Jump to content

csgotflow

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It wouldn't let me post everything. Here is the rest. Computer is running fine. amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ro-RO\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ro-RO\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ru-RU\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ru-RU\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ru-RU\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sk-SK\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sl-SI\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sl-SI\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sl-SI\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sr\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sr\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sr\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sv-SE\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sv-SE\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sv-SE\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\tr-TR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\uk-UA\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\uk-UA\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\uk-UA\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\vi\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\vi\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\vi\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-CN\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-CN\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-CN\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-TW\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\debuggerHalter.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-annotations.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-channel-listener.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-http-observer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-service.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-trace-service.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\observer-service.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\storageService.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\platform\Darwin\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\about.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\activation-menu-console.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\activation-menu-net.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\activation-menu-script.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\arrowDown.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\arrowUp.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\bindings.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNext.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNextActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNextArmed.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNextDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnErrorSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnMutateSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnNextSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnXHRSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpoint.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointCondition.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointDisabledExe.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointExe.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\callstack.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\commandLine.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\commandLineDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condBorders.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condBordersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condCorners.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condCornersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\console.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\continue.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\continueActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\continueDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\css.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\customizeShortcuts.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\debugger.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\disable.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\disabledIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\disableHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\dom.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\errorIcon-sm.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\errorIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\exe.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug-gray-16.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug16.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug24.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug32.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\group.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\html.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\infoIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\inspect.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\inspectDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\inspectSmall.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\jsonViewer.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\layout.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\loading_16.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\close.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\closeActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\closeHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\debugger.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\detach.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\detachActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\detachHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebugMenu.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebugMenuHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebugMenuOpen.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\hud-style-button-middle-background.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\min.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\minActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\minHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\panel.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\search-panel-down.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\search-panel.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabBar.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabLeft.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabLeftHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabMid.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabMidHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabRight.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabRightHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\toolbar.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\traceConsole.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\twistyClosed.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\twistyOpen.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\window.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-back-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-back.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-down-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-down.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-forward-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-forward.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-up-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-up.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\net.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarCached.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarConnecting.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarLoaded.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarLoading.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarReceiving.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarResolving.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarResponded.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarSending.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarWaiting.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteBorders.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteBordersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteCorners.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteCornersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\notloading_16.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\okIcon-sm.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\panel.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\panelbase.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\pause.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\pauseActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\pauseDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\rulerH.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\rulerV.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\search.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepInto.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepIntoActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepIntoDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOut.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOutActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOutDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOver.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOverActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOverDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabbar\tab-bkgnd.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabbar\tab-hover-bkgnd.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeader.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeaderActive.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeaderSorted.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeaderSortedActive.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableRep.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabMenuTarget.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabMenuTargetHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\Templarian_inspector.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\textEditorBorders.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\textEditorCorners.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\trace\clear.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\trace\up.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\traceConsole.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\warningIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\close.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\closeActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\closeHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\detach.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\detachActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\detachHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\down.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\downActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\downHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\min.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\minActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\minHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\off.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\offActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\offHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\panel.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\pause.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\pauseActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\pauseDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabBg.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabLeft.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabLeftHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabLeftUnselected.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMenuTarget.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMenuTargetHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMid.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMidHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMidUnselected.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabRight.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabRightHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabRightUnselected.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\traceConsole.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\twistyClosed.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\twistyOpen.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\up.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\upActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\upHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\window.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\window.css c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 01:37 . 2011-11-30 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-30 01:37 . 2011-11-30 01:37 -------- d-----w- c:\users\bswift\AppData\Local\temp 2011-11-30 00:54 . 2011-11-30 01:40 -------- d-----w- c:\users\Carson Pickens\AppData\Local\temp 2011-11-30 00:35 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\program files\iPod 2011-11-26 16:37 . 2011-11-26 16:38 -------- d-----w- c:\program files\iTunes 2011-11-26 16:32 . 2011-11-26 16:32 -------- d-----w- c:\program files\Bonjour 2011-11-25 16:17 . 2011-11-25 16:17 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\svD3onF4aHsJd8R 2011-11-25 16:00 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\F42CB 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YxxP0ucS1iD3n 2011-11-25 15:59 . 2011-11-25 17:47 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\206F4 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\SXXXqjjUCe 2011-11-25 15:59 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YuvD2obF4mG5Q 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18 . 2011-11-26 05:33 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-09 21:18 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 21:18 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-01 02:42 . 2011-10-12 19:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-20 39816] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-05-31 273544] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-05-02 115560] "EAFRCliStart"="c:\program files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe" [2011-02-17 1003520] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Carson Pickens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2011-5-26 431608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-12-21 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 EAFSPROT;EAFSPROT;c:\windows\System32\drivers\eafsprot.sys [2010-10-11 20216] S0 EPHDXLAT;PC Guardian Encryption Filter; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 EAFRCliManager;EAFRCliManager;c:\program files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe [2011-02-17 282624] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] . . --- Other Services/Drivers In Memory --- . *Deregistered* - ephdlink . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3058184860-598247740-3434065554-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.homepage.dontask - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\taskhost.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Citrix\GoToMeeting\723\g2mcomm.exe c:\program files\Citrix\GoToMeeting\723\g2mlauncher.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Steam\SteamService.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2011-11-29 19:50:32 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-30 01:50 ComboFix2.txt 2011-11-30 01:07 . Pre-Run: 110,157,647,872 bytes free Post-Run: 109,915,795,456 bytes free . - - End Of File - - 0B74C5EB6077E23F91BDD7595B89CA3E
  2. ComboFix 11-11-29.04 - Carson Pickens 11/29/2011 19:29:19.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.1622 [GMT -6:00] Running from: c:\users\Carson Pickens\Desktop\ComboFix.exe Command switches used :: c:\users\Carson Pickens\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\ConduitEngine.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\chrome\vshare.tv_bar.jar c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\ConduitAutoCompleteSearch.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\ConduitAutoCompleteSearch.xpt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCore.xpt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\alertSettingsComponent.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\appContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\engineContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\engineSettings.json c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\fbAlert.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\getAppsContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\postAppsContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\toolbarContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\unsharedAppsContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\INSTALL.LOG c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF\manifest.mf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF\zigbert.rsa c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF\zigbert.sf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Chat.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\DataStructures.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\EBEncryption.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\ExternalLibraryLoader.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\HTTP.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\IO.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Log.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\MainSingleton.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\MD5.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Notifications.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\ObserversAndEvents.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Prefs.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\SearchProtector.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\SearchSuggestIO.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\String.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\TEAEncryption.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Timer.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Twitter.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\URL.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Windows.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\XML.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\searchplugin\conduit.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\setup.ini c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\version.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\a11y.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\aboutOverlay.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\aboutOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\activation.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\bindings.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\blank.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\branch.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\breakpoint.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\browserOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\callstack.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\changeeditor.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\changeeditor.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\chrome.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\commandLine.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\commandLineInjected.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\commandLinePopup.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\console.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\consoleInjected.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\consoleInjector.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\css.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\customizeShortcuts.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\customizeShortcuts.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\customizeToolbarOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\debugger.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\dom.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\domplate.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editor.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editors.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editors.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editorToContextMenu.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\errors.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebug.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebug.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebugOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\highlighter.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\html.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\infotip.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\insideOutBox.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\inspector.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\jsonViewer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\knownIssues.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\layout.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\lib.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\lib\htmlLib.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\navigationHistory.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\net.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\panel.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\plugin.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\profiler.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\reps.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\search.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\shortcuts.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\sourceBox.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\sourceCache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\sourceFile.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\spy.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\svgViewer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tabCache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tabContext.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tableRep.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tabWatcher.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\testList.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tests\moved_to_fbug_tests.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\trace.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceConsole.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceConsole.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceConsole.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceLogFrame.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceModule.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tracingConsoleOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\xmlViewer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\xpcom.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\defaults\preferences\firebug.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\defaults\preferences\tracingConsole.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\Bugs.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\index.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\index.tpl.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.1.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.2.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.3.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.4.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.5.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\TODO.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\icons\default\firebug.ico c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\icons\default\TraceConsole.ico c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\license.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\bg\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\bg\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\bg\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ca-AD\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ca-AD\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ca-AD\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\cs\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\cs\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\cs\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\da-DK\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\de\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\de\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\de\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\el\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\el\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\el\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\en-US\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\en-US\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\en-US\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es-AR\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es-AR\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es-AR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fa\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fr\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fr\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fr\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hr-HR\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hr-HR\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hr-HR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hu-HU\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hu-HU\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hu-HU\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hy-AM\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hy-AM\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hy-AM\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\is-IS\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\is-IS\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\is-IS\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\it-IT\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\it-IT\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\it-IT\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ja-JP\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ja-JP\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ja-JP\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ko-KR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\nl\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\nl\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\nl\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pl\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pl\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pl\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-BR\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-BR\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-BR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-PT\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-PT\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-PT\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ro-RO\firebug-
  3. ComboFix 11-11-29.04 - Carson Pickens 11/29/2011 18:42:33.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.2264 [GMT -6:00] Running from: c:\users\Carson Pickens\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome\xulcache.jar c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\defaults\preferences\xulcache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome\xulcache.jar c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\defaults\preferences\xulcache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\install.rdf c:\users\Carson Pickens\g2mdlhlpx.exe c:\windows\$NtUninstallKB14001$ c:\windows\$NtUninstallKB14001$\1766350841\@ c:\windows\$NtUninstallKB14001$\1766350841\bckfg.tmp c:\windows\$NtUninstallKB14001$\1766350841\cfg.ini c:\windows\$NtUninstallKB14001$\1766350841\Desktop.ini c:\windows\$NtUninstallKB14001$\1766350841\keywords c:\windows\$NtUninstallKB14001$\1766350841\kwrd.dll c:\windows\$NtUninstallKB14001$\1766350841\L\xadqgnnk c:\windows\$NtUninstallKB14001$\1766350841\U\00000001.@ c:\windows\$NtUninstallKB14001$\1766350841\U\00000002.@ c:\windows\$NtUninstallKB14001$\1766350841\U\00000004.@ c:\windows\$NtUninstallKB14001$\1766350841\U\80000000.@ c:\windows\$NtUninstallKB14001$\1766350841\U\80000004.@ c:\windows\$NtUninstallKB14001$\1766350841\U\80000032.@ c:\windows\$NtUninstallKB14001$\3955381397 c:\windows\system32\drivers\etc\hosts1 . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 00:54 . 2011-11-30 00:57 -------- d-----w- c:\users\Carson Pickens\AppData\Local\temp 2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\program files\iPod 2011-11-26 16:37 . 2011-11-26 16:38 -------- d-----w- c:\program files\iTunes 2011-11-26 16:32 . 2011-11-26 16:32 -------- d-----w- c:\program files\Bonjour 2011-11-25 16:17 . 2011-11-25 16:17 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\svD3onF4aHsJd8R 2011-11-25 16:00 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\F42CB 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YxxP0ucS1iD3n 2011-11-25 15:59 . 2011-11-25 17:47 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\206F4 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\SXXXqjjUCe 2011-11-25 15:59 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YuvD2obF4mG5Q 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18 . 2011-11-26 05:33 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-09 21:18 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 21:18 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-01 02:42 . 2011-10-12 19:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-11 17:31 . 2011-09-11 17:31 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-20 39816] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-05-31 273544] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-05-02 115560] "EAFRCliStart"="c:\program files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe" [2011-02-17 1003520] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Carson Pickens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2011-5-26 431608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-12-21 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 EAFSPROT;EAFSPROT;c:\windows\System32\drivers\eafsprot.sys [2010-10-11 20216] S0 EPHDXLAT;PC Guardian Encryption Filter; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 EAFRCliManager;EAFRCliManager;c:\program files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe [2011-02-17 282624] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] . . --- Other Services/Drivers In Memory --- . *Deregistered* - ephdlink . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3058184860-598247740-3434065554-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file) WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file) SafeBoot-Symantec Antvirus . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\taskhost.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Citrix\GoToMeeting\723\g2mcomm.exe c:\program files\Citrix\GoToMeeting\723\g2mlauncher.exe c:\windows\System32\wsqmcons.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Steam\SteamService.exe c:\windows\system32\NOTEPAD.EXE c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2011-11-29 19:07:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-30 01:07 . Pre-Run: 109,183,401,984 bytes free Post-Run: 110,153,195,520 bytes free . - - End Of File - - B31E2FDE2C8008168E06A24DA7D9932E
  4. ComboFix 11-11-29.04 - Carson Pickens 11/29/2011 18:42:33.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.2264 [GMT -6:00] Running from: C:\Users\Carson Pickens\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome.manifest C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome\xulcache.jar C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\defaults\preferences\xulcache.js C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\install.rdf C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome.manifest C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome\xulcache.jar C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\defaults\preferences\xulcache.js C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\install.rdf C:\Users\Carson Pickens\g2mdlhlpx.exe C:\Windows\$NtUninstallKB14001$ C:\Windows\$NtUninstallKB14001$\1766350841\@ C:\Windows\$NtUninstallKB14001$\1766350841\bckfg.tmp C:\Windows\$NtUninstallKB14001$\1766350841\cfg.ini C:\Windows\$NtUninstallKB14001$\1766350841\Desktop.ini C:\Windows\$NtUninstallKB14001$\1766350841\keywords C:\Windows\$NtUninstallKB14001$\1766350841\kwrd.dll C:\Windows\$NtUninstallKB14001$\1766350841\L\xadqgnnk C:\Windows\$NtUninstallKB14001$\1766350841\U\00000001.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\00000002.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\00000004.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\80000000.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\80000004.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\80000032.@ C:\Windows\$NtUninstallKB14001$\3955381397 C:\Windows\system32\drivers\etc\hosts1 ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) 2011-11-30 00:54:08 . 2011-11-30 00:57:34 -------- d-----w- C:\Users\Carson Pickens\AppData\Local\temp 2011-11-26 16:37:30 . 2011-11-26 16:37:30 -------- d-----w- C:\Program Files\iPod 2011-11-26 16:37:28 . 2011-11-26 16:38:51 -------- d-----w- C:\Program Files\iTunes 2011-11-26 16:32:38 . 2011-11-26 16:32:39 -------- d-----w- C:\Program Files\Bonjour 2011-11-25 16:17:20 . 2011-11-25 16:17:20 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\svD3onF4aHsJd8R 2011-11-25 16:00:11 . 2011-11-25 16:34:21 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\F42CB 2011-11-25 15:59:38 . 2011-11-25 15:59:38 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\YxxP0ucS1iD3n 2011-11-25 15:59:37 . 2011-11-25 17:47:13 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\206F4 2011-11-25 15:59:32 . 2011-11-25 15:59:32 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\SXXXqjjUCe 2011-11-25 15:59:31 . 2011-11-25 16:34:21 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\YuvD2obF4mG5Q 2011-11-25 15:59:30 . 2011-11-25 15:59:30 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18:58 . 2011-11-26 05:33:10 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-09 21:18:18 . 2011-09-29 16:03:04 1290608 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2011-11-09 21:18:17 . 2011-10-01 04:37:08 708608 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 21:18:15 . 2011-09-29 03:37:56 2341888 ----a-w- C:\Windows\system32\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-10-24 20:29:02 . 2011-10-24 20:29:02 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx 2011-10-24 20:29:02 . 2011-10-24 20:29:02 69632 ----a-w- C:\Windows\system32\QuickTime.qts 2011-10-01 02:42:56 . 2011-10-12 19:15:44 1638912 ----a-w- C:\Windows\system32\mshtml.tlb 2011-09-11 17:31:04 . 2011-09-11 17:31:04 0 ----a-w- C:\Windows\system32\ConduitEngine.tmp ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2011-08-02 12:44:10 1242448] "GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-20 17:58:53 39816] "Desktop Software"="C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 07:57:42 1025320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-26 03:45:44 136216] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-26 03:45:36 171032] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-26 03:45:40 170520] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 04:19:50 140520] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 18:49:36 35736] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 18:49:34 932288] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 22:52:14 1797008] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552] "TkBellExe"="C:\Program Files\Real\RealPlayer\Update\realsched.exe" [2011-05-31 15:46:19 273544] "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 08:44:40 500208] "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 18:37:14 517096] "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 09:57:06 406992] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2011-05-02 19:21:34 115560] "EAFRCliStart"="C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe" [2011-02-17 16:44:12 1003520] "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608] "Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 22:00:48 1047208] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 13:22:28 59240] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-13 06:24:58 421736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 20:28:52 421888] C:\Users\Carson Pickens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - C:\Program Files\GoZone\GoZone_iSync.exe [2011-5-26 431608] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] VPN Client.lnk - C:\Windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-12-21 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 21:16:28 130384] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:31 136176] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:31 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232] R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 18:37:14 517096] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-21 14:34:07 1343400] S0 EAFSPROT;EAFSPROT;C:\Windows\System32\drivers\eafsprot.sys [2010-10-11 18:10:02 20216] S0 EPHDXLAT;PC Guardian Encryption Filter; [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128] S2 EAFRCliManager;EAFRCliManager;C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe [2011-02-17 16:37:58 282624] S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 22:00:48 366152] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 14:17:43 106104] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2011-08-31 22:00:50 22216] --- Other Services/Drivers In Memory --- *Deregistered* - ephdlink Contents of the 'Scheduled Tasks' folder 2011-11-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:37 . 2011-02-19 16:14:31] 2011-11-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:37 . 2011-02-19 16:14:31] 2011-11-27 C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3058184860-598247740-3434065554-1000.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47:46 . 2011-03-29 15:47:46] ------- Supplementary Scan ------- uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.homepage.dontask - true - - - - ORPHANS REMOVED - - - - URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file) WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file) SafeBoot-Symantec Antvirus
  5. TDSSKiller isn't finding any RootKit infections. My computer seems to be running fine.
  6. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by Carson Pickens at 18:09:26 on 2011-11-29 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.1475 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Steam\steam.exe C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\GoZone\GoZone_iSync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [EAFRCliStart] c:\program files\symantec\symantec endpoint encryption clients\client console\EAFRCliStart.exe /p mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\users\carson~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\2634F62707 : DhcpNameServer = 192.168.1.2 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\7596E676164756 : DhcpNameServer = 172.20.100.1 TCP: Interfaces\{B296EEAC-EB96-4EDD-9A15-93579762C007} : DhcpNameServer = 192.168.1.2 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll Hosts: 172.25.0.163 APP_P Hosts: 172.25.0.168 WEB1A Hosts: 172.25.0.169 WEB2A Hosts: 172.25.0.170 WEB3A Hosts: 172.25.16.164 DB1_P1 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: XUL Cache: {35e5a971-af88-4876-bc1c-1e790de285f0} - %profile%\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} FF - Ext: XUL Cache: {c24f2e42-5717-47d8-adf0-57f1155d997f} - %profile%\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [2010-10-11 20216] R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [2010-10-11 95992] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 EAFRCliManager;EAFRCliManager;c:\program files\symantec\symantec endpoint encryption clients\EAFRCliManager.exe [2011-2-17 282624] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-19 366152] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-2 1831024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-19 22216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400] . =============== Created Last 30 ================ . 2011-11-26 16:37:30 -------- d-----w- c:\program files\iPod 2011-11-26 16:37:28 -------- d-----w- c:\program files\iTunes 2011-11-26 16:32:38 -------- d-----w- c:\program files\Bonjour 2011-11-25 16:17:20 -------- d-----w- c:\users\carson pickens\appdata\roaming\svD3onF4aHsJd8R 2011-11-25 16:00:11 -------- d-----w- c:\users\carson pickens\appdata\roaming\F42CB 2011-11-25 15:59:38 -------- d-----w- c:\users\carson pickens\appdata\roaming\YxxP0ucS1iD3n 2011-11-25 15:59:37 -------- d-----w- c:\users\carson pickens\appdata\roaming\206F4 2011-11-25 15:59:32 -------- d-----w- c:\users\carson pickens\appdata\roaming\SXXXqjjUCe 2011-11-25 15:59:31 -------- d-----w- c:\users\carson pickens\appdata\roaming\YuvD2obF4mG5Q 2011-11-25 15:59:30 -------- d-----w- c:\users\carson pickens\appdata\roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18:58 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin 2011-11-09 21:18:18 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18:17 708608 ----a-w- c:\program files\common files\system\wab32.dll 2011-11-09 21:18:15 2341888 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-11 17:31:04 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82C8952A] -> \Device\Harddisk0\DR0[0x861B8030] 3 CLASSPNP[0x8B61C59E] -> ntkrnlpa!IofCallDriver[0x82C8952A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x86109908] kernel: MBR read successfully _asm { JMP 0x60; } user != kernel MBR !!! copy of MBR has been found in sector 14 ! . ============= FINISH: 18:10:43.30 ===============
  7. I was able to get back on the internet by performing a system restore to a date prior to the attack. What suggests to you that a backdoor trojan might be hanging out? Is it something from the Hijack this log or are backdoor trojans common with rogue antivirus programs?
  8. Hi, I am currently showing limited/no connectivity from my laptop on a connection that is verified working. I was removing Cloud AV from my computer prior to this problem. Here is my DDS log. Any help you can provide would be greatly appreciated. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by Carson Pickens at 12:50:39 on 2011-11-25 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.1715 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\GoZone\GoZone_iSync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [EAFRCliStart] c:\program files\symantec\symantec endpoint encryption clients\client console\EAFRCliStart.exe /p mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\carson~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\34162737F6E6059636B656E637 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\7596E676164756 : DhcpNameServer = 172.20.100.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: XUL Cache: {35e5a971-af88-4876-bc1c-1e790de285f0} - %profile%\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} FF - Ext: XUL Cache: {c24f2e42-5717-47d8-adf0-57f1155d997f} - %profile%\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [2010-10-11 20216] R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [2010-10-11 95992] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 EAFRCliManager;EAFRCliManager;c:\program files\symantec\symantec endpoint encryption clients\EAFRCliManager.exe [2011-2-17 282624] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-19 366152] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-2 1831024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-19 22216] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-25 41272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400] . =============== Created Last 30 ================ . 2011-11-25 18:04:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-11-25 16:17:22 -------- d-----w- c:\users\carson pickens\appdata\roaming\UBrzPNyxAuSbm5Q 2011-11-25 16:17:20 -------- d-----w- c:\users\carson pickens\appdata\roaming\svD3onF4aHsJd8R 2011-11-25 16:00:11 -------- d-----w- c:\users\carson pickens\appdata\roaming\F42CB 2011-11-25 15:59:39 -------- d-----w- c:\users\carson pickens\appdata\roaming\Z4amH6sW7fELgZh 2011-11-25 15:59:38 -------- d-----w- c:\users\carson pickens\appdata\roaming\YxxP0ucS1iD3n 2011-11-25 15:59:37 -------- d-----w- c:\users\carson pickens\appdata\roaming\206F4 2011-11-25 15:59:32 -------- d-----w- c:\users\carson pickens\appdata\roaming\SXXXqjjUCe 2011-11-25 15:59:31 -------- d-----w- c:\users\carson pickens\appdata\roaming\YuvD2obF4mG5Q 2011-11-25 15:59:30 -------- d-----w- c:\users\carson pickens\appdata\roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18:58 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin 2011-11-09 21:18:18 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18:17 708608 ----a-w- c:\program files\common files\system\wab32.dll 2011-11-09 21:18:15 2341888 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-11 17:31:04 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-30 20:22:13 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-08-30 19:33:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82C7A52A] -> \Device\Harddisk0\DR0[0x865BD030] 3 CLASSPNP[0x8BA8D59E] -> ntkrnlpa!IofCallDriver[0x82C7A52A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x860B4030] kernel: MBR read successfully _asm { JMP 0x60; } user != kernel MBR !!! copy of MBR has been found in sector 14 ! . ============= FINISH: 12:51:56.96 =============== Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.