Jump to content

TheAxeShallFall

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Everything is great, thank you so much for your help!
  2. I ran into one problem. When I did the uninstall, SweetIM uninstaller gave me the same message as before, "The feature you are trying to use is on a network resource that is unavailable". I went ahead with the uninstall though, and it did remove SweetIM for Messengar 3.4.
  3. Here are the results: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows Vista Home Premium x64Ran by Aida on Mon 10/27/2014 at 17:17:05.28~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559} ~~~ Files Successfully deleted: [File] "C:\Windows\couponprinter.ocx"Successfully deleted: [File] "C:\Windows\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0136F8D9-C6FC-4A14-A94E-29BA80BFF96D}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{014C14B2-84F4-4896-A857-3C98A0607EBA}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0517BCBE-FC6B-4B3C-8D7E-F4FDE9512F96}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{065D5EC9-A5A7-4C3A-82D4-236AB466EE50}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{07B2D9CD-84D0-440C-BDC8-1934F1339A00}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{09B2AF1A-3C34-4B6C-937A-8D04C9EE9CC9}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0B42D8A3-623E-46B4-AFEE-BA495EFD50CA}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0D93AAE6-3D92-478C-BCA8-421D60FADBBE}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0DA1CACC-BA7A-4A65-B27F-EF4F6C095275}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0FE1B633-5273-4C01-A731-9044007B752C}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{0FE48E20-6D9C-4AEC-BCAE-36EEC2D378A6}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{105EC09E-C3C8-4353-B3AD-23E5D448CF7F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{10CEA72D-16CA-4652-85CB-5BCEC687A9E6}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{12C2999E-FC27-4172-9EB1-AA19AC63FDDC}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{14922007-556F-4279-8F56-8F1CE229C844}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{153E77EF-F0A0-41D2-8D02-E3D89782780F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{1B18A8ED-D006-44B5-B7EC-DB97C4BA319B}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{1B2BBBB4-0743-4820-95B9-54ED50D9C7DB}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{1BB64826-28C4-4789-9D18-115F40D81683}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{1BBFBD75-E6E6-4D56-8DEC-9C30D2D7B98E}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{1BEB928F-67C8-42D5-A687-4592462FA1F6}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{1CFF0A60-0BBB-4DAD-877A-78F8308C5E71}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{20B73F6E-CBCA-469F-8AC6-678DD8963789}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{21C4415B-F55F-4353-837B-A3F5E86522D1}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{246F4724-7357-4DAF-BB8A-8C498B4E2BB4}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{27B74C5A-C481-4C39-A60D-FE2954142D74}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{28A66593-DB17-41E1-94D4-E5A773959B44}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{2D38E67B-16DF-43FA-9EA9-E609F560ED38}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3072F60F-5F99-49D3-9B9E-0A8EC1FDFE16}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3164A4E5-EED6-4A71-9449-A7CA8E55FAAC}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{31B98B1F-7C10-41AA-A113-812E7DFDD54E}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{33CFFF6A-91AF-4D67-846A-A125E02FC730}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3464EDA5-EE29-41E4-8E64-0602421DBDD1}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3A8B2C2D-AFA9-40FB-B47E-ECBDB4A645D7}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3D18F5D0-0006-471B-9ACB-B081CA57596F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3DE8FFE2-C937-4C8F-B7E1-ABDDAF39CD7C}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{3F4AD047-16B0-4D03-9993-5F5934B6E4C5}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{4005A119-AD7F-4853-8A9F-7A8BA50A7D50}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{42C69E41-1793-44E6-8FF5-C998C20EDBAD}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{446D95AA-1150-4F92-BED1-C7156DF0F8F5}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{44ED70E7-3CB4-4E55-85AD-345DF3C0634B}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{457E10DB-68A7-4339-AA21-FE58EEBB4830}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{47528062-B949-4394-9F43-CDC4A073BED0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{49CEB58F-2731-464C-BC1E-3AF1E3521381}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{4AEB30E6-2568-4074-8ABA-A3AB828932A8}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{4DD29CF5-8A36-4115-B0CD-9EF5FCA2695A}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{4E48B7AB-5EAF-40B0-98DE-4CEB32661DAD}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{505E4056-4B2F-4FB1-A341-7F261D140E1F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{517F3C62-EEE8-4324-BB14-37CF9CAA3FE8}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{51A351CE-8E6E-4A7E-A7C8-73F2D27935B9}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{56A03652-336D-4F20-B7F1-66D86A9761F3}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{572B56F0-A324-48CE-B76F-A35D7A92A7D5}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{57A55598-207E-4636-BF2B-2568E69365DA}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{589F3CCA-1292-447F-B877-CF53ED81E90F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{5AADB3C5-277D-4AC0-AAD8-2082DF65B6CF}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{5AC43EDE-7BA1-4FC6-AA3F-3529886845A1}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{5CABE889-215B-4CC3-B52E-CFE37551425D}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{5CDCF045-7CF7-435E-A3C6-4A964D5F5F28}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{5DE99374-3578-4E6C-A97F-A3852CDAA84B}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{624FD9F9-0930-45CC-BDE2-5FB12F880238}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{62E26E21-2D4E-47EE-B31C-AC5B5EA896CD}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{6767B21A-B864-47CA-B017-7B93B8B37836}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{6778E4D0-032A-439B-87DE-2A9D0B42639F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{690FAAB9-F94E-4C1C-9FE0-98664F81294B}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{6D650831-6F4E-411C-8819-B8963E34A864}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{6DC4F9D6-1EA6-4F30-A912-4D631A695A0D}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{6ECCC0BC-4CB6-4BD1-9F95-B535AE0182BB}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{6ED8AD89-97C9-4089-8172-9BB60F0D7C0E}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{70205D42-A038-4BCD-8F41-C42C91CA468C}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{716989B4-DDEB-49FA-B5FD-6A9ECC521E92}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{73BF6215-32BA-4288-BCE8-1D609BCF22C8}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{75ADC5A1-6F8C-4F95-B98A-95154E3DCDB1}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{76120A10-BE36-4C2C-A1CC-51C47FC7B852}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{7BEA3CC8-7DAA-4752-ACD6-23C6B48BC634}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{7CB27B68-182C-42B0-9FFC-08C3F3182629}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{7D833BCD-264D-41AD-AB8E-0B482236A055}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{7FAB7411-8FED-4324-AB89-C10BDDCED65F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{81D5E037-6AC8-4834-AF5A-71BEEBF01A4E}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{86A396D4-5008-4099-A254-0A40E956EBC4}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{874DC875-8DC8-44CC-8A00-DC9F067CA6BE}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{8A7F6479-390E-4753-B2E9-CD2F54A782FD}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{8B9F6B10-E968-412B-8CB4-5093BACE566F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{8BF19CFE-1224-43A6-84BF-2E2031822A52}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{8DC0F196-CDD3-4CBA-9A66-D61C98C88814}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{8F330B79-0271-4EF9-8D69-67AA1EA84866}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{8FCC4FCE-9FD2-4964-9454-82CE5F7EB122}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{92582B5E-76C6-45F7-8366-D1C0E9C238D9}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{9324D40C-E1B4-4378-84DF-8D1409E89932}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{9A6B51FB-56AE-4528-BADD-865FDE0B6525}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{9C87326B-0B38-4B7E-BEC0-A2BA6188B4F6}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{9CC998C7-E812-4D22-99B7-E4BEBE8D01EE}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{9ED0C465-9F53-4017-A6E0-8012C8CFD543}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{A0AD7AF3-3BF4-4E15-BD37-A50AAABD0589}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{A3C17817-F063-483F-988D-8091A9377189}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{A47FC41E-9D71-40E3-A2DC-8EA02B8C5147}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{A5AA5F26-E468-4EA9-BAA7-A6275E4BEA36}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{A7195853-B64E-4133-A77F-3812C730965B}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{AA1A6156-0EDD-4F8A-8BA9-39A784044D4A}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{AA4CDC86-B4F3-4DF8-B791-E4D0A63FE683}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{ACB86E39-4F05-4060-8ABC-3758CADA2D75}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{ADF5EB2F-1A6A-4A07-8B98-5F6BFB3474E0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{AE7036FB-C2F5-45F0-913D-0EFA1B5352EC}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{AEBB7D68-708B-45C0-9825-6BD4C50AA9BF}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{AF1B3630-E4AC-485B-8D3A-42BB2E09B473}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B11E7DAC-5BD0-4500-BF50-728154546EC8}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B1799855-E436-4536-92B2-94B3D173FF8B}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B4F5AF4C-3998-4A54-ACDA-ABA73963B017}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B563E185-7ADD-4190-8ED1-2FFDE132ABB3}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B6C73087-0B34-4A48-954B-478D0DC91572}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B6FAD2ED-B2E2-4C3C-B784-C642988DEFE0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B7B24732-2F62-409A-AB55-DB2B31DCDD79}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{B8794CED-DDB6-4A4D-B9FC-28D70154CAF9}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{BBFB75AF-C815-4C1A-9ED4-D93CCCEC3FF0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{C065191B-FA0E-41F0-99C1-57E26D448091}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{C0E35EFA-8AA9-4957-9858-169B3087FCC9}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{C615717E-13DE-4C38-BCE2-8C21ED11F4F0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{C7256450-E4EA-45B4-81A9-29C0986370E7}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{C916A0DE-3B17-4A48-9006-3ABDBA37005E}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{CF0D17C7-DC61-465D-90F4-9BDBE2E40799}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{D4A9F401-37FF-4573-93D8-7E53C3EB1DA8}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{D4ECA998-81DC-47CA-8252-E74EBA6D3F2D}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{D84E3E32-C048-48B2-9DE3-670BFBBF0FB0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{D8A9A1F1-72D2-4399-884C-70BC14CDDF81}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{D8B88E01-96C0-4C70-A860-13BB4C1E3545}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{D93AE648-A19D-48CB-B2DC-06493DAAD6CB}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{DA4FA6E3-3F57-440A-A5F5-63A487A9053A}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{DBCEBA76-3481-4D54-95C1-F6E17A652BEA}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{DCDBD831-731C-4A2C-82F0-F0A60E8ACEF1}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{DD1E8BF1-0661-46D5-AA44-66BAB0E15677}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{DE713933-484D-4F8A-8292-232EA06BBC46}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{DF06DDD9-0E75-4D99-B9A2-24DBEDF34DB8}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{E0B91DF1-81D1-40BF-8677-0EB884EB5F20}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{E1B1A028-E688-44F7-90BA-6C179A255339}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{E327415E-8512-4F12-8E0C-A4EB04CA75CD}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{E788045E-5016-4829-BBB4-89845CD0D7A0}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{E7EED097-34CD-4DC7-B9A5-C2BBB9B9CB5F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{E85F58C6-8D30-44BD-B949-01753CDA6F5F}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{F07BFAEE-1474-4C51-89B3-4285A0E9B105}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{F19A1943-092A-4A5E-8894-D8747652E30A}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{F3CCDC42-89DF-473E-8CEC-23796AA6F122}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{F665ECA8-A76D-4BD8-A8A2-4CA42BF7CE79}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{F9FB20E2-F3F9-42BA-A677-C626DBC5EFB6}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{FD342D7D-BE11-4F3C-9BA7-4FB43CF73A83}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{FD9ECDB2-C70B-4E23-918C-E8028CD0F3BC}Successfully deleted: [Empty Folder] C:\Users\Aida\appdata\local\{FEAA5386-1CA6-4729-A4AC-93EEDB8D125F} ~~~ FireFox Successfully deleted the following from C:\Users\Aida\AppData\Roaming\mozilla\firefox\profiles\yjzibusg.default\prefs.js user_pref("extensions.174PG.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1|user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_Emptied folder: C:\Users\Aida\AppData\Roaming\mozilla\firefox\profiles\yjzibusg.default\minidumps [18 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 10/27/2014 at 17:26:54.99End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. Thank you for your help. I have tried to uninstall "SweetIM for Messenger 3.4", but a box appears telling me that, "the feature you are trying to use is on a network resource that is unavailable". Here are the MBAM scan results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/26/2014 Scan Time: 3:51:47 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.26.08 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: Aida Scan Type: Threat Scan Result: Completed Objects Scanned: 456028 Time Elapsed: 47 min, 53 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-1650256794-3975455195-485888459-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ConsumerInput@Compete, C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi, Quarantined, [024ebb5e6517102602e428f772917d83] Registry Data: 0 (No malicious items detected) Folders: 7 PUP.Optional.MindSpark.A, C:\Program Files (x86)\ReferenceBoss_1pEI, Delete-on-Reboot, [72deee2bf18bb28402da9e60cb3755ab], PUP.Optional.MindSpark.A, C:\Program Files (x86)\ReferenceBoss_1pEI\Installr, Delete-on-Reboot, [72deee2bf18bb28402da9e60cb3755ab], PUP.Optional.MindSpark.A, C:\Program Files (x86)\ReferenceBoss_1pEI\Installr\1.bin, Delete-on-Reboot, [72deee2bf18bb28402da9e60cb3755ab], PUP.Optional.MindSpark.A, C:\Program Files (x86)\ReferenceBoss_1pEI\Installr\1.bin\chrome, Quarantined, [72deee2bf18bb28402da9e60cb3755ab], PUP.Optional.MindSpark.A, C:\Users\Aida\AppData\LocalLow\ReferenceBoss_1pEI, Delete-on-Reboot, [410f27f2502cfb3b3edd64a0da29728e], PUP.Optional.MindSpark.A, C:\Users\Aida\AppData\LocalLow\ReferenceBoss_1pEI\Installr, Delete-on-Reboot, [410f27f2502cfb3b3edd64a0da29728e], PUP.Optional.MindSpark.A, C:\Users\Aida\AppData\LocalLow\ReferenceBoss_1pEI\Installr\Cache, Quarantined, [410f27f2502cfb3b3edd64a0da29728e], Files: 1 PUP.Optional.MindSpark.A, C:\Users\Aida\AppData\LocalLow\ReferenceBoss_1pEI\Installr\Cache\files.ini, Quarantined, [410f27f2502cfb3b3edd64a0da29728e], Physical Sectors: 0 (No malicious items detected) (end)
  5. Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Aida at 2014-10-08 09:55:08 Running from C:\Users\Aida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1HZZ9X1 Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-zip v9.20 (HKLM-x32\...\7-Zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000103}) (Version: 001.000.004 - Adobe Systems) Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Illustrator CS4 (HKLM-x32\...\Adobe_2a31ae7a5c43ff52d8577782dd34e04) (Version: 14.0 - Adobe Systems Incorporated) Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Adventure Chronicles The Search for Lost Treasure (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116505387}) (Version: - Oberon Media) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Amazing Adventures SE Bundle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116977563}) (Version: - Oberon Media) Amazing Adventures The Lost Tomb (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117878527}) (Version: - Oberon Media) Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build a lot 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115735150}) (Version: - Oberon Media) Cake Mania 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115455627}) (Version: - Oberon Media) Cake Mania Main Street (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117761163}) (Version: - Oberon Media) Camera Assistant Software for Gateway (HKLM-x32\...\{39098402-3F7A-4257-A4AE-FC1181D1B40B}) (Version: 1.7.077.1117 - Chicony Electronics Co.,Ltd.) Cate West The Velvet Keys (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117086927}) (Version: - Oberon Media) Chocolatier 2 Secret Ingredients (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115373480}) (Version: - Oberon Media) Chocolatier Decadence By Design (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116638253}) (Version: - Oberon Media) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.75.0.0 - Conexant) Conexión BAM 1.03 (HKLM-x32\...\Conexión BAM 1.03) (Version: - ) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deal Info (x32 Version: 2008.1.22.0 - EarthLink, Inc) Hidden Delicious Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111839833}) (Version: - Oberon Media) DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.) Dream Chronicles (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115379930}) (Version: - Oberon Media) Dream Chronicles 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114774927}) (Version: - Oberon Media) Dream Chronicles 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117020110}) (Version: - Oberon Media) Dream Chronicles: The Book of Air (HKLM-x32\...\BFG-Dream Chronicles - The Book of Air) (Version: - ) Dream Chronicles: The Book of Water (HKLM-x32\...\BFG-Dream Chronicles - The Book of Water) (Version: - ) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) EarthLink FastLane (HKLM-x32\...\{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}) (Version: 5.8.0.13 - EarthLink, Inc) EarthLink Software (HKLM-x32\...\EarthLink TotalAccess 2004) (Version: 2008.1.22.0 - ) Echoes of the Past: The Castle of Shadows (HKLM-x32\...\BFG-Echoes of the Past - The Castle of Shadows) (Version: - ) EuroTalk Talk Now! (HKLM-x32\...\{42015F1C-6C8C-4D6F-AD6B-606761D23D3D}) (Version: 2.2.3.3 - EuroTalk Interactive) Express Scribe (HKLM-x32\...\Scribe) (Version: 5.63 - NCH Software) Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent) Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated) GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden GearDrvs (x32 Version: 1.00.0000 - GEAR Software) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - ) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.2.0 - Conexant Systems) Hidden Expedition Everest (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113043797}) (Version: - Oberon Media) Hidden Magic (HKLM-x32\...\BFG-Hidden Magic) (Version: - ) HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.016 - HTC Corporation) iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - ) iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.220 - Sun Microsystems, Inc.) Java 6 Update 26 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416026FF}) (Version: 6.0.260 - Oracle) Java 6 Update 4 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.) Java 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.) Java SE Development Kit 6 Update 26 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160260}) (Version: 1.6.0.260 - Oracle) KeyBlaze Typing Tutor (HKLM-x32\...\KeyBlaze) (Version: 2.14 - NCH Software) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version: - Lexmark International, Inc.) Love Story: The Way Home (HKLM-x32\...\BFG-Love Story - The Way Home) (Version: - ) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Margrave Manor 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11745870}) (Version: - Oberon Media) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft) Microsoft Money Shared Libraries (x32 Version: 16.0.0.705 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.) Motorola Driver Installation 4.2.4 (HKLM\...\{943BD9F2-E18A-4533-A6A7-B14326638958}) (Version: 4.2.4 - Motorola Inc.) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery PI Special Edition Bundle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11781177}) (Version: - Oberon Media) Nero 9 Essentials (HKLM-x32\...\{7bf8a9ad-4a56-4d03-b3e3-4fc5b4a9f3f2}) (Version: - Nero AG) Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Netflix in Windows Media Center (HKLM-x32\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation) Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation) O2Micro Flash Memory Card Reader Driver (x64) (HKLM\...\{A6F1A083-4B12-47E8-9954-E4820C9A65C2}) (Version: 3.25 - O2Micro) Pahelika Secret Legends (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117307377}) (Version: - Oberon Media) PdaNet for Android 2.42 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.4617.0 - Acer Inc.) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Redistributed Files (x32 Version: 2.0.46.0 - EarthLink, Inc.) Hidden Reincarnations: Awakening (HKLM-x32\...\BFG-Reincarnations - Awakening) (Version: - ) Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.) Samantha Swift 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116815903}) (Version: - Oberon Media) Samantha Swift 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118080877}) (Version: - Oberon Media) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.) Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spotify (HKCU\...\Spotify) (Version: 0.8.4.107.g4fa0003f - Spotify AB) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden SweetIM for Messenger 3.4 (HKLM-x32\...\{F70AE624-2B41-476F-BC9C-0A7F158C3F15}) (Version: 3.4.0005 - SweetIM Technologies Ltd.) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.22.0 - Synaptics) The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version: - ) The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - ) TotalAccess Core Applications (x32 Version: 2008.1.22.0 - EarthLink, Inc.) Hidden Treasure Seekers: The Enchanted Canvases (HKLM-x32\...\BFG-Treasure Seekers - The Enchanted Canvases) (Version: - ) Treasure Seekers: The Time Has Come (HKLM-x32\...\BFG-Treasure Seekers - The Time Has Come) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden Vista Media Center RSS Reader 2.3.0 (HKLM-x32\...\{D80E0F18-7252-4032-B40A-3D2D6089EB22}_is1) (Version: - ) VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team) Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Mobile Device Updater Component (Version: 04.07.1404.00 - Microsoft Corporation) Hidden WinFF 1.2 (HKLM-x32\...\WinFF_is1) (Version: - WinFF.org) Women’s Murder Club Twice in a Blue Moon (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117579150}) (Version: - Oberon Media) Womens Murder Club (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}) (Version: - Oberon Media) XnView 1.96.1 (HKLM-x32\...\XnView_is1) (Version: 1.96.1 - Gougelet Pierre-e) Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation) Zune (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Aida\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1650256794-3975455195-485888459-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 31-08-2014 20:09:49 Scheduled Checkpoint 05-09-2014 01:07:33 Norton 360 Registry Clean 05-09-2014 20:45:32 Restore Operation 10-09-2014 04:25:56 Windows Update 19-09-2014 02:45:25 Scheduled Checkpoint 21-09-2014 02:30:55 Removed MusicOasis 24-09-2014 12:43:00 Windows Update 26-09-2014 23:41:06 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03732DC3-A6A1-4806-9C04-465B8594374A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {060F912F-FA00-4E9A-8C0E-40A83F78BBB0} - System32\Tasks\{0070593B-285F-48C4-B249-9E7843793378} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.) Task: {07F41918-61AD-4E57-9AF7-E9309CB54447} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {0B705CB4-B7F6-48BA-9788-EB79E179EC54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {12493D8B-0F2C-4A27-AD0F-CEBD51FAB702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-21] (Google Inc.) Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {257F5929-C72D-428D-B7BB-6A40E442879A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {3FCAA24A-F7F5-4E1C-9AFA-02A93115214C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {4FEEFCD1-180C-4ECA-B93C-B30357350DCE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000UA => C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16] (Google Inc.) Task: {656AA83D-F54A-42E8-A1C6-EFB15A11BC01} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {7032496A-F6CB-48AF-A647-D8245E7BDAAD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {73145ED7-E567-45B8-B5AE-64AE7DBA276C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {78264F10-3C24-44FF-BBCA-8E67559C1572} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000Core => C:\Users\Aida\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14] (Facebook Inc.) Task: {7B11DEEC-CD18-4D5C-A8B4-9A9B0D570CA7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {7CDFD7ED-504C-4056-9953-3B34BFC04E57} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation) Task: {816C3534-6F2B-4626-8196-A98E6E6952A1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {88ABE1D1-A5B6-4B90-8D56-A28FC5D7BD1F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000UA => C:\Users\Aida\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-14] (Facebook Inc.) Task: {8D98B894-D3C1-42CD-8152-2BFABDE49CF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-05-21] (Google Inc.) Task: {94C5883C-4C5E-46A6-93ED-F8AD01B8F371} - System32\Tasks\NCH Software\ScribeSevenDays => C:\Program Files (x86)\NCH Software\Scribe\Scribe.exe Task: {9A72EA73-2CE8-4063-A02D-BD6D6062D303} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000Core => C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16] (Google Inc.) Task: {9FCA5790-2721-4871-B6F2-FFDF893DAF8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A349F69A-E2D8-4C7D-8C72-BB13D461AC35} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {A41220AE-C4CB-42FF-93A4-F912955AAAA4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {B72670C6-6DBE-499B-B4F9-11B9F3810C19} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {ECBC6AEF-B6C1-4271-91CF-2D1332877713} - System32\Tasks\CIMT_S-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: {F324ED78-554D-4DAD-A423-431CAFCD58A7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {F510AE21-622A-4EAC-8DBA-EE42D9A39B78} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CIMT_S-1-5-21-1650256794-3975455195-485888459-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000Core.job => C:\Users\Aida\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000UA.job => C:\Users\Aida\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000Core.job => C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000UA.job => C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-02-25 21:53 - 2008-06-11 12:18 - 00024576 _____ () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe 2009-02-25 21:53 - 2009-02-25 21:53 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll 2009-02-25 21:53 - 2009-02-25 21:53 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll 2009-02-25 21:53 - 2009-02-25 21:53 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll 2009-02-25 21:53 - 2009-02-25 21:53 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll 2009-02-25 21:53 - 2009-02-25 21:53 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll 2009-02-25 21:53 - 2009-02-25 21:53 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll 2010-11-20 11:20 - 2009-12-14 18:08 - 00092928 _____ () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2009-02-25 21:52 - 2008-11-17 19:54 - 04933120 _____ () C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe 2010-09-21 10:51 - 2009-10-23 12:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Aida\Documents\[Vimeo-7681282] Urban Abstract.mp4:TOC.WMV AlternateDataStreams: C:\ProgramData\TEMP:00F3978A AlternateDataStreams: C:\ProgramData\TEMP:01B0E73F AlternateDataStreams: C:\ProgramData\TEMP:05113FB9 AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545 AlternateDataStreams: C:\ProgramData\TEMP:18FCA3F2 AlternateDataStreams: C:\ProgramData\TEMP:25DEF972 AlternateDataStreams: C:\ProgramData\TEMP:2652902F AlternateDataStreams: C:\ProgramData\TEMP:2AF322BF AlternateDataStreams: C:\ProgramData\TEMP:30C46519 AlternateDataStreams: C:\ProgramData\TEMP:3612C9BE AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F AlternateDataStreams: C:\ProgramData\TEMP:512E1728 AlternateDataStreams: C:\ProgramData\TEMP:569CEE83 AlternateDataStreams: C:\ProgramData\TEMP:587F3582 AlternateDataStreams: C:\ProgramData\TEMP:5A27D490 AlternateDataStreams: C:\ProgramData\TEMP:5A2E8BBF AlternateDataStreams: C:\ProgramData\TEMP:5F51822D AlternateDataStreams: C:\ProgramData\TEMP:6017A808 AlternateDataStreams: C:\ProgramData\TEMP:65C4D44A AlternateDataStreams: C:\ProgramData\TEMP:68241CDB AlternateDataStreams: C:\ProgramData\TEMP:69B9AAE7 AlternateDataStreams: C:\ProgramData\TEMP:6A129BAB AlternateDataStreams: C:\ProgramData\TEMP:703CE963 AlternateDataStreams: C:\ProgramData\TEMP:754E278B AlternateDataStreams: C:\ProgramData\TEMP:86B7FDDB AlternateDataStreams: C:\ProgramData\TEMP:87FA5E8A AlternateDataStreams: C:\ProgramData\TEMP:89123481 AlternateDataStreams: C:\ProgramData\TEMP:8DCF53BE AlternateDataStreams: C:\ProgramData\TEMP:954B00C4 AlternateDataStreams: C:\ProgramData\TEMP:96F344DB AlternateDataStreams: C:\ProgramData\TEMP:9F683177 AlternateDataStreams: C:\ProgramData\TEMP:A02025CE AlternateDataStreams: C:\ProgramData\TEMP:A42FABF7 AlternateDataStreams: C:\ProgramData\TEMP:A9056F42 AlternateDataStreams: C:\ProgramData\TEMP:AA6C7C38 AlternateDataStreams: C:\ProgramData\TEMP:AC0FFFAF AlternateDataStreams: C:\ProgramData\TEMP:AECF4772 AlternateDataStreams: C:\ProgramData\TEMP:AFB24B00 AlternateDataStreams: C:\ProgramData\TEMP:B8B102B9 AlternateDataStreams: C:\ProgramData\TEMP:BEE39E9B AlternateDataStreams: C:\ProgramData\TEMP:CF2C26D2 AlternateDataStreams: C:\ProgramData\TEMP:D18D7C38 AlternateDataStreams: C:\ProgramData\TEMP:D30CE047 AlternateDataStreams: C:\ProgramData\TEMP:D7CCB616 AlternateDataStreams: C:\ProgramData\TEMP:E6E9EB6C AlternateDataStreams: C:\ProgramData\TEMP:E89EDC52 AlternateDataStreams: C:\ProgramData\TEMP:E8A39657 AlternateDataStreams: C:\ProgramData\TEMP:EA10407C AlternateDataStreams: C:\ProgramData\TEMP:F56BE392 AlternateDataStreams: C:\ProgramData\TEMP:F9689B72 AlternateDataStreams: C:\ProgramData\TEMP:FA42DF8E AlternateDataStreams: C:\ProgramData\TEMP:FDD78BE5 AlternateDataStreams: C:\ProgramData\TEMP:FED25C29 AlternateDataStreams: C:\Users\Guest\Desktop\VTS_01_1.VOB:TOC.WMV ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) HKU\S-1-5-21-1650256794-3975455195-485888459-1000\Software\Classes\.exe: => <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Windows Defender => C:\Program Files\Windows Defender\MSASCui.exe -hide ========================= Accounts: ========================== Administrator (S-1-5-21-1650256794-3975455195-485888459-500 - Administrator - Disabled) Aida (S-1-5-21-1650256794-3975455195-485888459-1000 - Administrator - Enabled) => C:\Users\Aida Guest (S-1-5-21-1650256794-3975455195-485888459-501 - Limited - Enabled) => C:\Users\Guest Mcx1 (S-1-5-21-1650256794-3975455195-485888459-1002 - Administrator - Enabled) => C:\Users\Mcx1 Rosemary (S-1-5-21-1650256794-3975455195-485888459-1001 - Administrator - Enabled) => C:\Users\Rosemary ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/08/2014 09:43:32 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (10/08/2014 09:10:14 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY) Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system. Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\UNINSTALL POWERDVD.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\READ ME.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\READ ME.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\ONLINE REGISTRATION.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (10/04/2014 05:32:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\AIDA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\CYBERLINK POWERDVD\POWERDVD HELP FILE.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (10/08/2014 09:11:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (10/08/2014 09:08:43 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Error: (10/04/2014 05:33:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (10/04/2014 05:30:24 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY) Description: Provider\Microsoft.Base.Publication/Publication/Computer Error: (10/04/2014 05:30:18 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Error: (10/04/2014 05:30:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:59:32 PM on 10/1/2014 was unexpected. Error: (10/01/2014 06:14:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (10/01/2014 06:10:50 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Error: (10/01/2014 08:05:35 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (10/01/2014 08:02:57 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY) Description: 2147942402 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-10-08 09:54:50.383 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:49.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:49.183 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:48.495 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:47.323 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:46.739 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:46.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-08 09:54:45.705 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-30 21:05:52.459 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-30 21:05:51.834 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz Percentage of memory in use: 50% Total physical RAM: 3960 MB Available physical RAM: 1974.76 MB Total Pagefile: 8107.27 MB Available Pagefile: 5850.22 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.76 GB) (Free:236.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: D3D22B2D) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=451.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. Hello, my mother's laptop has been infected with sweetim and torcho.com has replaced the browser homepage. Of the browsers I've tried, Firefox and Chrome seem to be the only ones affected since I ran adwcleaner about a week ago. Internet explorer seems to be running fine. Every webpage also has ads by dEalsatera (Even after reinstalling). Thank you for your time. FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Aida (administrator) on OFFICE on 08-10-2014 09:52:39 Running from C:\Users\Aida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1HZZ9X1 Loaded Profile: Aida (Available profiles: Aida & Rosemary & Mcx1 & Guest) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ( ) C:\Windows\System32\lxbkcoms.exe () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe (Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Chicony) C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Visual Networks) C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\ipmon32.exe (Visual Networks) C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe () C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1560360 2008-07-10] (Synaptics, Inc.) HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [163568 2010-09-24] (Microsoft Corporation) HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [638976 2008-09-09] (Chicony) HKLM-x32\...\Run: [eRecoveryService] => [X] HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [87336 2008-07-21] (Cyberlink Corp.) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2008-05-14] () HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [iPInSightMonitor 01] => C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks) HKLM-x32\...\Run: [iPInSightLAN 01] => C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks) HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2014-07-20] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [Google Update] => C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-06-16] (Google Inc.) HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe Startup: C:\Users\Rosemary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe () ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30A8623C75E2CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=md7818u&c=BB HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=md7818u&c=BB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=md7818u&c=BB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKLM-x32 - {9d18b218-6967-44c7-961f-c8710bf24559} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YPxdm013YYus&ptb=CB5EDABB-00DA-4F42-A818-FFBE8B62CC5A&psa=&ind=2011050519&ptnrS=YPxdm013YYus&si=CJecm9fYxagCFQkSbAodymJZpA&st=sb&n=77de3217&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7RNSN_enUS398 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7RNSN_enUS398 SearchScopes: HKCU - {9d18b218-6967-44c7-961f-c8710bf24559} URL = SearchScopes: HKCU - {9F626CD9-5745-406B-8AE8-207A247C8C35} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=135963&p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.59\oberontb.dll No File BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - No Name - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No File Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - No Name - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {EAAFD3E7-1BCC-4F58-9300-071EF858C219} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default FF NewTab: hxxp://torcho.com?channel=7777-2081&v1=home FF DefaultSearchEngine: Torcho FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Torcho FF Homepage: hxxp://torcho.com?channel=7777-2081&v1=home FF Keyword.URL: hxxp://torcho.com/?q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Aida\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aida\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Aida\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Aida\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Aida\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\searchplugins\inbox-search.xml FF SearchPlugin: C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\searchplugins\searcharmor.xml FF Extension: Fast Dial - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\fastdial@telega.phpnet.us [2014-09-30] FF Extension: TabNavigator - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\tabnav@cse.iitb.ac(854).in [2010-03-09] FF Extension: Ubiquity - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\ubiquity@labs.mozilla.com [2010-07-10] FF Extension: dEalsatera - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\uugdccrbv@gcdhlwxg.org [2014-09-04] FF Extension: Screengrab - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-10-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] FF Extension: DownloadHelper - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07] FF Extension: DownloadHelper - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(984) [2010-03-09] FF Extension: Personas Plus - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\personas@christopher.beard.xpi [2011-06-07] FF Extension: Adblock Plus - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07] FF Extension: DownThemAll! - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-06-18] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-10] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2014-10-08] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-19] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi Chrome: ======= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Aida\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Users\Aida\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12] CHR Extension: (AT_Porsche) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2011-03-10] CHR Extension: (RealDownloader) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-04] CHR Extension: (Norton Identity Safe) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27] CHR Extension: (Skype Click to Call) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-05] CHR Extension: (Google Wallet) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-06-03] (Adobe Systems) [File not signed] R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed] R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] S2 gupdate1c9da99f936a691; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-05-21] (Google Inc.) R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( ) R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( ) R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [92928 2009-12-14] () R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation) R2 o2flash; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140919.001\IDSvia64.sys [633560 2014-09-04] (Symantec Corporation) U0 IPVNMon; No ImagePath S3 motport; C:\Windows\System32\DRIVERS\motport.sys [30208 2009-10-27] (Motorola) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140919.019\ENG64.SYS [129752 2014-09-05] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140919.019\EX64.SYS [2137304 2014-09-05] (Symantec Corporation) R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62296 2008-07-15] (O2Micro ) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [49152 2009-08-28] (Apple, Inc.) [File not signed] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 yukonx64; system32\DRIVERS\yk60x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 09:47 - 2014-10-08 09:53 - 00000000 ____D () C:\FRST 2014-10-08 09:15 - 2014-10-08 09:15 - 00000902 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-08 09:15 - 2014-10-08 09:15 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-08 09:15 - 2014-10-08 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-08 09:15 - 2014-10-08 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-08 09:12 - 2014-10-08 09:13 - 00244136 _____ () C:\Users\Aida\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-08 09:09 - 2014-10-08 09:09 - 00000000 ____D () C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-10-01 08:19 - 2014-10-01 08:19 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-01 08:19 - 2014-10-01 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-30 20:18 - 2014-10-01 08:01 - 00000000 ____D () C:\AdwCleaner 2014-09-30 20:16 - 2014-09-30 20:16 - 01375089 _____ () C:\Users\Aida\Downloads\AdwCleaner(1).exe 2014-09-24 05:44 - 2014-09-08 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 05:44 - 2014-09-08 23:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-20 19:57 - 2014-09-20 19:57 - 01373475 _____ () C:\Users\Aida\Downloads\AdwCleaner.exe 2014-09-20 19:15 - 2014-09-20 19:15 - 00001062 _____ () C:\20SEP14.txt 2014-09-20 18:49 - 2014-09-30 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-20 18:48 - 2014-09-20 18:48 - 00000943 _____ () C:\Malwarebytes Anti-Malware.lnk 2014-09-20 18:48 - 2014-09-20 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-20 18:48 - 2014-09-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-20 18:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-20 18:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-20 18:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-20 18:46 - 2014-09-20 18:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-09-20 09:59 - 2014-09-20 10:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-20 09:42 - 2014-09-20 09:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia 2014-09-12 18:32 - 2014-10-08 09:10 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 2014-09-10 16:18 - 2014-09-10 16:18 - 00000000 ____D () C:\Users\Aida\AppData\Local\{09B2AF1A-3C34-4B6C-937A-8D04C9EE9CC9} 2014-09-09 21:52 - 2014-08-15 08:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-09 21:52 - 2014-08-15 08:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-09 21:52 - 2014-08-15 08:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-09 21:52 - 2014-08-15 08:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-09 21:52 - 2014-08-15 08:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-09 21:52 - 2014-08-15 08:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-09 21:52 - 2014-08-15 08:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-09 21:52 - 2014-08-15 08:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-09 21:52 - 2014-08-15 08:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-09 21:52 - 2014-08-15 08:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-09 21:52 - 2014-08-15 08:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-09 21:52 - 2014-08-15 08:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-09 21:52 - 2014-08-15 08:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-09 21:52 - 2014-08-15 07:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-09 21:52 - 2014-08-15 07:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-09 21:52 - 2014-08-15 07:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-09 21:52 - 2014-08-15 07:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-09 21:52 - 2014-08-15 07:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-09 21:52 - 2014-08-15 07:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-09 21:52 - 2014-08-15 07:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-09 21:52 - 2014-08-15 07:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-09-09 21:52 - 2014-08-15 07:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-09 21:52 - 2014-08-15 07:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-09 21:52 - 2014-08-15 07:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-09 21:52 - 2014-08-15 07:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-09-09 21:52 - 2014-08-15 07:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-09-09 16:15 - 2014-10-08 09:10 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 09:42 - 2012-04-07 09:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-08 09:42 - 2010-09-23 16:27 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000UA.job 2014-10-08 09:17 - 2009-02-25 21:45 - 01173865 _____ () C:\Windows\WindowsUpdate.log 2014-10-08 09:09 - 2009-06-30 18:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-08 09:08 - 2009-02-25 21:53 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-10-08 09:08 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-08 09:08 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-08 09:08 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-04 18:30 - 2009-01-13 10:48 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-10-04 18:30 - 2006-11-02 08:42 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-04 18:02 - 2009-06-30 18:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-01 18:10 - 2008-01-20 20:26 - 02843780 _____ () C:\Windows\PFRO.log 2014-10-01 10:01 - 2010-02-02 12:48 - 00000670 _____ () C:\Windows\Lexstat.ini 2014-10-01 08:19 - 2009-05-10 03:26 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-01 07:48 - 2009-10-21 12:45 - 00000000 ____D () C:\Users\Aida\AppData\Local\Yahoo! 2014-10-01 07:39 - 2010-09-23 16:28 - 00000000 ____D () C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-01 07:33 - 2014-07-25 16:02 - 00003356 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 2014-10-01 07:33 - 2014-07-12 15:55 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 2014-09-24 18:00 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache 2014-09-24 05:43 - 2012-04-07 09:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 05:43 - 2012-04-07 09:25 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 05:43 - 2011-05-15 10:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-20 19:28 - 2009-01-13 12:51 - 00031078 _____ () C:\Windows\ydi.log 2014-09-20 19:28 - 2009-01-13 12:51 - 00000330 ____R () C:\Windows\YukonInstall.log 2014-09-20 18:48 - 2012-01-07 16:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-20 18:46 - 2009-09-16 18:06 - 00000000 ____D () C:\Users\Guest\Tracing 2014-09-20 09:04 - 2006-11-02 05:46 - 00765736 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-20 09:02 - 2009-06-18 20:48 - 00071472 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-19 15:19 - 2009-12-16 15:25 - 00003793 _____ () C:\Windows\wininit.ini 2014-09-19 12:46 - 2011-06-16 12:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-09-10 16:26 - 2011-02-09 16:06 - 00000000 ____D () C:\Temp 2014-09-10 16:19 - 2009-05-13 18:46 - 00084480 _____ () C:\Users\Aida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-09 21:50 - 2012-02-16 10:15 - 00759540 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-09 21:48 - 2013-07-22 22:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-09 21:29 - 2006-11-02 05:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete: ==================== C:\ProgramData\CSI-Hooks.dll C:\ProgramData\CSI-Launcher_x64.dll Some content of TEMP: ==================== C:\Users\Aida\AppData\Local\Temp\bpuninstall.exe C:\Users\Aida\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-08 09:18 ==================== End Of Log ============================
  7. Looks good, no redirects to report I cannot thank you enough, Thanks! I can now delete all the logs and programs I downloaded, correct?
  8. Computer behavior is the same as my last post (No redirects so far). It seems as though it's back to normal, but I'll wait until we're finished to make any other assessments. ComboFix log: ComboFix 11-06-14.01 - Alex 06/14/2011 12:19:52.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.165 [GMT -7:00] Running from: c:\documents and settings\Alex.YOUR-27E1513D96\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Alex.YOUR-27E1513D96\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . FILE :: "c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp" "c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp" "c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp" "c:\windows\system32\qqaxzcpxhr.tmp" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Ask.com c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\Thumbs.db c:\program files\Ask.com\UpdateTask.exe . . ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 ))))))))))))))))))))))))))))))) . . 2011-05-29 23:37 . 2011-05-29 23:37 -------- d-----w- c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Malwarebytes 2011-05-28 20:07 . 2011-05-28 20:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-15 02:23 . 2011-05-15 02:23 0 ---ha-w- c:\windows\system32\qqaxzcpxhr.tmp 2011-04-29 02:24 . 2011-04-29 02:24 0 ---ha-w- c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp 2011-04-24 15:48 . 2011-04-24 15:48 0 ---ha-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp 2011-04-06 17:34 . 2011-04-06 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-04-05 00:44 . 2011-04-05 00:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-04-05 00:44 . 2011-04-05 00:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-04-03 23:32 . 2011-04-03 23:32 0 ---ha-w- c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp 2011-04-30 20:35 . 2011-03-25 00:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-04-01 05:47 . 2008-10-24 21:52 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2008-11-05 18:23 . 2008-11-05 18:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "HostManager"="c:\program files\Common Files\AOL\1256577640\EE\AOLHostManager.exe" [2004-11-03 125528] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] . c:\documents and settings\Alex\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A] . c:\documents and settings\Rosemary\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] . c:\documents and settings\Rosemary.YOUR-27E1513D96\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] . c:\documents and settings\Alex.YOUR-27E1513D96\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A] PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-6-17 447952] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-8-9 36903] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1256577640\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\America Online 9.0b\\waol.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [4/5/2011 7:04 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [4/5/2011 7:04 PM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [6/14/2011 9:39 AM 810616] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [4/5/2011 7:04 PM 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [4/5/2011 7:04 PM 116784] R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe [4/5/2011 7:03 PM 126392] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/9/2011 7:11 PM 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110610.006\IDSXpx86.sys [6/14/2011 9:39 AM 355256] R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/17/2010 3:07 PM 9472] S1 MpKsl189476f3;MpKsl189476f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C74EC8E8-93CD-4C30-915D-1AD5EC2864ED}\MpKsl189476f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C74EC8E8-93CD-4C30-915D-1AD5EC2864ED}\MpKsl189476f3.sys [?] S1 MpKsl1eaf214a;MpKsl1eaf214a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BFEE481-3B7E-4A2E-9568-49DCBBDCD699}\MpKsl1eaf214a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BFEE481-3B7E-4A2E-9568-49DCBBDCD699}\MpKsl1eaf214a.sys [?] S1 MpKsl248ca737;MpKsl248ca737;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl248ca737.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl248ca737.sys [?] S1 MpKsl7856198f;MpKsl7856198f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl7856198f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl7856198f.sys [?] S1 MpKsl95da7b5a;MpKsl95da7b5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl95da7b5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl95da7b5a.sys [?] S1 MpKslc73aaf1a;MpKslc73aaf1a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKslc73aaf1a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKslc73aaf1a.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2009 12:13 AM 133104] S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [9/21/2010 4:42 PM 401920] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2009 12:13 AM 133104] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/14/2010 9:01 PM 24576] S3 htcdiag;HTC Android Diag Port;c:\windows\system32\drivers\htcdiag.sys [5/14/2010 9:01 PM 101376] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 2:19 PM 268528] . Contents of the 'Scheduled Tasks' folder . 2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-06-12 c:\windows\Tasks\CCleaner.job - c:\program files\CCleaner\CCleaner.exe [2009-10-22 18:32] . 2011-06-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11] . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{3F14442E-A655-4B89-9B97-4A15BC58CD0C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . 2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4311C772-6E19-470E-8699-9B3BD2B9285D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . 2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4E12AE8E-4909-4DEE-BFC4-6E81356C2399}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-14 12:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(588) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3988) c:\windows\system32\WININET.dll c:\docume~1\ALEX~1.YOU\LOCALS~1\Temp\IadHide5.dll c:\program files\Common Files\AOL\ACS\WLHook.dll c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\Zune\ZuneNss.exe c:\windows\system32\Ati2evxx.exe c:\program files\Lexmark X1100 Series\lxbkbmon.exe c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLHOS~1.EXE c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLServiceHost.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-06-14 13:02:23 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-14 20:02 ComboFix2.txt 2011-06-14 18:42 . Pre-Run: 23,930,048,512 bytes free Post-Run: 23,843,586,048 bytes free . - - End Of File - - 6AB44A5C8EC9F9C7B2B4474A1DF006A8
  9. Ran combofix, I haven't had any redirects so far... Will keep you posted though. Combofix log: ComboFix 11-06-13.06 - Alex 06/14/2011 10:52:54.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.134 [GMT -7:00] Running from: c:\documents and settings\Alex.YOUR-27E1513D96\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ALEX~1.YOU\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0} c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome.manifest c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome\xulcache.jar c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\defaults\preferences\xulcache.js c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\install.rdf c:\documents and settings\Alex.YOUR-27E1513D96\Local Settings\Temp\IadHide5.dll c:\documents and settings\Alex.YOUR-27E1513D96\Recent\Thumbs.db c:\documents and settings\Alex.YOUR-27E1513D96\WINDOWS c:\documents and settings\Alex\Application Data\inst.exe c:\documents and settings\Alex\WINDOWS c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0} c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome.manifest c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome\xulcache.jar c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\defaults\preferences\xulcache.js c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\install.rdf c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf} c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome.manifest c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome\xulcache.jar c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\defaults\preferences\xulcache.js c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\install.rdf c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d} c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome.manifest c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome\xulcache.jar c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\defaults\preferences\xulcache.js c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\install.rdf c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4} c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome.manifest c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome\xulcache.jar c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\defaults\preferences\xulcache.js c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\install.rdf c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7} c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome.manifest c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome\xulcache.jar c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\defaults\preferences\xulcache.js c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\install.rdf c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b} c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome.manifest c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome\xulcache.jar c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\defaults\preferences\xulcache.js c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\s0ivkiei.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\install.rdf c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\WINDOWS c:\documents and settings\Compaq_Owner\Application Data\TMInc c:\documents and settings\Compaq_Owner\Application Data\TMInc\game.cfg c:\documents and settings\Compaq_Owner\Application Data\TMInc\user1.sav c:\documents and settings\Compaq_Owner\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Guest.YOUR-27E1513D96\WINDOWS c:\documents and settings\Guest\WINDOWS c:\documents and settings\princesa fiat.YOUR-27E1513D96\WINDOWS c:\documents and settings\princesa fiat\WINDOWS c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Gmail c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0} c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome.manifest c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\chrome\xulcache.jar c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\defaults\preferences\xulcache.js c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{13c8085d-e1a6-466f-a1bb-446a9e4743c0}\install.rdf c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf} c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome.manifest c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\chrome\xulcache.jar c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\defaults\preferences\xulcache.js c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{3087f1e0-e7d6-4f55-8436-cbca6ad1d0bf}\install.rdf c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d} c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome.manifest c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\chrome\xulcache.jar c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\defaults\preferences\xulcache.js c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{39f1a78d-10a6-4d48-85dd-efb58c98e39d}\install.rdf c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4} c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome.manifest c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\chrome\xulcache.jar c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\defaults\preferences\xulcache.js c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{ca62d5d9-1b07-4fcc-9cd9-9674fc2715b4}\install.rdf c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7} c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome.manifest c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\chrome\xulcache.jar c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\defaults\preferences\xulcache.js c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{d5d50813-fdf1-4680-98f5-84924cc535d7}\install.rdf c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b} c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome.manifest c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\chrome\xulcache.jar c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\defaults\preferences\xulcache.js c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\pa07z3af.default\extensions\{f3ec5a95-5a3b-4538-8f3d-793fdae3d29b}\install.rdf c:\documents and settings\Rosemary.YOUR-27E1513D96\WINDOWS c:\documents and settings\Rosemary\Application Data\.# c:\documents and settings\Rosemary\Application Data\.#\MBX@16E0@384180.### c:\documents and settings\Rosemary\Application Data\.#\MBX@16E0@3841B0.### c:\documents and settings\Rosemary\Application Data\.#\MBX@16E0@3841E0.### c:\documents and settings\Rosemary\WINDOWS c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\run.log c:\windows\system32\ativtmxx32.dll c:\windows\system32\config\systemprofile\WINDOWS D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 ))))))))))))))))))))))))))))))) . . 2011-05-29 23:37 . 2011-05-29 23:37 -------- d-----w- c:\documents and settings\Rosemary.YOUR-27E1513D96\Application Data\Malwarebytes 2011-05-28 20:07 . 2011-05-28 20:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-15 02:23 . 2011-05-15 02:23 0 ---ha-w- c:\windows\system32\qqaxzcpxhr.tmp 2011-04-29 02:24 . 2011-04-29 02:24 0 ---ha-w- c:\documents and settings\Rosemary.YOUR-27E1513D96\qqaxzcpxhr.tmp 2011-04-24 15:48 . 2011-04-24 15:48 0 ---ha-w- c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\qqaxzcpxhr.tmp 2011-04-06 17:34 . 2011-04-06 17:34 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-04-05 00:44 . 2011-04-05 00:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-04-05 00:44 . 2011-04-05 00:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2011-04-03 23:32 . 2011-04-03 23:32 0 ---ha-w- c:\documents and settings\Alex.YOUR-27E1513D96\qqaxzcpxhr.tmp 2011-04-30 20:35 . 2011-03-25 00:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2009-04-01 05:47 . 2008-10-24 21:52 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2008-11-05 18:23 . 2008-11-05 18:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "HostManager"="c:\program files\Common Files\AOL\1256577640\EE\AOLHostManager.exe" [2004-11-03 125528] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-21 202256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 57344] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] . c:\documents and settings\Alex\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A] . c:\documents and settings\Rosemary\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] . c:\documents and settings\Rosemary.YOUR-27E1513D96\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] . c:\documents and settings\Alex.YOUR-27E1513D96\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [N/A] PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-6-17 447952] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-8-9 36903] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1256577640\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\America Online 9.0b\\waol.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R1 MpKsl189476f3;MpKsl189476f3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C74EC8E8-93CD-4C30-915D-1AD5EC2864ED}\MpKsl189476f3.sys [x] R1 MpKsl1eaf214a;MpKsl1eaf214a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7BFEE481-3B7E-4A2E-9568-49DCBBDCD699}\MpKsl1eaf214a.sys [x] R1 MpKsl248ca737;MpKsl248ca737;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl248ca737.sys [x] R1 MpKsl7856198f;MpKsl7856198f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl7856198f.sys [x] R1 MpKsl95da7b5a;MpKsl95da7b5a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKsl95da7b5a.sys [x] R1 MpKslc73aaf1a;MpKslc73aaf1a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A59632A-7DE1-432D-BCBC-C27FC2375301}\MpKslc73aaf1a.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 133104] R3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 133104] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576] R3 htcdiag;HTC Android Diag Port;c:\windows\system32\DRIVERS\htcdiag.sys [2009-02-25 101376] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110519.002\BHDrvx86.sys [2011-05-19 810616] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784] S2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110610.006\IDSxpx86.sys [2011-06-03 355256] S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . Contents of the 'Scheduled Tasks' folder . 2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-06-12 c:\windows\Tasks\CCleaner.job - c:\program files\CCleaner\CCleaner.exe [2009-10-22 18:32] . 2011-06-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11] . 2011-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-18 07:11] . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1010.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1466507265-3955298561-2766828942-1011.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02] . 2011-06-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-02-05 00:50] . 2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{3F14442E-A655-4B89-9B97-4A15BC58CD0C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . 2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4311C772-6E19-470E-8699-9B3BD2B9285D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . 2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{4E12AE8E-4909-4DEE-BFC4-6E81356C2399}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.msn.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Alex.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\mkcpxvmu.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . BHO-{001872DF-507C-48D7-8CFA-C57FA33CE83a} - c:\windows\system32\ativtmxx32.dll BHO-{00192B3E-24D5-40A1-B750-A15ED80AE3A1} - c:\windows\system32\ativtmxx32.dll BHO-{0030E5BE-507C-48D7-8CFA-C57FA33CE83a} - (no file) BHO-{0032567D-24D5-40A1-B750-A15ED80AE3A1} - (no file) BHO-{0061CB7C-507C-48D7-8CFA-C57FA33CE83a} - (no file) BHO-{0064ACFB-24D5-40A1-B750-A15ED80AE3A1} - (no file) BHO-{00C396F8-507C-48D7-8CFA-C57FA33CE83a} - c:\windows\system32\ativtmxx32.dll BHO-{00C959F7-24D5-40A1-B750-A15ED80AE3A1} - c:\windows\system32\ativtmxx32.dll BHO-{01872DF1-507C-48D7-8CFA-C57FA33CE83a} - c:\windows\system32\ativtmxx32.dll BHO-{01A72C05-D6D6-4F46-A9F9-F1EE038B98Ab} - c:\windows\system32\ativtmxx32.dll BHO-{032567DE-24D5-40A1-B750-A15ED80AE3A1} - c:\windows\system32\ativtmxx32.dll BHO-{034E580B-D6D6-4F46-A9F9-F1EE038B98Ab} - c:\windows\system32\ativtmxx32.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-Lala Music Mover - c:\program files\Lala.com\Lala Music Mover\LalaMover.exe HKLM-Run-PCDrProfiler - (no file) SafeBoot-Wdf01000.sys SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-VCast Music Essentials Manager - c:\progra~1\VERIZO~1\VCASTM~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-14 11:23 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3776) c:\windows\system32\WININET.dll c:\docume~1\ALEX~1.YOU\LOCALS~1\Temp\IadHide5.dll c:\program files\Common Files\AOL\ACS\WLHook.dll c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\Zune\ZuneNss.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLHOS~1.EXE c:\program files\Lexmark X1100 Series\lxbkbmon.exe c:\progra~1\COMMON~1\AOL\125657~1\EE\AOLServiceHost.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . ************************************************************************** . Completion time: 2011-06-14 11:42:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-14 18:42 . Pre-Run: 22,103,027,712 bytes free Post-Run: 23,933,743,104 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - C2F14AD598D95819D09145F671367222
  10. Thanks for the help! Computer is still behaving the same (No changes), still getting redirected. (Should I post the MBAM log? I wasn't clear as to whether I should post it or attach it...) Here is the TDSS log: 2011/06/14 10:01:23.0906 0360 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/14 10:01:25.0906 0360 ================================================================================ 2011/06/14 10:01:25.0906 0360 SystemInfo: 2011/06/14 10:01:25.0906 0360 2011/06/14 10:01:25.0906 0360 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/14 10:01:25.0906 0360 Product type: Workstation 2011/06/14 10:01:25.0906 0360 ComputerName: YOUR-27E1513D96 2011/06/14 10:01:25.0906 0360 UserName: Alex 2011/06/14 10:01:25.0906 0360 Windows directory: C:\WINDOWS 2011/06/14 10:01:25.0906 0360 System windows directory: C:\WINDOWS 2011/06/14 10:01:25.0906 0360 Processor architecture: Intel x86 2011/06/14 10:01:25.0906 0360 Number of processors: 1 2011/06/14 10:01:25.0906 0360 Page size: 0x1000 2011/06/14 10:01:25.0906 0360 Boot type: Normal boot 2011/06/14 10:01:25.0906 0360 ================================================================================ 2011/06/14 10:01:29.0781 0360 Initialize success 2011/06/14 10:01:38.0609 2840 ================================================================================ 2011/06/14 10:01:38.0609 2840 Scan started 2011/06/14 10:01:38.0609 2840 Mode: Manual; 2011/06/14 10:01:38.0609 2840 ================================================================================ 2011/06/14 10:01:39.0375 2840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/14 10:01:39.0609 2840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/14 10:01:39.0937 2840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/14 10:01:40.0171 2840 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/06/14 10:01:40.0453 2840 AgereSoftModem (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/06/14 10:01:41.0218 2840 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/06/14 10:01:41.0734 2840 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/06/14 10:01:42.0140 2840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/14 10:01:43.0640 2840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/14 10:01:44.0281 2840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/14 10:01:45.0750 2840 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/06/14 10:01:46.0765 2840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/14 10:01:47.0250 2840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/14 10:01:48.0515 2840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/14 10:01:49.0906 2840 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110519.002\BHDrvx86.sys 2011/06/14 10:01:51.0140 2840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/14 10:01:51.0968 2840 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys 2011/06/14 10:01:53.0015 2840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/14 10:01:53.0296 2840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/14 10:01:53.0671 2840 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/14 10:01:55.0546 2840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/14 10:01:55.0875 2840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/14 10:01:56.0406 2840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/14 10:01:56.0656 2840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/14 10:01:56.0953 2840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/14 10:01:57.0625 2840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/14 10:01:57.0953 2840 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/06/14 10:01:58.0203 2840 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/06/14 10:01:58.0640 2840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/14 10:01:59.0171 2840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/14 10:01:59.0437 2840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/14 10:01:59.0875 2840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/14 10:02:00.0453 2840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/14 10:02:01.0250 2840 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/06/14 10:02:02.0000 2840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/14 10:02:02.0734 2840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/14 10:02:03.0546 2840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/14 10:02:03.0890 2840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/14 10:02:04.0609 2840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/14 10:02:05.0515 2840 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys 2011/06/14 10:02:06.0000 2840 htcdiag (19b3f21ad09a49188ad30cb4b35d3e83) C:\WINDOWS\system32\DRIVERS\htcdiag.sys 2011/06/14 10:02:06.0343 2840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/14 10:02:07.0203 2840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/14 10:02:07.0500 2840 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/06/14 10:02:08.0000 2840 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110610.006\IDSxpx86.sys 2011/06/14 10:02:08.0640 2840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/14 10:02:09.0046 2840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/14 10:02:09.0265 2840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/14 10:02:09.0484 2840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/14 10:02:09.0750 2840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/14 10:02:10.0093 2840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/14 10:02:10.0484 2840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/14 10:02:10.0875 2840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/14 10:02:11.0281 2840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/14 10:02:11.0718 2840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/14 10:02:12.0156 2840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/14 10:02:12.0578 2840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/14 10:02:12.0921 2840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/14 10:02:13.0468 2840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/14 10:02:13.0937 2840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/14 10:02:14.0250 2840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/14 10:02:14.0718 2840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/14 10:02:15.0906 2840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/14 10:02:16.0171 2840 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/14 10:02:16.0468 2840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/14 10:02:16.0687 2840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/14 10:02:16.0953 2840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/14 10:02:17.0171 2840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/14 10:02:17.0406 2840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/14 10:02:17.0625 2840 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/14 10:02:18.0078 2840 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110614.001\NAVENG.SYS 2011/06/14 10:02:18.0531 2840 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110614.001\NAVEX15.SYS 2011/06/14 10:02:18.0812 2840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/14 10:02:19.0078 2840 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/14 10:02:19.0312 2840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/14 10:02:19.0546 2840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/14 10:02:19.0796 2840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/14 10:02:20.0046 2840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/14 10:02:20.0265 2840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/14 10:02:20.0546 2840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/14 10:02:20.0781 2840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/14 10:02:21.0062 2840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/14 10:02:21.0375 2840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/14 10:02:21.0609 2840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/14 10:02:21.0796 2840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/14 10:02:22.0015 2840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/14 10:02:22.0250 2840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/14 10:02:22.0500 2840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/14 10:02:22.0703 2840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/14 10:02:22.0953 2840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/14 10:02:23.0250 2840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/14 10:02:23.0500 2840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/14 10:02:24.0625 2840 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 2011/06/14 10:02:24.0937 2840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/14 10:02:25.0171 2840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/14 10:02:25.0421 2840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/14 10:02:25.0656 2840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/14 10:02:25.0968 2840 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/14 10:02:27.0265 2840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/14 10:02:27.0500 2840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/14 10:02:27.0734 2840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/14 10:02:28.0000 2840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/14 10:02:28.0234 2840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/14 10:02:28.0468 2840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/14 10:02:28.0718 2840 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/14 10:02:28.0953 2840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/14 10:02:29.0218 2840 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/06/14 10:02:29.0484 2840 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 2011/06/14 10:02:29.0718 2840 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/06/14 10:02:30.0000 2840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/14 10:02:30.0234 2840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/06/14 10:02:30.0484 2840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/14 10:02:30.0984 2840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/14 10:02:31.0218 2840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/14 10:02:31.0781 2840 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS 2011/06/14 10:02:32.0109 2840 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS 2011/06/14 10:02:32.0375 2840 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/14 10:02:32.0671 2840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/14 10:02:33.0078 2840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/14 10:02:33.0609 2840 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS 2011/06/14 10:02:33.0906 2840 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS 2011/06/14 10:02:34.0140 2840 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2011/06/14 10:02:34.0437 2840 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS 2011/06/14 10:02:34.0734 2840 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS 2011/06/14 10:02:35.0250 2840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/14 10:02:35.0515 2840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/14 10:02:35.0796 2840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/14 10:02:35.0968 2840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/14 10:02:36.0187 2840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/14 10:02:36.0609 2840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/14 10:02:36.0921 2840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/14 10:02:37.0218 2840 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/14 10:02:37.0437 2840 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/06/14 10:02:37.0640 2840 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 2011/06/14 10:02:37.0921 2840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/14 10:02:38.0171 2840 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 2011/06/14 10:02:38.0390 2840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/14 10:02:38.0609 2840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/14 10:02:38.0843 2840 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 2011/06/14 10:02:39.0093 2840 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/14 10:02:39.0343 2840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/14 10:02:39.0593 2840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/14 10:02:39.0859 2840 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/14 10:02:40.0046 2840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/14 10:02:40.0250 2840 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 2011/06/14 10:02:40.0453 2840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/14 10:02:40.0671 2840 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/06/14 10:02:41.0015 2840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/14 10:02:41.0281 2840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/14 10:02:41.0500 2840 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/06/14 10:02:41.0765 2840 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/06/14 10:02:42.0140 2840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/14 10:02:42.0609 2840 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 2011/06/14 10:02:43.0109 2840 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/14 10:02:43.0468 2840 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/14 10:02:43.0937 2840 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys 2011/06/14 10:02:44.0171 2840 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0 2011/06/14 10:02:44.0187 2840 ================================================================================ 2011/06/14 10:02:44.0187 2840 Scan finished 2011/06/14 10:02:44.0187 2840 ================================================================================ 2011/06/14 10:02:44.0218 3692 Detected object count: 0 2011/06/14 10:02:44.0218 3692 Actual detected object count: 0
  11. I did a scan with Malwarebytes and it came up with trojan.bho. I'm also getting redirected on Google, had something called funwebproducts (Not so fun heh), but it isn't showing up anymore (still getting redirected, though). . DDS (Ver_11-03-05.01) - NTFSx86 Run by Alex at 15:19:55.32 on Sat 06/11/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.53 [GMT -7:00] . AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\RealVNC\VNC4\WinVNC4.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\PROGRA~1\COMMON~1\AOL\125657~1\EE\AOLHOS~1.EXE C:\PROGRA~1\COMMON~1\AOL\125657~1\EE\AOLServiceHost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Alex.YOUR-27E1513D96\My Documents\Downloads\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.msn.com uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uDefault_Page_URL = hxxp://www.msn.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser BHO: {001872df-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll BHO: {00192b3e-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll BHO: {0030e5be-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll BHO: {0032567d-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll BHO: {0061cb7c-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll BHO: {0064acfb-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll BHO: {00c396f8-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll BHO: {00c959f7-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll BHO: {01872df1-507c-48d7-8cfa-c57fa33ce83a} - c:\windows\system32\ativtmxx32.dll BHO: {01a72c05-d6d6-4f46-a9f9-f1ee038b98ab} - c:\windows\system32\ativtmxx32.dll BHO: {032567de-24d5-40a1-b750-a15ed80ae3a1} - c:\windows\system32\ativtmxx32.dll BHO: {034e580b-d6d6-4f46-a9f9-f1ee038b98ab} - c:\windows\system32\ativtmxx32.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\4.3.0.5\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Lala Music Mover] "c:\program files\lala.com\lala music mover\LalaMover.exe" /minimized mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [PCDrProfiler] mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [HostManager] c:\program files\common files\aol\1256577640\ee\AOLHostManager.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alex~1.you\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alex~1.you\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe StartupFolder: c:\docume~1\alex~1.you\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252091743875 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\alex~1.you\applic~1\mozilla\firefox\profiles\mkcpxvmu.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/ FF - component: c:\documents and settings\alex.your-27e1513d96\application data\mozilla\firefox\profiles\mkcpxvmu.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\alex.your-27e1513d96\application data\mozilla\firefox\profiles\mkcpxvmu.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa2.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2011-4-5 501888] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-1 54760] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592] . =============== Created Last 30 ================ . 2011-05-28 20:07:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-15 02:23:06 0 ---ha-w- c:\windows\system32\qqaxzcpxhr.tmp . ==================== Find3M ==================== . 2011-04-05 00:44:12 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2011-04-03 23:32:31 0 ---ha-w- c:\documents and settings\alex.your-27e1513d96\qqaxzcpxhr.tmp 2011-04-01 00:40:05 323072 ----a-w- c:\windows\system32\ativtmxx32.dll . ============= FINISH: 15:22:07.51 =============== ark.zip Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.