Jump to content

Recommended Posts

Hi there!

My boss asked me to look at her computer and see if I could do something about some nasty malware that hijacked her browsers and keeps popping up everywhere. Malwarebytes wasn't able to fix this, and several removal attempts may have cleaned up bits and pieces, but it keeps coming back, specifically a RegCleaner clone and Whitesmoke toolbars.

The Requested DDS logs are attached.

Any help is appreciated!

Thanks,

Swinta

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_20

Run by Simons at 21:32:24 on 2011-11-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.579 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Backblaze\bzserv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\lxcgcoms.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mstart.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Backblaze\bzbui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Backblaze\bzfilelist.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\723\g2mlauncher.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Backblaze\bztransmit.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\servicing\TrustedInstaller.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

uInternet Settings,ProxyOverride = *.dimdimsecure.com;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.7\coIEPlg.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\723\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [Google Update] "c:\users\simons\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [backblaze] "c:\program files\backblaze\bzbui.exe" -quiet

StartupFolder: c:\users\simons\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dimdim.lnk - c:\program files\dimdim\plugin\application\Dimdim.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: bmnet.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} - hxxps://accounting.quickbooks.com/c1/v27.125/qboimax6.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c1/v22.157/qboax10.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {B66A992D-C262-496E-8328-2F14FD80443A} - hxxps://qbo.intuit.com/c30/v34.118/qboimax7.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.34/ttinst.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2150CF52-668B-4F16-A2D1-4C85CF9C69B9} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{F9C078CD-07C1-422E-AFF7-F2710F6E942A} : DhcpNameServer = 192.168.2.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\simons\appdata\roaming\mozilla\firefox\profiles\ixcgvenu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3007394&SearchSource=13

FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\dimdim\plugin\application\npDimDimControl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\simons\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\simons\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\simons\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-11-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-11-18 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111117.030\IDSvix86.sys [2011-11-17 368248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-11-18 136312]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-11-18 331384]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 34128]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-18 106104]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 319488]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456]

S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [2010-4-28 56392]

S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [2010-4-28 164552]

S3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [2010-4-28 164552]

S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [2010-5-4 105544]

S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [2010-4-28 164552]

S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [2010-4-28 164552]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]

S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2010-10-3 20504]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-11-18 27192]

.

=============== Created Last 30 ================

.

2011-11-19 02:23:39 -------- d-----w- c:\users\simons\appdata\local\{A49BA6FA-5EF2-4B76-A829-507F0E0FE94D}

2011-11-19 02:23:14 -------- d-----w- c:\users\simons\appdata\local\{FF9A4812-611B-4B2F-A81C-550FB0E76A22}

2011-11-19 00:38:58 -------- d-----w- c:\users\simons\appdata\local\CrashDumps

2011-11-19 00:27:03 -------- d-----w- c:\users\simons\appdata\local\{0955C9DA-7373-4BF5-8382-C7F335F13FB3}

2011-11-19 00:26:36 -------- d-----w- c:\users\simons\appdata\local\{BA7CC171-34E0-4923-823E-5C3BC51E8A6D}

2011-11-19 00:07:59 -------- d-----w- c:\users\simons\appdata\local\VS Revo Group

2011-11-19 00:07:54 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-11-19 00:07:52 -------- d-----w- c:\program files\VS Revo Group

2011-11-18 22:16:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-11-18 22:16:04 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-11-18 22:10:01 -------- d-----w- c:\users\simons\appdata\local\{26FFECCC-56C3-44ED-8DFF-5575248ACE53}

2011-11-18 22:09:36 -------- d-----w- c:\users\simons\appdata\local\{353CBEE7-7630-477C-A2AE-8A5B811AD518}

2011-11-18 20:33:20 -------- d-----w- c:\users\simons\appdata\local\{565872B0-4869-4920-8552-30B00C633B41}

2011-11-18 20:32:43 -------- d-----w- c:\users\simons\appdata\local\{0EE27486-63BA-46C5-9305-358FC559D244}

2011-11-18 20:12:36 -------- d-----w- c:\users\simons\appdata\local\{E1724C5D-0697-423B-97F8-780DC9256C60}

2011-11-18 20:11:56 -------- d-----w- c:\users\simons\appdata\local\{0258D425-BA5D-4CEF-A83C-1F91791DE659}

2011-11-18 19:39:06 -------- d-----w- c:\users\simons\appdata\local\{EE34AA3B-F79C-476A-B253-FFF9D0EEF28A}

2011-11-18 19:38:15 -------- d-----w- c:\users\simons\appdata\local\{916A968C-5408-4E24-9EB2-C67D4BE8DCE6}

2011-11-18 19:18:42 -------- d-----w- c:\programdata\STOPzilla!

2011-11-18 18:03:25 -------- d-----w- c:\users\simons\appdata\local\{E63F7B5B-979B-4459-A234-3E83A3237F41}

2011-11-18 18:02:40 -------- d-----w- c:\users\simons\appdata\local\{54A047C7-3BA3-436A-B2CE-94578BE7603D}

2011-11-18 18:02:24 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-11-18 18:02:08 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-11-18 18:02:07 -------- d-----w- c:\program files\Symantec

2011-11-18 18:00:32 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys

2011-11-18 18:00:32 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys

2011-11-18 18:00:32 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys

2011-11-18 18:00:32 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys

2011-11-18 18:00:32 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys

2011-11-18 18:00:32 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys

2011-11-18 18:00:32 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys

2011-11-18 17:59:57 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D

2011-11-18 17:59:57 -------- d-----w- c:\windows\system32\drivers\N360

2011-11-18 17:59:52 -------- d-----w- c:\program files\Norton 360

2011-11-18 17:57:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4bb88ea-1629-4a4f-afa1-15ef9efdce59}\offreg.dll

2011-11-18 16:17:19 -------- d-----w- c:\users\simons\appdata\local\{38D56F53-00FD-41A9-9743-ABC3A08400BF}

2011-11-18 16:16:28 -------- d-----w- c:\users\simons\appdata\local\{61C0D489-B690-4533-8C81-1B75BEBEAB4F}

2011-11-18 16:12:13 -------- d-----w- c:\users\simons\appdata\local\{1305ED66-4503-4133-832D-99548713901A}

2011-11-18 16:11:26 -------- d-----w- c:\users\simons\appdata\local\{25F76C9F-F6FF-42D6-BC55-CCEABEDE2BD4}

2011-11-18 15:05:59 -------- d-----w- c:\windows\system32\drivers\nst\0102000.007

2011-11-18 15:05:59 -------- d-----w- c:\windows\system32\drivers\NST

2011-11-18 15:05:59 -------- d-----w- c:\program files\Norton Safe Web Lite

2011-11-18 14:45:12 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4bb88ea-1629-4a4f-afa1-15ef9efdce59}\mpengine.dll

2011-11-18 14:17:19 -------- d-----w- c:\users\simons\appdata\local\{3C5774B4-F670-472B-A1A1-8DF3AD549D6E}

2011-11-18 14:16:23 -------- d-----w- c:\users\simons\appdata\local\{69BDB7FE-433A-4F31-A512-85A7DBC69B7D}

2011-11-18 14:10:44 -------- d-----w- c:\users\simons\appdata\local\{D72E6051-6B7C-4783-9545-D2A751A23795}

2011-11-18 14:10:06 -------- d-----w- c:\users\simons\appdata\local\{1E13AA01-8190-4BA9-9E04-3AE575D45DFB}

2011-11-17 14:23:33 -------- d-----w- c:\users\simons\appdata\local\{C01983DA-7E83-4EA3-9DE8-1979FA6A8E0D}

2011-11-17 14:22:47 -------- d-----w- c:\users\simons\appdata\local\{ECCE2073-E7FE-45AE-9AD4-CC9D6B0B7112}

2011-11-16 14:19:50 -------- d-----w- c:\users\simons\appdata\local\{7E839C66-D991-44DA-AEF6-93A45F9CFAD2}

2011-11-16 14:19:14 -------- d-----w- c:\users\simons\appdata\local\{58777FFB-7644-43D2-9A08-B7DF92F0E893}

2011-11-16 13:27:56 -------- d-----w- c:\users\simons\appdata\local\{85C8B0C9-71A2-4114-B2CB-864B6978E5A7}

2011-11-16 13:27:23 -------- d-----w- c:\users\simons\appdata\local\{0FD3EB49-7BE9-4F7D-BF02-DB61271EBC93}

2011-11-16 01:38:25 -------- d-----w- c:\users\simons\appdata\local\{04295695-18DE-44D0-A6C0-ACBF15921E37}

2011-11-16 01:38:01 -------- d-----w- c:\users\simons\appdata\local\{550AC0F0-7BEA-4B21-BA27-70EDC2FE5FA9}

2011-11-15 15:19:22 -------- d-----w- c:\users\simons\appdata\local\{89BB061E-DBF1-4B93-8CA8-ADAAE5829B62}

2011-11-15 15:18:34 -------- d-----w- c:\users\simons\appdata\local\{304C2946-BE65-46E9-9C46-37D4E0EE0DD1}

2011-11-15 15:08:55 -------- d-----w- c:\users\simons\appdata\local\{AC17E653-B91A-4604-B8BA-0F370A1D317F}

2011-11-15 15:08:19 -------- d-----w- c:\users\simons\appdata\local\{9BDF7F81-DFD2-4D36-9DCD-AD458636980E}

2011-11-14 15:56:06 -------- d-----w- c:\users\simons\appdata\local\{0781CE36-E633-4480-833D-C093B34F904C}

2011-11-14 15:55:15 -------- d-----w- c:\users\simons\appdata\local\{0B2C3764-1F44-498D-A463-128FD7008E77}

2011-11-11 14:15:04 -------- d-----w- c:\users\simons\appdata\local\{9FE4C1F1-D90B-4173-ADE3-BF4185981ED5}

2011-11-11 14:14:24 -------- d-----w- c:\users\simons\appdata\local\{E6A63DA3-0A7C-4935-BAF3-6500D8CF95CD}

2011-11-10 17:00:23 -------- d-----w- c:\users\simons\appdata\local\{CF4659DE-4648-4A73-A502-E94FEF73ACC8}

2011-11-10 16:59:46 -------- d-----w- c:\users\simons\appdata\local\{AB4446BF-05B4-49B4-B34D-868BF0DE8A53}

2011-11-10 15:27:08 -------- d-----w- c:\users\simons\appdata\local\{16F82922-83FC-4BAE-9D5E-0DF110730968}

2011-11-10 15:26:44 -------- d-----w- c:\users\simons\appdata\local\{B00BFDCD-D84C-40B3-BAB1-82CF48D660E9}

2011-11-10 14:26:58 -------- d-----w- c:\users\simons\appdata\local\{3CAB5B0C-E384-4D58-8A0F-BE68AD1DB12E}

2011-11-10 14:26:36 -------- d-----w- c:\users\simons\appdata\local\{82C7F098-DA73-4FBF-BDD1-88638CA9B9F9}

2011-11-09 21:05:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-11-09 21:05:24 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 21:05:20 707584 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-09 11:53:57 -------- d-----w- c:\users\simons\appdata\local\{AC557819-C6E2-4F60-A16B-B9D1B6797AAB}

2011-11-09 11:53:35 -------- d-----w- c:\users\simons\appdata\local\{5F7441AD-5797-4173-A8BB-6682F150D3E6}

2011-11-08 23:54:19 -------- d-----w- c:\users\simons\appdata\local\{826704CF-3086-4EA2-AC2F-8800B4F8A176}

2011-11-08 23:53:46 -------- d-----w- c:\users\simons\appdata\local\{C96828FD-CF42-4922-B575-63674BD7C986}

2011-11-08 23:45:48 -------- d-----w- c:\users\simons\appdata\local\{D6E5614E-D194-4CAB-B46B-85903EB6F2FC}

2011-11-08 23:45:25 -------- d-----w- c:\users\simons\appdata\local\{7A230927-23DC-4F6F-BC9B-0F9F633F1C76}

2011-11-08 13:23:27 -------- d-----w- c:\users\simons\appdata\local\{69F121F1-E445-4A3D-8D13-EE2BC5DDF535}

2011-11-08 13:22:59 -------- d-----w- c:\users\simons\appdata\local\{D5D87718-6CA6-48B7-B495-DDE9A07C22E9}

2011-11-07 14:01:53 -------- d-----w- c:\users\simons\appdata\local\{0F0C2040-44F7-4875-918F-0CE6BB2E6E52}

2011-11-07 14:01:15 -------- d-----w- c:\users\simons\appdata\local\{F11CDED5-1F64-416E-A66C-F537D93B687E}

2011-11-04 13:13:43 -------- d-----w- c:\users\simons\appdata\local\{E46A3835-29FA-4F3C-8EFE-2A81B5A77523}

2011-11-04 13:12:44 -------- d-----w- c:\users\simons\appdata\local\{F149D017-68D1-4534-AB70-53BF49AC655E}

2011-11-04 12:59:58 -------- d-----w- c:\users\simons\appdata\local\{C36709B5-2480-4D41-9C65-ACF6A6E41F56}

2011-11-04 12:59:24 -------- d-----w- c:\users\simons\appdata\local\{5E6FAD5B-686A-40C6-B77A-FCE00069A26F}

2011-11-03 22:37:05 -------- d-----w- c:\users\simons\appdata\local\{7D288D9A-A69B-4646-848E-5FDA8E478D59}

2011-11-03 22:36:39 -------- d-----w- c:\users\simons\appdata\local\{29392C0F-4B4E-4945-A216-5BA4DD1AAAFB}

2011-11-03 12:49:48 -------- d-----w- c:\users\simons\appdata\local\{37F97226-0848-421F-BA52-0F02136930B5}

2011-11-03 12:48:57 -------- d-----w- c:\users\simons\appdata\local\{D1F15FC4-5AC4-412D-9F31-0C66EB7C9141}

2011-11-02 23:33:27 -------- d-----w- c:\users\simons\appdata\local\{E9272FAB-35AA-435A-BE56-AE62205D2384}

2011-11-02 23:32:55 -------- d-----w- c:\users\simons\appdata\local\{65F52118-90D7-45AC-982F-F9A930B40734}

2011-11-02 22:47:48 -------- d-----w- c:\users\simons\appdata\local\{49F87081-6A46-4BEA-848A-533928A06EFF}

2011-11-02 22:47:25 -------- d-----w- c:\users\simons\appdata\local\{0AF4E328-A080-4485-ABC0-7B20430616CD}

2011-11-02 13:41:15 -------- d-----w- c:\users\simons\appdata\local\{7363B4B6-3209-4827-BFE6-1185BDB6D3F6}

2011-11-02 13:40:41 -------- d-----w- c:\users\simons\appdata\local\{89C70D93-D7A6-4228-9902-3DAA3A85A6AC}

2011-11-02 12:58:34 -------- d-----w- c:\users\simons\appdata\local\{EA032538-AB98-4737-A651-B0EC34908CD3}

2011-11-02 12:57:48 -------- d-----w- c:\users\simons\appdata\local\{A3164B8C-5715-4F52-BA76-98F19730D470}

2011-11-01 21:53:03 -------- d-----w- c:\users\simons\appdata\local\{9B025BBB-77BB-4DD3-A42E-6C2F69430F67}

2011-11-01 21:52:13 -------- d-----w- c:\users\simons\appdata\local\{D90F936B-A7CB-44A3-8990-AB6D8F3BD251}

2011-11-01 21:33:31 -------- d-----w- c:\users\simons\appdata\local\{2750579C-4B89-4D35-AE17-7C19D619B2A9}

2011-11-01 21:32:52 -------- d-----w- c:\users\simons\appdata\local\{DEC9A257-8A9E-425B-B0E3-F2D669819DA3}

2011-10-31 17:58:15 -------- d-----w- c:\users\simons\appdata\local\{65E8CDB2-042D-42D6-91F5-07C9F66E7B83}

2011-10-31 17:57:47 -------- d-----w- c:\users\simons\appdata\local\{B6C3DC83-61CE-40CB-8F54-35990CB8B56A}

2011-10-31 17:41:47 -------- d-----w- c:\program files\Conduit

2011-10-31 17:41:32 -------- d-----w- c:\users\simons\appdata\roaming\WhiteSmokeTranslator

2011-10-31 17:40:46 -------- d-----w- c:\program files\WhiteSmokeTranslator

2011-10-31 17:40:39 -------- d-----w- c:\users\simons\appdata\local\Conduit

2011-10-31 17:40:28 -------- d-----w- c:\users\simons\appdata\roaming\Systweak

2011-10-31 17:40:16 17280 ----a-w- c:\windows\system32\roboot.exe

2011-10-31 17:40:05 -------- d-----w- c:\program files\RegClean Pro

2011-10-31 13:50:28 -------- d-----w- c:\users\simons\appdata\local\{238911AB-547C-47F3-A546-ED1F9A5C9BAE}

2011-10-31 13:49:54 -------- d-----w- c:\users\simons\appdata\local\{2AEB6415-5C14-41CD-A4B9-ABB8A401B73B}

2011-10-28 13:09:35 -------- d-----w- c:\users\simons\appdata\local\{57F9B969-FA8F-4FE5-84BB-B85CB3251587}

2011-10-28 13:08:58 -------- d-----w- c:\users\simons\appdata\local\{793CAB82-A444-457D-9975-2FB076FAAB64}

2011-10-27 14:34:42 -------- d-----w- c:\users\simons\appdata\local\{5811CDF5-DCD2-4549-8D0E-C3DD247DF746}

2011-10-27 14:34:12 -------- d-----w- c:\users\simons\appdata\local\{197208B2-B163-42CD-A52D-D8DF9DD9DA11}

2011-10-27 14:32:46 -------- d-----w- c:\users\simons\appdata\local\{3CE6E850-0CB0-4DE1-B3E3-10E06DDC81E1}

2011-10-27 14:32:08 -------- d-----w- c:\users\simons\appdata\local\{D58726D6-D764-428C-AD86-F2773160F59F}

2011-10-27 11:59:30 -------- d-----w- c:\users\simons\appdata\local\{83983A82-E8E6-453F-A6BF-B9C55BDB887D}

2011-10-27 11:58:59 -------- d-----w- c:\users\simons\appdata\local\{56249DD2-0B91-4D33-8E32-28D07B61D241}

2011-10-26 20:08:14 -------- d-----w- c:\users\simons\appdata\local\{030F4A99-3555-47FC-96EA-353705C3A682}

2011-10-26 20:07:51 -------- d-----w- c:\users\simons\appdata\local\{AB9DEA19-9B2D-4C0F-AAF0-225EC04E838D}

2011-10-26 19:28:42 -------- d-----w- c:\users\simons\appdata\local\{64323814-E93B-40DC-8F2E-1CE7380CE162}

2011-10-26 19:28:20 -------- d-----w- c:\users\simons\appdata\local\{9959DD59-D121-4578-A915-DDB8436DC464}

2011-10-26 13:39:20 -------- d-----w- c:\users\simons\appdata\local\{A2215153-D1A9-491A-A7A0-3A6443141536}

2011-10-26 13:38:45 -------- d-----w- c:\users\simons\appdata\local\{E74E7E19-D11B-4ABA-9E78-00586E053F38}

2011-10-26 13:18:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-10-25 15:10:32 -------- d-----w- c:\users\simons\appdata\local\{DE9059EA-6887-4780-9004-CB48B083C0FF}

2011-10-25 15:10:03 -------- d-----w- c:\users\simons\appdata\local\{3C35933D-0912-45A3-8126-3945937B8FF5}

2011-10-25 12:37:02 -------- d-----w- c:\users\simons\appdata\local\{2F83A25A-66F6-4CF1-842E-55A7F38910EA}

2011-10-25 12:36:19 -------- d-----w- c:\users\simons\appdata\local\{15041C58-574C-4364-B681-CE315E826DE4}

2011-10-25 00:58:20 -------- d-----w- c:\users\simons\appdata\local\{2CF1275A-55C2-4561-BD06-B54857AAC314}

2011-10-25 00:57:59 -------- d-----w- c:\users\simons\appdata\local\{62B046F1-5E18-4BA3-B46C-C97168346883}

2011-10-24 12:58:36 -------- d-----w- c:\users\simons\appdata\local\{A73AB25E-132A-4857-9232-EAF79DA3AF06}

2011-10-24 12:58:12 -------- d-----w- c:\users\simons\appdata\local\{95A20687-EFBF-46D2-A056-4001A37AF9EB}

2011-10-24 12:31:15 -------- d-----w- c:\users\simons\appdata\local\{818D5F74-7E3F-488B-AF45-7AD4F09266E1}

2011-10-24 12:30:53 -------- d-----w- c:\users\simons\appdata\local\{CFFE00A1-6F1B-4C90-BC15-D88BF3293AAD}

2011-10-21 17:51:11 -------- d-----w- c:\users\simons\appdata\local\{AC16E68E-B8A4-42A8-AAA9-C7AFA3D0AD30}

2011-10-21 17:50:56 -------- d-----w- c:\users\simons\appdata\local\{00705AD3-F60B-4D9A-8E9D-412AF60D3C27}

2011-10-21 17:34:27 -------- d-----w- c:\users\simons\appdata\local\{33D779D6-708F-4DAA-90BE-7A5D05AB3333}

2011-10-21 11:21:42 -------- d-----w- c:\users\simons\appdata\local\{2CD30693-8FA8-4502-9856-7649B01C5CC5}

2011-10-21 11:20:57 -------- d-----w- c:\users\simons\appdata\local\{7EC68AEE-38A6-4E09-88E9-A7DF5B68B529}

2011-10-20 20:46:20 -------- d-----w- c:\users\simons\appdata\local\{451FF719-876E-446F-9669-2169E5F7C148}

2011-10-20 20:45:53 -------- d-----w- c:\users\simons\appdata\local\{C0019C67-7ECE-4179-BCA1-D39CEB824C49}

.

==================== Find3M ====================

.

2011-11-02 13:58:06 60304 ----a-w- c:\users\simons\g2mdlhlpx.exe

2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll

2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec

2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-29 17:32:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 21:40:25.56 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.