csgotflow
Members-
Posts
8 -
Joined
-
Last visited
Reputation
0 Neutral-
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
It wouldn't let me post everything. Here is the rest. Computer is running fine. amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ro-RO\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ro-RO\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ru-RU\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ru-RU\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ru-RU\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sk-SK\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sl-SI\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sl-SI\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sl-SI\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sr\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sr\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sr\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sv-SE\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sv-SE\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\sv-SE\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\tr-TR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\uk-UA\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\uk-UA\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\uk-UA\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\vi\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\vi\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\vi\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-CN\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-CN\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-CN\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\zh-TW\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\debuggerHalter.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-annotations.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-channel-listener.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-http-observer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-service.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\firebug-trace-service.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\observer-service.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\modules\storageService.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\platform\Darwin\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\about.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\activation-menu-console.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\activation-menu-net.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\activation-menu-script.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\arrowDown.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\arrowUp.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\bindings.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNext.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNextActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNextArmed.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakNextDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnErrorSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnMutateSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnNextSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn\breakOnXHRSingle.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpoint.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointCondition.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointDisabledExe.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\breakpointExe.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\callstack.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\commandLine.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\commandLineDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condBorders.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condBordersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condCorners.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\condCornersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\console.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\continue.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\continueActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\continueDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\css.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\customizeShortcuts.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\debugger.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\disable.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\disabledIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\disableHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\dom.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\errorIcon-sm.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\errorIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\exe.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug-gray-16.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug16.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug24.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\firebug32.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\group.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\html.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\infoIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\inspect.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\inspectDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\inspectSmall.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\jsonViewer.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\layout.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\loading_16.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\close.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\closeActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\closeHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\debugger.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\detach.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\detachActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\detachHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebugMenu.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebugMenuHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\firebugMenuOpen.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\hud-style-button-middle-background.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\min.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\minActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\minHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\panel.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\search-panel-down.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\search-panel.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabBar.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabLeft.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabLeftHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabMid.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabMidHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabRight.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\tabRightHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\toolbar.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\traceConsole.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\twistyClosed.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\twistyOpen.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\mac\window.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-back-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-back.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-down-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-down.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-forward-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-forward.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-up-disabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\nav-up.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\net.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarCached.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarConnecting.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarLoaded.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarLoading.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarReceiving.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarResolving.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarResponded.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarSending.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\netBarWaiting.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteBorders.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteBordersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteCorners.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\noteCornersUps.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\notloading_16.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\okIcon-sm.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\panel.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\panelbase.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\pause.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\pauseActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\pauseDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\rulerH.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\rulerV.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\search.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepInto.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepIntoActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepIntoDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOut.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOutActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOutDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOver.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOverActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\stepOverDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabbar\tab-bkgnd.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabbar\tab-hover-bkgnd.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeader.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeaderActive.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeaderSorted.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableHeaderSortedActive.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tableRep.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabMenuTarget.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\tabMenuTargetHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\Templarian_inspector.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\textEditorBorders.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\textEditorCorners.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\trace\clear.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\trace\up.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\traceConsole.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\warningIcon.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\close.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\closeActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\closeHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\detach.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\detachActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\detachHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\down.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\downActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\downHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\min.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\minActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\minHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\off.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\offActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\offHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\panel.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\pause.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\pauseActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\pauseDisabled.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabBg.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabLeft.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabLeftHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabLeftUnselected.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMenuTarget.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMenuTargetHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMid.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMidHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabMidUnselected.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabRight.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabRightHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\tabRightUnselected.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\traceConsole.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\twistyClosed.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\twistyOpen.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\up.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\upActive.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\upHover.png c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\win\window.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\skin\classic\window.css c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 01:37 . 2011-11-30 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-30 01:37 . 2011-11-30 01:37 -------- d-----w- c:\users\bswift\AppData\Local\temp 2011-11-30 00:54 . 2011-11-30 01:40 -------- d-----w- c:\users\Carson Pickens\AppData\Local\temp 2011-11-30 00:35 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\program files\iPod 2011-11-26 16:37 . 2011-11-26 16:38 -------- d-----w- c:\program files\iTunes 2011-11-26 16:32 . 2011-11-26 16:32 -------- d-----w- c:\program files\Bonjour 2011-11-25 16:17 . 2011-11-25 16:17 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\svD3onF4aHsJd8R 2011-11-25 16:00 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\F42CB 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YxxP0ucS1iD3n 2011-11-25 15:59 . 2011-11-25 17:47 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\206F4 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\SXXXqjjUCe 2011-11-25 15:59 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YuvD2obF4mG5Q 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18 . 2011-11-26 05:33 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-09 21:18 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 21:18 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-01 02:42 . 2011-10-12 19:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-20 39816] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-05-31 273544] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-05-02 115560] "EAFRCliStart"="c:\program files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe" [2011-02-17 1003520] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Carson Pickens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2011-5-26 431608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-12-21 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 EAFSPROT;EAFSPROT;c:\windows\System32\drivers\eafsprot.sys [2010-10-11 20216] S0 EPHDXLAT;PC Guardian Encryption Filter; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 EAFRCliManager;EAFRCliManager;c:\program files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe [2011-02-17 282624] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] . . --- Other Services/Drivers In Memory --- . *Deregistered* - ephdlink . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3058184860-598247740-3434065554-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.homepage.dontask - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\taskhost.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Citrix\GoToMeeting\723\g2mcomm.exe c:\program files\Citrix\GoToMeeting\723\g2mlauncher.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Steam\SteamService.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2011-11-29 19:50:32 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-30 01:50 ComboFix2.txt 2011-11-30 01:07 . Pre-Run: 110,157,647,872 bytes free Post-Run: 109,915,795,456 bytes free . - - End Of File - - 0B74C5EB6077E23F91BDD7595B89CA3E -
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
ComboFix 11-11-29.04 - Carson Pickens 11/29/2011 19:29:19.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.1622 [GMT -6:00] Running from: c:\users\Carson Pickens\Desktop\ComboFix.exe Command switches used :: c:\users\Carson Pickens\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\ConduitEngine.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\chrome\vshare.tv_bar.jar c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\ConduitAutoCompleteSearch.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\ConduitAutoCompleteSearch.xpt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCore.xpt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\alertSettingsComponent.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\appContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\engineContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\engineSettings.json c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\fbAlert.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\getAppsContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\postAppsContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\toolbarContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\defaults\unsharedAppsContextMenu.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\INSTALL.LOG c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF\manifest.mf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF\zigbert.rsa c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\META-INF\zigbert.sf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Chat.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\DataStructures.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\EBEncryption.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\ExternalLibraryLoader.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\HTTP.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\IO.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Log.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\MainSingleton.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\MD5.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Notifications.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\ObserversAndEvents.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Prefs.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\SearchProtector.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\SearchSuggestIO.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\String.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\TEAEncryption.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Timer.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Twitter.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\URL.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\Windows.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\modules\XML.jsm c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\searchplugin\conduit.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\setup.ini c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\version.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\a11y.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\aboutOverlay.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\aboutOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\activation.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\bindings.xml c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\blank.gif c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\branch.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\breakpoint.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\browserOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\callstack.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\changeeditor.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\changeeditor.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\chrome.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\commandLine.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\commandLineInjected.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\commandLinePopup.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\console.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\consoleInjected.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\consoleInjector.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\css.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\customizeShortcuts.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\customizeShortcuts.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\customizeToolbarOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\debugger.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\dom.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\domplate.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editor.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editors.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editors.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\editorToContextMenu.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\errors.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebug.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebug.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebug.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\firebugOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\highlighter.css c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\html.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\infotip.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\insideOutBox.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\inspector.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\jsonViewer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\knownIssues.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\layout.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\lib.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\lib\htmlLib.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\navigationHistory.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\net.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\panel.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\plugin.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\profiler.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\reps.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\search.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\shortcuts.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\sourceBox.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\sourceCache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\sourceFile.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\spy.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\svgViewer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tabCache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tabContext.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tableRep.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tabWatcher.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\testList.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tests\moved_to_fbug_tests.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\trace.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceConsole.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceConsole.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceConsole.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceLogFrame.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceModule.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\traceOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\tracingConsoleOverlay.xul c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\xmlViewer.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\content\firebug\xpcom.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\defaults\preferences\firebug.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\defaults\preferences\tracingConsole.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\Bugs.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\index.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\index.tpl.html c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.1.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.2.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.3.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.4.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\ReleaseNotes_1.5.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\docs\TODO.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\icons\default\firebug.ico c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\icons\default\TraceConsole.ico c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\license.txt c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\bg\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\bg\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\bg\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ca-AD\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ca-AD\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ca-AD\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\cs\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\cs\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\cs\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\da-DK\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\de\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\de\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\de\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\el\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\el\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\el\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\en-US\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\en-US\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\en-US\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es-AR\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es-AR\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es-AR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\es\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fa\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fr\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fr\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\fr\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hr-HR\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hr-HR\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hr-HR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hu-HU\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hu-HU\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hu-HU\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hy-AM\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hy-AM\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\hy-AM\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\is-IS\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\is-IS\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\is-IS\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\it-IT\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\it-IT\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\it-IT\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ja-JP\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ja-JP\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ja-JP\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ko-KR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\nl\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\nl\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\nl\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pl\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pl\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pl\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-BR\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-BR\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-BR\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-PT\firebug-amo.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-PT\firebug-tracing.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\pt-PT\firebug.properties c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\firebug@software.joehewitt.com\locale\ro-RO\firebug- -
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
ComboFix 11-11-29.04 - Carson Pickens 11/29/2011 18:42:33.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.2264 [GMT -6:00] Running from: c:\users\Carson Pickens\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome\xulcache.jar c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\defaults\preferences\xulcache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\install.rdf c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome.manifest c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome\xulcache.jar c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\defaults\preferences\xulcache.js c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\install.rdf c:\users\Carson Pickens\g2mdlhlpx.exe c:\windows\$NtUninstallKB14001$ c:\windows\$NtUninstallKB14001$\1766350841\@ c:\windows\$NtUninstallKB14001$\1766350841\bckfg.tmp c:\windows\$NtUninstallKB14001$\1766350841\cfg.ini c:\windows\$NtUninstallKB14001$\1766350841\Desktop.ini c:\windows\$NtUninstallKB14001$\1766350841\keywords c:\windows\$NtUninstallKB14001$\1766350841\kwrd.dll c:\windows\$NtUninstallKB14001$\1766350841\L\xadqgnnk c:\windows\$NtUninstallKB14001$\1766350841\U\00000001.@ c:\windows\$NtUninstallKB14001$\1766350841\U\00000002.@ c:\windows\$NtUninstallKB14001$\1766350841\U\00000004.@ c:\windows\$NtUninstallKB14001$\1766350841\U\80000000.@ c:\windows\$NtUninstallKB14001$\1766350841\U\80000004.@ c:\windows\$NtUninstallKB14001$\1766350841\U\80000032.@ c:\windows\$NtUninstallKB14001$\3955381397 c:\windows\system32\drivers\etc\hosts1 . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) . . 2011-11-30 00:54 . 2011-11-30 00:57 -------- d-----w- c:\users\Carson Pickens\AppData\Local\temp 2011-11-26 16:37 . 2011-11-26 16:37 -------- d-----w- c:\program files\iPod 2011-11-26 16:37 . 2011-11-26 16:38 -------- d-----w- c:\program files\iTunes 2011-11-26 16:32 . 2011-11-26 16:32 -------- d-----w- c:\program files\Bonjour 2011-11-25 16:17 . 2011-11-25 16:17 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\svD3onF4aHsJd8R 2011-11-25 16:00 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\F42CB 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YxxP0ucS1iD3n 2011-11-25 15:59 . 2011-11-25 17:47 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\206F4 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\SXXXqjjUCe 2011-11-25 15:59 . 2011-11-25 16:34 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\YuvD2obF4mG5Q 2011-11-25 15:59 . 2011-11-25 15:59 -------- d-----w- c:\users\Carson Pickens\AppData\Roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18 . 2011-11-26 05:33 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-09 21:18 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 21:18 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-01 02:42 . 2011-10-12 19:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-11 17:31 . 2011-09-11 17:31 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-20 39816] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-05-31 273544] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-05-02 115560] "EAFRCliStart"="c:\program files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe" [2011-02-17 1003520] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Carson Pickens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2011-5-26 431608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-12-21 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400] S0 EAFSPROT;EAFSPROT;c:\windows\System32\drivers\eafsprot.sys [2010-10-11 20216] S0 EPHDXLAT;PC Guardian Encryption Filter; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 EAFRCliManager;EAFRCliManager;c:\program files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe [2011-02-17 282624] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 106104] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] . . --- Other Services/Drivers In Memory --- . *Deregistered* - ephdlink . Contents of the 'Scheduled Tasks' folder . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14] . 2011-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3058184860-598247740-3434065554-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file) WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file) SafeBoot-Symantec Antvirus . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe c:\program files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\taskhost.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\conhost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Citrix\GoToMeeting\723\g2mcomm.exe c:\program files\Citrix\GoToMeeting\723\g2mlauncher.exe c:\windows\System32\wsqmcons.exe c:\windows\system32\sppsvc.exe c:\program files\Common Files\Steam\SteamService.exe c:\windows\system32\NOTEPAD.EXE c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2011-11-29 19:07:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-30 01:07 . Pre-Run: 109,183,401,984 bytes free Post-Run: 110,153,195,520 bytes free . - - End Of File - - B31E2FDE2C8008168E06A24DA7D9932E -
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
ComboFix 11-11-29.04 - Carson Pickens 11/29/2011 18:42:33.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.2264 [GMT -6:00] Running from: C:\Users\Carson Pickens\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome.manifest C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\chrome\xulcache.jar C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\defaults\preferences\xulcache.js C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0}\install.rdf C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome.manifest C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\chrome\xulcache.jar C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\defaults\preferences\xulcache.js C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f}\install.rdf C:\Users\Carson Pickens\g2mdlhlpx.exe C:\Windows\$NtUninstallKB14001$ C:\Windows\$NtUninstallKB14001$\1766350841\@ C:\Windows\$NtUninstallKB14001$\1766350841\bckfg.tmp C:\Windows\$NtUninstallKB14001$\1766350841\cfg.ini C:\Windows\$NtUninstallKB14001$\1766350841\Desktop.ini C:\Windows\$NtUninstallKB14001$\1766350841\keywords C:\Windows\$NtUninstallKB14001$\1766350841\kwrd.dll C:\Windows\$NtUninstallKB14001$\1766350841\L\xadqgnnk C:\Windows\$NtUninstallKB14001$\1766350841\U\00000001.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\00000002.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\00000004.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\80000000.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\80000004.@ C:\Windows\$NtUninstallKB14001$\1766350841\U\80000032.@ C:\Windows\$NtUninstallKB14001$\3955381397 C:\Windows\system32\drivers\etc\hosts1 ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 ))))))))))))))))))))))))))))))) 2011-11-30 00:54:08 . 2011-11-30 00:57:34 -------- d-----w- C:\Users\Carson Pickens\AppData\Local\temp 2011-11-26 16:37:30 . 2011-11-26 16:37:30 -------- d-----w- C:\Program Files\iPod 2011-11-26 16:37:28 . 2011-11-26 16:38:51 -------- d-----w- C:\Program Files\iTunes 2011-11-26 16:32:38 . 2011-11-26 16:32:39 -------- d-----w- C:\Program Files\Bonjour 2011-11-25 16:17:20 . 2011-11-25 16:17:20 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\svD3onF4aHsJd8R 2011-11-25 16:00:11 . 2011-11-25 16:34:21 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\F42CB 2011-11-25 15:59:38 . 2011-11-25 15:59:38 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\YxxP0ucS1iD3n 2011-11-25 15:59:37 . 2011-11-25 17:47:13 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\206F4 2011-11-25 15:59:32 . 2011-11-25 15:59:32 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\SXXXqjjUCe 2011-11-25 15:59:31 . 2011-11-25 16:34:21 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\YuvD2obF4mG5Q 2011-11-25 15:59:30 . 2011-11-25 15:59:30 -------- d-----w- C:\Users\Carson Pickens\AppData\Roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18:58 . 2011-11-26 05:33:10 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-09 21:18:18 . 2011-09-29 16:03:04 1290608 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2011-11-09 21:18:17 . 2011-10-01 04:37:08 708608 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 21:18:15 . 2011-09-29 03:37:56 2341888 ----a-w- C:\Windows\system32\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-10-24 20:29:02 . 2011-10-24 20:29:02 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx 2011-10-24 20:29:02 . 2011-10-24 20:29:02 69632 ----a-w- C:\Windows\system32\QuickTime.qts 2011-10-01 02:42:56 . 2011-10-12 19:15:44 1638912 ----a-w- C:\Windows\system32\mshtml.tlb 2011-09-11 17:31:04 . 2011-09-11 17:31:04 0 ----a-w- C:\Windows\system32\ConduitEngine.tmp ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files\Steam\Steam.exe" [2011-08-02 12:44:10 1242448] "GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe" [2011-07-20 17:58:53 39816] "Desktop Software"="C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 07:57:42 1025320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2010-08-26 03:45:44 136216] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2010-08-26 03:45:36 171032] "Persistence"="C:\Windows\system32\igfxpers.exe" [2010-08-26 03:45:40 170520] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 04:19:50 140520] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 18:49:36 35736] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 18:49:34 932288] "IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 22:52:14 1797008] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552] "TkBellExe"="C:\Program Files\Real\RealPlayer\Update\realsched.exe" [2011-05-31 15:46:19 273544] "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 08:44:40 500208] "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 18:37:14 517096] "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 09:57:06 406992] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2011-05-02 19:21:34 115560] "EAFRCliStart"="C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe" [2011-02-17 16:44:12 1003520] "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 22:00:48 449608] "Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 22:00:48 1047208] "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 13:22:28 59240] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-13 06:24:58 421736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 20:28:52 421888] C:\Users\Carson Pickens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GoZone iSync.lnk - C:\Program Files\GoZone\GoZone_iSync.exe [2011-5-26 431608] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] VPN Client.lnk - C:\Windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-12-21 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 21:16:28 130384] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:31 136176] R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:31 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232] R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 18:37:14 517096] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-21 14:34:07 1343400] S0 EAFSPROT;EAFSPROT;C:\Windows\System32\drivers\eafsprot.sys [2010-10-11 18:10:02 20216] S0 EPHDXLAT;PC Guardian Encryption Filter; [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128] S2 EAFRCliManager;EAFRCliManager;C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe [2011-02-17 16:37:58 282624] S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 22:00:48 366152] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 14:17:43 106104] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2011-08-31 22:00:50 22216] --- Other Services/Drivers In Memory --- *Deregistered* - ephdlink Contents of the 'Scheduled Tasks' folder 2011-11-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:37 . 2011-02-19 16:14:31] 2011-11-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-19 16:14:37 . 2011-02-19 16:14:31] 2011-11-27 C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3058184860-598247740-3434065554-1000.job - C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47:46 . 2011-03-29 15:47:46] ------- Supplementary Scan ------- uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - C:\Users\Carson Pickens\AppData\Roaming\Mozilla\Firefox\Profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - user.js: yahoo.homepage.dontask - true - - - - ORPHANS REMOVED - - - - URLSearchHooks-{7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file) WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file) SafeBoot-Symantec Antvirus -
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
TDSSKiller isn't finding any RootKit infections. My computer seems to be running fine. -
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by Carson Pickens at 18:09:26 on 2011-11-29 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.1475 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Steam\steam.exe C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\GoZone\GoZone_iSync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [EAFRCliStart] c:\program files\symantec\symantec endpoint encryption clients\client console\EAFRCliStart.exe /p mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\users\carson~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\2634F62707 : DhcpNameServer = 192.168.1.2 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\7596E676164756 : DhcpNameServer = 172.20.100.1 TCP: Interfaces\{B296EEAC-EB96-4EDD-9A15-93579762C007} : DhcpNameServer = 192.168.1.2 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll Hosts: 172.25.0.163 APP_P Hosts: 172.25.0.168 WEB1A Hosts: 172.25.0.169 WEB2A Hosts: 172.25.0.170 WEB3A Hosts: 172.25.16.164 DB1_P1 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: XUL Cache: {35e5a971-af88-4876-bc1c-1e790de285f0} - %profile%\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} FF - Ext: XUL Cache: {c24f2e42-5717-47d8-adf0-57f1155d997f} - %profile%\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [2010-10-11 20216] R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [2010-10-11 95992] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 EAFRCliManager;EAFRCliManager;c:\program files\symantec\symantec endpoint encryption clients\EAFRCliManager.exe [2011-2-17 282624] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-19 366152] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-2 1831024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-19 22216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400] . =============== Created Last 30 ================ . 2011-11-26 16:37:30 -------- d-----w- c:\program files\iPod 2011-11-26 16:37:28 -------- d-----w- c:\program files\iTunes 2011-11-26 16:32:38 -------- d-----w- c:\program files\Bonjour 2011-11-25 16:17:20 -------- d-----w- c:\users\carson pickens\appdata\roaming\svD3onF4aHsJd8R 2011-11-25 16:00:11 -------- d-----w- c:\users\carson pickens\appdata\roaming\F42CB 2011-11-25 15:59:38 -------- d-----w- c:\users\carson pickens\appdata\roaming\YxxP0ucS1iD3n 2011-11-25 15:59:37 -------- d-----w- c:\users\carson pickens\appdata\roaming\206F4 2011-11-25 15:59:32 -------- d-----w- c:\users\carson pickens\appdata\roaming\SXXXqjjUCe 2011-11-25 15:59:31 -------- d-----w- c:\users\carson pickens\appdata\roaming\YuvD2obF4mG5Q 2011-11-25 15:59:30 -------- d-----w- c:\users\carson pickens\appdata\roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18:58 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin 2011-11-09 21:18:18 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18:17 708608 ----a-w- c:\program files\common files\system\wab32.dll 2011-11-09 21:18:15 2341888 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-11 17:31:04 0 ----a-w- c:\windows\system32\ConduitEngine.tmp . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82C8952A] -> \Device\Harddisk0\DR0[0x861B8030] 3 CLASSPNP[0x8B61C59E] -> ntkrnlpa!IofCallDriver[0x82C8952A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x86109908] kernel: MBR read successfully _asm { JMP 0x60; } user != kernel MBR !!! copy of MBR has been found in sector 14 ! . ============= FINISH: 18:10:43.30 =============== -
Unable to connect to internet after malware removal
csgotflow replied to csgotflow's topic in Resolved Malware Removal Logs
I was able to get back on the internet by performing a system restore to a date prior to the attack. What suggests to you that a backdoor trojan might be hanging out? Is it something from the Hijack this log or are backdoor trojans common with rogue antivirus programs? -
Hi, I am currently showing limited/no connectivity from my laptop on a connection that is verified working. I was removing Cloud AV from my computer prior to this problem. Here is my DDS log. Any help you can provide would be greatly appreciated. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by Carson Pickens at 12:50:39 on 2011-11-25 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3027.1715 [GMT -6:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\GEDBCheckerSvr.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EACommunicatorSrv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\Client Console\EAFRCliStart.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\GoZone\GoZone_iSync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File uRun: [steam] "c:\program files\steam\Steam.exe" -silent uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon" uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [EAFRCliStart] c:\program files\symantec\symantec endpoint encryption clients\client console\EAFRCliStart.exe /p mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\users\carson~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\34162737F6E6059636B656E637 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{A8124015-3538-4164-8307-B3AB7397D863}\7596E676164756 : DhcpNameServer = 172.20.100.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko5.dll FF - component: c:\users\carson pickens\appdata\roaming\mozilla\firefox\profiles\khpuwwx2.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\RadioWMPCoreGecko6.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com FF - Ext: vshare.tv Bar Community Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - %profile%\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} FF - Ext: XUL Cache: {35e5a971-af88-4876-bc1c-1e790de285f0} - %profile%\extensions\{35e5a971-af88-4876-bc1c-1e790de285f0} FF - Ext: XUL Cache: {c24f2e42-5717-47d8-adf0-57f1155d997f} - %profile%\extensions\{c24f2e42-5717-47d8-adf0-57f1155d997f} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [2010-10-11 20216] R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [2010-10-11 95992] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 EAFRCliManager;EAFRCliManager;c:\program files\symantec\symantec endpoint encryption clients\EAFRCliManager.exe [2011-2-17 282624] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-19 366152] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-5-2 1831024] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-19 22216] R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-25 41272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-19 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400] . =============== Created Last 30 ================ . 2011-11-25 18:04:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-11-25 16:17:22 -------- d-----w- c:\users\carson pickens\appdata\roaming\UBrzPNyxAuSbm5Q 2011-11-25 16:17:20 -------- d-----w- c:\users\carson pickens\appdata\roaming\svD3onF4aHsJd8R 2011-11-25 16:00:11 -------- d-----w- c:\users\carson pickens\appdata\roaming\F42CB 2011-11-25 15:59:39 -------- d-----w- c:\users\carson pickens\appdata\roaming\Z4amH6sW7fELgZh 2011-11-25 15:59:38 -------- d-----w- c:\users\carson pickens\appdata\roaming\YxxP0ucS1iD3n 2011-11-25 15:59:37 -------- d-----w- c:\users\carson pickens\appdata\roaming\206F4 2011-11-25 15:59:32 -------- d-----w- c:\users\carson pickens\appdata\roaming\SXXXqjjUCe 2011-11-25 15:59:31 -------- d-----w- c:\users\carson pickens\appdata\roaming\YuvD2obF4mG5Q 2011-11-25 15:59:30 -------- d-----w- c:\users\carson pickens\appdata\roaming\Y4ppmH5sQ7dE8R9 2011-11-25 15:18:58 158056 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10139.bin 2011-11-09 21:18:18 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:18:17 708608 ----a-w- c:\program files\common files\system\wab32.dll 2011-11-09 21:18:15 2341888 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-11 17:31:04 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-30 20:22:13 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-08-30 19:33:50 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: WDC_WD1600BEVT-75ZCT2 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82C7A52A] -> \Device\Harddisk0\DR0[0x865BD030] 3 CLASSPNP[0x8BA8D59E] -> ntkrnlpa!IofCallDriver[0x82C7A52A] -> \Device\Ide\IdeDeviceP0T0L0-0[0x860B4030] kernel: MBR read successfully _asm { JMP 0x60; } user != kernel MBR !!! copy of MBR has been found in sector 14 ! . ============= FINISH: 12:51:56.96 =============== Attach.txt DDS.txt