2011-11-08 23:45:25 -------- d-----w- c:\users\simons\appdata\local\{7A230927-23DC-4F6F-BC9B-0F9F633F1C76} 2011-11-08 13:23:27 -------- d-----w- c:\users\simons\appdata\local\{69F121F1-E445-4A3D-8D13-EE2BC5DDF535} 2011-11-08 13:22:59 -------- d-----w- c:\users\simons\appdata\local\{D5D87718-6CA6-48B7-B495-DDE9A07C22E9} 2011-11-07 14:01:53 -------- d-----w- c:\users\simons\appdata\local\{0F0C2040-44F7-4875-918F-0CE6BB2E6E52} 2011-11-07 14:01:15 -------- d-----w- c:\users\simons\appdata\local\{F11CDED5-1F64-416E-A66C-F537D93B687E} 2011-11-04 13:13:43 -------- d-----w- c:\users\simons\appdata\local\{E46A3835-29FA-4F3C-8EFE-2A81B5A77523} 2011-11-04 13:12:44 -------- d-----w- c:\users\simons\appdata\local\{F149D017-68D1-4534-AB70-53BF49AC655E} 2011-11-04 12:59:58 -------- d-----w- c:\users\simons\appdata\local\{C36709B5-2480-4D41-9C65-ACF6A6E41F56} 2011-11-04 12:59:24 -------- d-----w- c:\users\simons\appdata\local\{5E6FAD5B-686A-40C6-B77A-FCE00069A26F} 2011-11-03 22:37:05 -------- d-----w- c:\users\simons\appdata\local\{7D288D9A-A69B-4646-848E-5FDA8E478D59} 2011-11-03 22:36:39 -------- d-----w- c:\users\simons\appdata\local\{29392C0F-4B4E-4945-A216-5BA4DD1AAAFB} 2011-11-03 12:49:48 -------- d-----w- c:\users\simons\appdata\local\{37F97226-0848-421F-BA52-0F02136930B5} 2011-11-03 12:48:57 -------- d-----w- c:\users\simons\appdata\local\{D1F15FC4-5AC4-412D-9F31-0C66EB7C9141} 2011-11-02 23:33:27 -------- d-----w- c:\users\simons\appdata\local\{E9272FAB-35AA-435A-BE56-AE62205D2384} 2011-11-02 23:32:55 -------- d-----w- c:\users\simons\appdata\local\{65F52118-90D7-45AC-982F-F9A930B40734} 2011-11-02 22:47:48 -------- d-----w- c:\users\simons\appdata\local\{49F87081-6A46-4BEA-848A-533928A06EFF} 2011-11-02 22:47:25 -------- d-----w- c:\users\simons\appdata\local\{0AF4E328-A080-4485-ABC0-7B20430616CD} 2011-11-02 13:41:15 -------- d-----w- c:\users\simons\appdata\local\{7363B4B6-3209-4827-BFE6-1185BDB6D3F6} 2011-11-02 13:40:41 -------- d-----w- c:\users\simons\appdata\local\{89C70D93-D7A6-4228-9902-3DAA3A85A6AC} 2011-11-02 12:58:34 -------- d-----w- c:\users\simons\appdata\local\{EA032538-AB98-4737-A651-B0EC34908CD3} 2011-11-02 12:57:48 -------- d-----w- c:\users\simons\appdata\local\{A3164B8C-5715-4F52-BA76-98F19730D470} 2011-11-01 21:53:03 -------- d-----w- c:\users\simons\appdata\local\{9B025BBB-77BB-4DD3-A42E-6C2F69430F67} 2011-11-01 21:52:13 -------- d-----w- c:\users\simons\appdata\local\{D90F936B-A7CB-44A3-8990-AB6D8F3BD251} 2011-11-01 21:33:31 -------- d-----w- c:\users\simons\appdata\local\{2750579C-4B89-4D35-AE17-7C19D619B2A9} 2011-11-01 21:32:52 -------- d-----w- c:\users\simons\appdata\local\{DEC9A257-8A9E-425B-B0E3-F2D669819DA3} 2011-10-31 17:58:15 -------- d-----w- c:\users\simons\appdata\local\{65E8CDB2-042D-42D6-91F5-07C9F66E7B83} 2011-10-31 17:57:47 -------- d-----w- c:\users\simons\appdata\local\{B6C3DC83-61CE-40CB-8F54-35990CB8B56A} 2011-10-31 17:41:47 -------- d-----w- c:\program files\Conduit 2011-10-31 17:41:32 -------- d-----w- c:\users\simons\appdata\roaming\WhiteSmokeTranslator 2011-10-31 17:40:46 -------- d-----w- c:\program files\WhiteSmokeTranslator 2011-10-31 17:40:39 -------- d-----w- c:\users\simons\appdata\local\Conduit 2011-10-31 17:40:28 -------- d-----w- c:\users\simons\appdata\roaming\Systweak 2011-10-31 17:40:16 17280 ----a-w- c:\windows\system32\roboot.exe 2011-10-31 17:40:05 -------- d-----w- c:\program files\RegClean Pro 2011-10-31 13:50:28 -------- d-----w- c:\users\simons\appdata\local\{238911AB-547C-47F3-A546-ED1F9A5C9BAE} 2011-10-31 13:49:54 -------- d-----w- c:\users\simons\appdata\local\{2AEB6415-5C14-41CD-A4B9-ABB8A401B73B} 2011-10-28 13:09:35 -------- d-----w- c:\users\simons\appdata\local\{57F9B969-FA8F-4FE5-84BB-B85CB3251587} 2011-10-28 13:08:58 -------- d-----w- c:\users\simons\appdata\local\{793CAB82-A444-457D-9975-2FB076FAAB64} 2011-10-27 14:34:42 -------- d-----w- c:\users\simons\appdata\local\{5811CDF5-DCD2-4549-8D0E-C3DD247DF746} 2011-10-27 14:34:12 -------- d-----w- c:\users\simons\appdata\local\{197208B2-B163-42CD-A52D-D8DF9DD9DA11} 2011-10-27 14:32:46 -------- d-----w- c:\users\simons\appdata\local\{3CE6E850-0CB0-4DE1-B3E3-10E06DDC81E1} 2011-10-27 14:32:08 -------- d-----w- c:\users\simons\appdata\local\{D58726D6-D764-428C-AD86-F2773160F59F} 2011-10-27 11:59:30 -------- d-----w- c:\users\simons\appdata\local\{83983A82-E8E6-453F-A6BF-B9C55BDB887D} 2011-10-27 11:58:59 -------- d-----w- c:\users\simons\appdata\local\{56249DD2-0B91-4D33-8E32-28D07B61D241} 2011-10-26 20:08:14 -------- d-----w- c:\users\simons\appdata\local\{030F4A99-3555-47FC-96EA-353705C3A682} 2011-10-26 20:07:51 -------- d-----w- c:\users\simons\appdata\local\{AB9DEA19-9B2D-4C0F-AAF0-225EC04E838D} 2011-10-26 19:28:42 -------- d-----w- c:\users\simons\appdata\local\{64323814-E93B-40DC-8F2E-1CE7380CE162} 2011-10-26 19:28:20 -------- d-----w- c:\users\simons\appdata\local\{9959DD59-D121-4578-A915-DDB8436DC464} 2011-10-26 13:39:20 -------- d-----w- c:\users\simons\appdata\local\{A2215153-D1A9-491A-A7A0-3A6443141536} 2011-10-26 13:38:45 -------- d-----w- c:\users\simons\appdata\local\{E74E7E19-D11B-4ABA-9E78-00586E053F38} 2011-10-26 13:18:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll 2011-10-25 15:10:32 -------- d-----w- c:\users\simons\appdata\local\{DE9059EA-6887-4780-9004-CB48B083C0FF} 2011-10-25 15:10:03 -------- d-----w- c:\users\simons\appdata\local\{3C35933D-0912-45A3-8126-3945937B8FF5} 2011-10-25 12:37:02 -------- d-----w- c:\users\simons\appdata\local\{2F83A25A-66F6-4CF1-842E-55A7F38910EA} 2011-10-25 12:36:19 -------- d-----w- c:\users\simons\appdata\local\{15041C58-574C-4364-B681-CE315E826DE4} 2011-10-25 00:58:20 -------- d-----w- c:\users\simons\appdata\local\{2CF1275A-55C2-4561-BD06-B54857AAC314} 2011-10-25 00:57:59 -------- d-----w- c:\users\simons\appdata\local\{62B046F1-5E18-4BA3-B46C-C97168346883} 2011-10-24 12:58:36 -------- d-----w- c:\users\simons\appdata\local\{A73AB25E-132A-4857-9232-EAF79DA3AF06} 2011-10-24 12:58:12 -------- d-----w- c:\users\simons\appdata\local\{95A20687-EFBF-46D2-A056-4001A37AF9EB} 2011-10-24 12:31:15 -------- d-----w- c:\users\simons\appdata\local\{818D5F74-7E3F-488B-AF45-7AD4F09266E1} 2011-10-24 12:30:53 -------- d-----w- c:\users\simons\appdata\local\{CFFE00A1-6F1B-4C90-BC15-D88BF3293AAD} 2011-10-21 17:51:11 -------- d-----w- c:\users\simons\appdata\local\{AC16E68E-B8A4-42A8-AAA9-C7AFA3D0AD30} 2011-10-21 17:50:56 -------- d-----w- c:\users\simons\appdata\local\{00705AD3-F60B-4D9A-8E9D-412AF60D3C27} 2011-10-21 17:34:27 -------- d-----w- c:\users\simons\appdata\local\{33D779D6-708F-4DAA-90BE-7A5D05AB3333} 2011-10-21 11:21:42 -------- d-----w- c:\users\simons\appdata\local\{2CD30693-8FA8-4502-9856-7649B01C5CC5} 2011-10-21 11:20:57 -------- d-----w- c:\users\simons\appdata\local\{7EC68AEE-38A6-4E09-88E9-A7DF5B68B529} 2011-10-20 20:46:20 -------- d-----w- c:\users\simons\appdata\local\{451FF719-876E-446F-9669-2169E5F7C148} 2011-10-20 20:45:53 -------- d-----w- c:\users\simons\appdata\local\{C0019C67-7ECE-4179-BCA1-D39CEB824C49} . ==================== Find3M ==================== . 2011-11-02 13:58:06 60304 ----a-w- c:\users\simons\g2mdlhlpx.exe 2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll 2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec 2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-29 17:32:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll . ============= FINISH: 21:40:25.56 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.