Jump to content

Search the Community

Showing results for tags 'sweetim'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. My Windows 7 computer appears to be infected with a PUP called SweetPacks. I've tried removing it using Malwarebytes Pro, Windows Defender, and Hitman Pro. SweetPacks is not showing up as a program I can uninstall on the Control panel. What do I need to do to get rid of this infection permanently?
  2. Hello, my mother's laptop has been infected with sweetim and torcho.com has replaced the browser homepage. Of the browsers I've tried, Firefox and Chrome seem to be the only ones affected since I ran adwcleaner about a week ago. Internet explorer seems to be running fine. Every webpage also has ads by dEalsatera (Even after reinstalling). Thank you for your time. FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Aida (administrator) on OFFICE on 08-10-2014 09:52:39 Running from C:\Users\Aida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1HZZ9X1 Loaded Profile: Aida (Available profiles: Aida & Rosemary & Mcx1 & Guest) Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ( ) C:\Windows\System32\lxbkcoms.exe () C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (O2Micro International) C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe (Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Chicony) C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Visual Networks) C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\ipmon32.exe (Visual Networks) C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe () C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1560360 2008-07-10] (Synaptics, Inc.) HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [163568 2010-09-24] (Microsoft Corporation) HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [638976 2008-09-09] (Chicony) HKLM-x32\...\Run: [eRecoveryService] => [X] HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [87336 2008-07-21] (Cyberlink Corp.) HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2008-05-14] () HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [iPInSightMonitor 01] => C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks) HKLM-x32\...\Run: [iPInSightLAN 01] => C:\Program Files (x86)\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks) HKLM-x32\...\Run: [sunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [295512 2014-07-20] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [Google Update] => C:\Users\Aida\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-06-16] (Google Inc.) HKU\S-1-5-21-1650256794-3975455195-485888459-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe Startup: C:\Users\Rosemary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe () ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30A8623C75E2CA01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=md7818u&c=BB HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=md7818u&c=BB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=md7818u&c=BB HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW SearchScopes: HKLM-x32 - {9d18b218-6967-44c7-961f-c8710bf24559} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YPxdm013YYus&ptb=CB5EDABB-00DA-4F42-A818-FFBE8B62CC5A&psa=&ind=2011050519&ptnrS=YPxdm013YYus&si=CJecm9fYxagCFQkSbAodymJZpA&st=sb&n=77de3217&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7RNSN_enUS398 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7RNSN_enUS398 SearchScopes: HKCU - {9d18b218-6967-44c7-961f-c8710bf24559} URL = SearchScopes: HKCU - {9F626CD9-5745-406B-8AE8-207A247C8C35} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=135963&p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.59\oberontb.dll No File BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM - No Name - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No File Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - No Name - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {EAAFD3E7-1BCC-4F58-9300-071EF858C219} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default FF NewTab: hxxp://torcho.com?channel=7777-2081&v1=home FF DefaultSearchEngine: Torcho FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Torcho FF Homepage: hxxp://torcho.com?channel=7777-2081&v1=home FF Keyword.URL: hxxp://torcho.com/?q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Aida\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Aida\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Aida\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\Aida\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Aida\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Aida\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\searchplugins\inbox-search.xml FF SearchPlugin: C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\searchplugins\searcharmor.xml FF Extension: Fast Dial - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\fastdial@telega.phpnet.us [2014-09-30] FF Extension: TabNavigator - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\tabnav@cse.iitb.ac(854).in [2010-03-09] FF Extension: Ubiquity - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\ubiquity@labs.mozilla.com [2010-07-10] FF Extension: dEalsatera - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\uugdccrbv@gcdhlwxg.org [2014-09-04] FF Extension: Screengrab - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-10-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27] FF Extension: DownloadHelper - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07] FF Extension: DownloadHelper - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(984) [2010-03-09] FF Extension: Personas Plus - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\personas@christopher.beard.xpi [2011-06-07] FF Extension: Adblock Plus - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-07] FF Extension: DownThemAll! - C:\Users\Aida\AppData\Roaming\Mozilla\Firefox\Profiles\yjzibusg.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-06-18] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-10] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.4.0.13\coFFPlgn [2014-10-08] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-19] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi Chrome: ======= CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Skype Click to Call) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Aida\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Aida\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Yahoo! BrowserPlus Plugin) - C:\Users\Aida\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12] CHR Extension: (AT_Porsche) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2011-03-10] CHR Extension: (RealDownloader) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-04] CHR Extension: (Norton Identity Safe) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27] CHR Extension: (Skype Click to Call) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-05] CHR Extension: (Google Wallet) - C:\Users\Aida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-06-03] (Adobe Systems) [File not signed] R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed] R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed] S2 gupdate1c9da99f936a691; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-05-21] (Google Inc.) R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( ) R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( ) R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [92928 2009-12-14] () R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation) R2 o2flash; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\IPSDefs\20140919.001\IDSvia64.sys [633560 2014-09-04] (Symantec Corporation) U0 IPVNMon; No ImagePath S3 motport; C:\Windows\System32\DRIVERS\motport.sys [30208 2009-10-27] (Motorola) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140919.019\ENG64.SYS [129752 2014-09-05] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.4.0.13\Definitions\VirusDefs\20140919.019\EX64.SYS [2137304 2014-09-05] (Symantec Corporation) R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62296 2008-07-15] (O2Micro ) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [49152 2009-08-28] (Apple, Inc.) [File not signed] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 yukonx64; system32\DRIVERS\yk60x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 09:47 - 2014-10-08 09:53 - 00000000 ____D () C:\FRST 2014-10-08 09:15 - 2014-10-08 09:15 - 00000902 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-08 09:15 - 2014-10-08 09:15 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-08 09:15 - 2014-10-08 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-08 09:15 - 2014-10-08 09:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-08 09:12 - 2014-10-08 09:13 - 00244136 _____ () C:\Users\Aida\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-08 09:09 - 2014-10-08 09:09 - 00000000 ____D () C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-10-01 08:19 - 2014-10-01 08:19 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-01 08:19 - 2014-10-01 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-30 20:18 - 2014-10-01 08:01 - 00000000 ____D () C:\AdwCleaner 2014-09-30 20:16 - 2014-09-30 20:16 - 01375089 _____ () C:\Users\Aida\Downloads\AdwCleaner(1).exe 2014-09-24 05:44 - 2014-09-08 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 05:44 - 2014-09-08 23:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-20 19:57 - 2014-09-20 19:57 - 01373475 _____ () C:\Users\Aida\Downloads\AdwCleaner.exe 2014-09-20 19:15 - 2014-09-20 19:15 - 00001062 _____ () C:\20SEP14.txt 2014-09-20 18:49 - 2014-09-30 20:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-20 18:48 - 2014-09-20 18:48 - 00000943 _____ () C:\Malwarebytes Anti-Malware.lnk 2014-09-20 18:48 - 2014-09-20 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-20 18:48 - 2014-09-20 18:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-20 18:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-20 18:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-20 18:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-20 18:46 - 2014-09-20 18:46 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 2014-09-20 09:59 - 2014-09-20 10:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Guest\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-20 09:42 - 2014-09-20 09:42 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia 2014-09-12 18:32 - 2014-10-08 09:10 - 00003334 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 2014-09-10 16:18 - 2014-09-10 16:18 - 00000000 ____D () C:\Users\Aida\AppData\Local\{09B2AF1A-3C34-4B6C-937A-8D04C9EE9CC9} 2014-09-09 21:52 - 2014-08-15 08:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-09 21:52 - 2014-08-15 08:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-09 21:52 - 2014-08-15 08:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-09 21:52 - 2014-08-15 08:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-09 21:52 - 2014-08-15 08:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-09 21:52 - 2014-08-15 08:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-09 21:52 - 2014-08-15 08:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-09 21:52 - 2014-08-15 08:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-09 21:52 - 2014-08-15 08:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-09 21:52 - 2014-08-15 08:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-09 21:52 - 2014-08-15 08:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-09 21:52 - 2014-08-15 08:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-09 21:52 - 2014-08-15 08:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-09 21:52 - 2014-08-15 08:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-09 21:52 - 2014-08-15 07:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-09 21:52 - 2014-08-15 07:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-09 21:52 - 2014-08-15 07:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-09 21:52 - 2014-08-15 07:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-09 21:52 - 2014-08-15 07:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-09 21:52 - 2014-08-15 07:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-09 21:52 - 2014-08-15 07:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-09 21:52 - 2014-08-15 07:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-09 21:52 - 2014-08-15 07:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-09-09 21:52 - 2014-08-15 07:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-09 21:52 - 2014-08-15 07:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-09 21:52 - 2014-08-15 07:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-09 21:52 - 2014-08-15 07:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-09-09 21:52 - 2014-08-15 07:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-09-09 16:15 - 2014-10-08 09:10 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-08 09:42 - 2012-04-07 09:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-08 09:42 - 2010-09-23 16:27 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1650256794-3975455195-485888459-1000UA.job 2014-10-08 09:17 - 2009-02-25 21:45 - 01173865 _____ () C:\Windows\WindowsUpdate.log 2014-10-08 09:09 - 2009-06-30 18:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-08 09:08 - 2009-02-25 21:53 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml 2014-10-08 09:08 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-08 09:08 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-08 09:08 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-04 18:30 - 2009-01-13 10:48 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-10-04 18:30 - 2006-11-02 08:42 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-04 18:02 - 2009-06-30 18:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-01 18:10 - 2008-01-20 20:26 - 02843780 _____ () C:\Windows\PFRO.log 2014-10-01 10:01 - 2010-02-02 12:48 - 00000670 _____ () C:\Windows\Lexstat.ini 2014-10-01 08:19 - 2009-05-10 03:26 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-01 07:48 - 2009-10-21 12:45 - 00000000 ____D () C:\Users\Aida\AppData\Local\Yahoo! 2014-10-01 07:39 - 2010-09-23 16:28 - 00000000 ____D () C:\Users\Aida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-10-01 07:33 - 2014-07-25 16:02 - 00003356 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1650256794-3975455195-485888459-1000 2014-10-01 07:33 - 2014-07-12 15:55 - 00003220 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1650256794-3975455195-485888459-1000 2014-09-24 18:00 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache 2014-09-24 05:43 - 2012-04-07 09:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 05:43 - 2012-04-07 09:25 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 05:43 - 2011-05-15 10:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-20 19:28 - 2009-01-13 12:51 - 00031078 _____ () C:\Windows\ydi.log 2014-09-20 19:28 - 2009-01-13 12:51 - 00000330 ____R () C:\Windows\YukonInstall.log 2014-09-20 18:48 - 2012-01-07 16:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-20 18:46 - 2009-09-16 18:06 - 00000000 ____D () C:\Users\Guest\Tracing 2014-09-20 09:04 - 2006-11-02 05:46 - 00765736 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-20 09:02 - 2009-06-18 20:48 - 00071472 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-19 15:19 - 2009-12-16 15:25 - 00003793 _____ () C:\Windows\wininit.ini 2014-09-19 12:46 - 2011-06-16 12:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-09-10 16:26 - 2011-02-09 16:06 - 00000000 ____D () C:\Temp 2014-09-10 16:19 - 2009-05-13 18:46 - 00084480 _____ () C:\Users\Aida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-09 21:50 - 2012-02-16 10:15 - 00759540 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-09 21:48 - 2013-07-22 22:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-09 21:29 - 2006-11-02 05:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Files to move or delete: ==================== C:\ProgramData\CSI-Hooks.dll C:\ProgramData\CSI-Launcher_x64.dll Some content of TEMP: ==================== C:\Users\Aida\AppData\Local\Temp\bpuninstall.exe C:\Users\Aida\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-08 09:18 ==================== End Of Log ============================
  3. Today I removed SweetIm.A- a web browser hijacker according to the web community. After the removal The Active Directory User Account used lost all of its mapped drives, its favorites in chrome,firefox, and IE11, and removed the Outlook Account attached to the user. I have two questions- After a scan why would the AD User Account be corrupted? I don't understand this fully- But why would MalWarebytes active protection allow malware to be installed if it indeed was attached to a Flash Player update? (One method that SweetIm was accused of infecting a computer) Thanks in advance! -Wil
  4. Hello I have been working on removing some malware that I am unsure exactly how it got on my computer. I run malwarebytes and prevx/webroot, and neither program is able to remove the "IE Toolbar " program from my control panel installed programs list. I was following the post from this thread and decided to make a help thread before proceeding any more. https://forums.malwarebytes.org/index.php?showtopic=125930 I scanned full with an up to date malwarebytes, couldn't get security check to give a log, and moved on to adwcleaner. I have logs for malwarebytes and adwcleaner, but I am submitting this thread from an iPad, so I will reply with the logs once all backups are done and I will be ready to find and destroy this malware! Thank you ahead of time for your help.
  5. To whom it may concern. My Name is Ellad Kushnir, Marketing manager at Perion. We've had issues of false positive markings in the past and it seems that our setup file is being marked by Malwarebytes, this is a False -Positive mark. SweetIM is a leading expressive content IM add-on, with over 170 million users. It has been acquired by *Perion Network Ltd* (NASDAQ:PERI www.perion.com<http://www.perion.com>), which develops consumer applications that make the everyday life of our simple, safe and enjoyable. Among our brands are Smilebox, the MyStart homepage and the popular IncrediMail email and iPad clients. We are a trusted search partner of Google for the last 6 years, a BING search partner, TRUST-e certified application (verify here: http://clicktoverify.truste.com/pvr.php?page=validate&softwareProgramId=139&sealid=112 ). We are white listed with many of the major antivirus companies such as AVG and Symantec, and we are McAfee Secure. Our product is in the top downloads sites for many years. We found that our installer software is being flagged by your antivirus as suspicious software. These are the files in question: http://cdn.download.sweetpacks.com/smilebox/bing/agent/bundlesweetimsetup.exe http://cdn.download.sweetpacks.com/simsdm/Agent/BundleSweetIMSetup.exe http://cdn.download.sweetpacks.com/simsdm/bing/Agent/BundleSweetIMSetup.exe http://cdn.download.sweetpacks.com/simsdm/ask/Agent/BundleSweetIMSetup.exe http://cdn.download.sweetpacks.com/simsdm/yahoo/Agent/BundleSweetIMSetup.exe Please remove us from this alert. This is hurting our users and partners, and needless to say has a negative effect on our business. Please let me know if there is anything you need or if there is anything that we can help with in order to close this issue. If you require more information please reply to this message or via phone +972-3-7696100 ext. 241 Thanks.
  6. Hello, I've run malwarebytes many times but to no avail. I'm still infected. I ran Junkware removal tool. It came out clear. I've run adware removal by xplode and it came out clear. I need help. Thank you much! Dee MBAM-log-2013-09-18 (21-18-12).txt hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.