Jump to content

Recommended Posts

ok, after i got rid of piracy protection, i got something new and more malicious.

this malewares called windows 7 internet security 2012. it changed my malewarebytes icon to open the maleware windows when clicked upon.

the file name for this malware under task manager box is called lfu.exe*32.

i'm writing this in safe mode. i'm also redownloaded malewarebytes in safe mode and going to scan in safe mode and see what happens.

i perviously rid of the malewares in normal mode. does this make that much different when you don't scan in safe mode?

please advise on what else i need to do to stop the frequency of these maleware hits that started recently.

Link to post
Share on other sites

nevermind, i resolved it. i located the source from task manager and delete it in the app folder. i installed malewarebytes and scanned and found some maleware files, delete them and restarted and everything seemed alright.

but a little while ago, some maleware sneaked into my system again called windows 7 antispyware 2012 and its associated file name in task manager is nmk.exe*32.

i located the source from task manager and deleted it again and pop-up recurrence stopped.

can somebody help me put an end to these hits, its getting annoying?

Link to post
Share on other sites

mbam:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8331

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/8/2011 12:16:52 AM

mbam-log-2011-12-08 (00-16-20).txt

Scan type: Quick scan

Objects scanned: 229402

Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\founder7231\AppData\Local\Temp\115.8504.exe (Trojan.FakeMS) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\dcm.dll (Trojan.FakeMS) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\lkdoqtzida (Trojan.FakeMS) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\utc.dll (Trojan.FakeMS) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\zglqqqjueu (Trojan.FakeMS) -> No action taken.

c:\Users\founder7231\local settings\temporary internet files\Content.IE5\F1986WGL\file[1].exe (Trojan.FakeMS) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\0.9114157549241122.exe (Exploit.Drop.2) -> No action taken.

dss:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by founder7231 at 0:17:21 on 2011-12-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2382 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102216p04g5v145r45n1s44o

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605102216p04g5v145r45n1s44o

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\founder7231\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

mRun: [inCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [<NO NAME>]

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\FOUNDE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{DBA49E91-4F47-4D6F-A324-9758D022C244} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: klartew - C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO-X64: Updater For Simppull Toolbar - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO-X64: SWEETIE - No File

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll

TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

mRun-x64: [inCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [(Default)]

mRun-x64: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=

FF - prefs.js: network.proxy.type - 4

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\founder7231\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Users\founder7231\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\founder7231\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]

R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100518.002\IDSviA64.sys [2010-5-24 463408]

R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-5-29 401920]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-6-6 45912]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2010-6-6 132736]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-5-24 117640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-9 2255464]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2010-6-6 243328]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2010-6-6 345728]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 135664]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-2 1431888]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 135664]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

.exe=ah

.

=============== Created Last 30 ================

.

2011-12-08 03:01:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{546F7082-20CA-458D-9FB3-2503AE2514B1}

2011-12-08 03:01:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{6AC4D03D-540E-4397-AF00-E643DC75F5A3}

2011-12-05 06:05:36 -------- d-----w- C:\Users\founder7231\AppData\Local\{B127E439-F4E3-4950-ABC7-13FA6594DAD5}

2011-12-05 05:20:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{839D3B33-794A-458E-96AC-858BD4CF111B}

2011-12-05 05:20:19 -------- d-----w- C:\Users\founder7231\AppData\Local\{EF4BD751-0002-4E30-9A13-7881E4CA05A9}

2011-12-05 04:35:31 -------- d-----w- C:\Users\founder7231\AppData\Local\{B8FCDF4C-3345-499C-8288-4AFAEE16AD92}

2011-12-05 04:35:20 -------- d-----w- C:\Users\founder7231\AppData\Local\{02D387DD-CA93-411C-A67E-9C8147570C31}

2011-12-04 02:46:12 -------- d-----w- C:\Users\founder7231\AppData\Local\{DD3AC634-1AC5-4E8B-88F1-B37CF5AAD3F4}

2011-12-04 02:46:02 -------- d-----w- C:\Users\founder7231\AppData\Local\{2A556394-CADF-4A68-BA4B-3986099D9884}

2011-12-03 21:04:31 -------- d-----w- C:\Users\founder7231\AppData\Local\{7EE6E3EF-DC0A-4BD8-82B4-A68429AE9B08}

2011-12-03 06:33:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{FC755AA7-8384-441B-96D6-F28C631D057C}

2011-12-03 06:33:45 -------- d-----w- C:\Users\founder7231\AppData\Local\{FD06F1C5-0721-4B3B-B7B9-90EDC564804C}

2011-12-03 05:14:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{62904A82-4122-409F-86F3-1BDE25731283}

2011-12-03 05:14:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{D7DE7DC4-38AC-4B89-85F2-D8F17F28078C}

2011-12-02 06:20:34 -------- d-----w- C:\Users\founder7231\AppData\Local\{F39720B5-8871-4262-8A56-75C8711DD8A5}

2011-12-02 06:20:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{1FB0C8EA-0265-4C2C-977A-E321D5D192E5}

2011-12-02 05:30:00 -------- d-----w- C:\Users\founder7231\AppData\Local\{270DDCFF-7256-4534-B916-697411A05FF0}

2011-12-02 05:29:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{69ADFFC7-0852-45C6-8DB8-430F9F7B42E2}

2011-12-01 22:31:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{2E1192A6-FCD2-4795-877C-C4FE2A09AE1C}

2011-12-01 22:31:13 -------- d-----w- C:\Users\founder7231\AppData\Local\{C0124C77-2D5B-4860-853A-17F0445DAABB}

2011-12-01 12:44:51 -------- d-----w- C:\Users\founder7231\AppData\Local\{568E0090-9E16-4D23-8918-D9455B7FF717}

2011-12-01 04:48:57 -------- d-sh--w- C:\found.001

2011-12-01 01:59:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{59E1EB4A-9ABF-4440-BDA0-845F05B1B40A}

2011-12-01 01:51:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{AA44DCDA-FEDF-460D-B133-4A396B3C6A1A}

2011-12-01 00:16:54 -------- d-sh--w- C:\found.000

2011-11-30 23:44:21 -------- d-----w- C:\Users\founder7231\AppData\Local\{45E5942F-88B6-4B21-9D8B-1473C29DB1FC}

2011-11-30 23:44:07 -------- d-----w- C:\Users\founder7231\AppData\Local\{C340F6DA-BE7A-477F-9B70-7987AEBE832B}

2011-11-30 23:28:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{340DA7F4-EECD-47E5-B174-23A1C63F05C8}

2011-11-29 22:56:57 -------- d-----w- C:\Users\founder7231\AppData\Local\{76692C07-9F72-4C21-8AE7-AF93487AC004}

2011-11-29 22:56:46 -------- d-----w- C:\Users\founder7231\AppData\Local\{E54B14D1-1CBA-4948-BAF6-D1E10A2ACC78}

2011-11-28 22:23:09 -------- d-----w- C:\Users\founder7231\AppData\Local\{8B1306DA-6D92-428D-8ED0-82C5C05BF57F}

2011-11-28 22:22:59 -------- d-----w- C:\Users\founder7231\AppData\Local\{99DBE7AB-2168-4693-8B42-01C73D6CB005}

2011-11-28 20:29:15 -------- d-----w- C:\Users\founder7231\AppData\Local\{33CCCDD8-7EC6-47AA-84D4-E6B373E65366}

2011-11-28 20:29:04 -------- d-----w- C:\Users\founder7231\AppData\Local\{139FE20D-4428-4489-8E06-947683F26839}

2011-11-27 03:03:53 -------- d-----w- C:\Users\founder7231\AppData\Local\{50067468-B9E9-48FF-9508-70B11D4648ED}

2011-11-27 03:03:43 -------- d-----w- C:\Users\founder7231\AppData\Local\{AC0D1FB8-8337-4166-8927-51B08B0EA17F}

2011-11-27 03:00:19 -------- d-----w- C:\Users\founder7231\AppData\Local\{97B2383E-3B79-4993-8FA5-289FEED88A63}

2011-11-27 02:29:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-27 01:32:43 -------- d-----w- C:\Users\founder7231\AppData\Local\{3AFF129B-8677-4403-AD41-BCDA7FBA8066}

2011-11-27 01:08:28 -------- d-----w- C:\Users\founder7231\AppData\Local\{1977E70C-E616-4B18-9BF4-2CA89E3B47E7}

2011-11-27 01:00:29 -------- d-----w- C:\Users\founder7231\AppData\Local\{1ED66661-9688-46FC-8E75-03D92689224E}

2011-11-27 01:00:17 -------- d-----w- C:\Users\founder7231\AppData\Local\{954BD340-28F2-43E6-8B32-8158A811F380}

2011-11-26 20:15:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{4F710B64-BB2B-489D-9710-4C51166C83AC}

2011-11-26 20:15:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{84925C6A-78C3-45CE-AF14-73D9F2389BCB}

2011-11-26 08:55:10 -------- d-----w- C:\Users\founder7231\AppData\Local\{EE52BC06-7A93-4CDA-ACC5-601F8C9A36C1}

2011-11-26 08:54:07 -------- d-----w- C:\Users\founder7231\AppData\Local\{ABB42E49-3F02-4110-895C-A4C6120FE0B0}

2011-11-26 08:25:43 -------- d-----w- C:\Program Files (x86)\FEB9F

2011-11-26 03:45:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{054CA38C-D37D-497E-A8B9-DD3085EA224B}

2011-11-26 03:45:48 -------- d-----w- C:\Users\founder7231\AppData\Local\{053DF7F5-4F91-4F92-83E6-4C8F2DFB39A7}

2011-11-25 06:16:11 -------- d-----w- C:\Users\founder7231\AppData\Roaming\Z33oonF4a

2011-11-25 06:16:11 -------- d-----w- C:\Users\founder7231\AppData\Roaming\AmmmH55sWJ7E

2011-11-25 06:16:06 -------- d-----w- C:\Users\founder7231\AppData\Roaming\OivvDD3onF4aH5W

2011-11-25 06:16:04 -------- d-----w- C:\Users\founder7231\AppData\Roaming\PrrzzONNtx0uc2i

2011-11-25 06:16:04 -------- d-----w- C:\Users\founder7231\AppData\Roaming\eGG55aQHHdWK7R9

2011-11-24 04:28:33 -------- d-----w- C:\Users\founder7231\AppData\Roaming\dUCelIPNy1v2

2011-11-24 04:28:33 -------- d-----w- C:\Users\founder7231\AppData\Roaming\BpmG5aQJ6W

2011-11-24 03:42:18 -------- d-----w- C:\amv convert

2011-11-24 03:30:22 -------- d-----w- C:\Users\founder7231\AppData\Local\{51B0A5D5-911F-4C70-A5BD-11B852916349}

2011-11-24 03:30:12 -------- d-----w- C:\Users\founder7231\AppData\Local\{0F87A4AD-7A37-4C2A-94D3-DCE7BFC569B8}

2011-11-22 00:55:48 -------- d-----w- C:\Users\founder7231\AppData\Local\{1A6A8873-4140-42F1-A670-1AEC11A7D145}

2011-11-22 00:55:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{A1F887E9-9EB4-4923-AAE3-10EE1F70897D}

2011-11-21 06:05:15 -------- d-----w- C:\Users\founder7231\AppData\Local\{A0247D39-B9F0-4573-9FFA-0CB737FE470B}

2011-11-21 06:05:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{E3A73508-337C-40E3-A971-32ACF7B6B847}

2011-11-21 04:31:36 -------- d-----w- C:\Program Files (x86)\LP

2011-11-21 04:26:49 -------- d-----w- C:\Users\founder7231\AppData\Roaming\FEB9F

2011-11-21 04:26:15 -------- d-----w- C:\Users\founder7231\AppData\Roaming\B4CFE

2011-11-21 04:26:13 -------- d-----w- C:\Users\founder7231\AppData\Roaming\BsssQJJ6dK

2011-11-21 04:26:12 -------- d-----w- C:\Users\founder7231\AppData\Roaming\zccAA1uvD2ob4pG

2011-11-21 04:26:09 -------- d-----w- C:\Users\founder7231\AppData\Roaming\ozzONyyxA0uv2iF

2011-11-21 04:26:07 -------- d-----w- C:\Users\founder7231\AppData\Roaming\uJJJ77dEK8gR

2011-11-21 04:26:07 -------- d-----w- C:\Users\founder7231\AppData\Roaming\oPPNNyccA1u

2011-11-21 04:25:42 -------- d-----we C:\Windows\system64

2011-11-20 23:06:57 -------- d-----w- C:\Users\founder7231\AppData\Local\{A5B45029-7FD3-451C-89B2-499BE009747E}

2011-11-20 23:06:47 -------- d-----w- C:\Users\founder7231\AppData\Local\{70C977AC-5EAB-4F65-BDC6-560D29F57E0E}

2011-11-20 05:07:00 -------- d-----w- C:\Users\founder7231\AppData\Local\{628B09A7-9E36-4782-BA76-5157EEB9B8B6}

2011-11-20 05:06:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{2C15D511-EE7D-4A5A-98E2-3402BA9F3F6E}

2011-11-20 04:21:52 -------- d-----w- C:\Users\founder7231\AppData\Local\{04111364-CFA4-4CFC-B484-64E884E3EE45}

2011-11-20 04:21:41 -------- d-----w- C:\Users\founder7231\AppData\Local\{374FD8A5-4186-4665-A408-0F5C894175D3}

2011-11-19 07:42:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A38FB65C-1A7D-4EA3-B7DA-6644DB0A6C42}\mpengine.dll

2011-11-19 07:37:18 -------- d-----w- C:\Users\founder7231\AppData\Local\{78DF5E65-8674-4ED5-B097-2ACC7F81FA01}

2011-11-19 07:37:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{AB3A057F-3A3A-4E52-9038-4C372EA9D68F}

2011-11-17 03:41:27 -------- d-----w- C:\Users\founder7231\AppData\Local\{95CE71F2-6FEE-4649-B589-A7A9F46BD34F}

2011-11-17 03:41:17 -------- d-----w- C:\Users\founder7231\AppData\Local\{5CB8717C-844D-4E8D-9ADC-70982B518586}

2011-11-16 02:33:58 -------- d-----w- C:\Users\founder7231\AppData\Local\{8C496FFB-261C-40BE-A59C-032E24D268A7}

2011-11-16 02:33:47 -------- d-----w- C:\Users\founder7231\AppData\Local\{F5E14D19-4DB4-4CF2-AD7B-8936B982CB8A}

2011-11-14 00:23:16 -------- d-----w- C:\Users\founder7231\AppData\Local\{893DC89A-C2D2-4EDA-9ED7-898B941B84C5}

2011-11-14 00:23:06 -------- d-----w- C:\Users\founder7231\AppData\Local\{9F993F26-AC53-475A-81D9-CB7F65CE14F4}

2011-11-11 00:55:58 -------- d-----w- C:\Users\founder7231\AppData\Local\{667A281D-40F0-40F9-B66B-4467AFAE2E87}

2011-11-11 00:55:48 -------- d-----w- C:\Users\founder7231\AppData\Local\{9CB361C0-8714-4213-BA9A-268386698B8D}

2011-11-11 00:52:12 -------- d-----w- C:\Users\founder7231\AppData\Local\{858685B3-38EF-4DB8-A70A-6EE56143AB72}

2011-11-11 00:52:01 -------- d-----w- C:\Users\founder7231\AppData\Local\{05E0A0BB-C3D0-4A8C-9A9E-2A25F8AA82CE}

2011-11-09 20:46:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{2A93670A-C40C-4781-9F7F-0B6F5AD18A98}

2011-11-09 20:46:28 -------- d-----w- C:\Users\founder7231\AppData\Local\{0CC55135-97FE-4B1A-8AF6-C05C3E218DA0}

2011-11-09 20:22:15 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 20:22:15 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 20:22:11 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 20:22:07 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 03:44:02 -------- d-----w- C:\Users\founder7231\AppData\Local\{D789EEEE-609B-4016-A68E-C56B179D5B23}

2011-11-09 03:43:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{74B11D46-0534-476A-B268-0B6BFE4A79CB}

.

==================== Find3M ====================

.

2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 0:18:18.92 ===============

please get back to me asap. thanks!

Link to post
Share on other sites

something weird happened recently. i was able to run mbam and dds. but whenever i click the mbam icon, it would prompt installation and avast anti- virus icon is offline as well. i reinstalled mbam before and after scan and restart, i'm back to windows and i can't open mbam and it prompts installation again.

can you advice on how to fix these problems?

Link to post
Share on other sites

i resolved apps not opening problem when i scanned in safe mode.

following is report:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8336

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

12/8/2011 8:01:49 PM

mbam-log-2011-12-08 (20-01-35).txt

Scan type: Quick scan

Objects scanned: 228433

Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> No action taken.

Registry Values Infected:

HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> No action taken.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\founder7231\AppData\Local\Temp\ayhinkiqcq (Trojan.FakeAlert) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\gcc.dll (Trojan.FakeAlert) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\mnu.dll (Trojan.Agent) -> No action taken.

c:\Users\founder7231\AppData\Local\Temp\oakiwnehaz (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

ComboFix 11-12-12.02 - founder7231 12/12/2011 21:49:54.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1505 [GMT -5:00]

Running from: c:\users\founder7231\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\program files (x86)\Search Toolbar

c:\program files (x86)\Search Toolbar\icon.ico

c:\program files (x86)\Search Toolbar\SearchToolbar.dll

c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\users\founder7231\AppData\Roaming\AmmmH55sWJ7E

c:\users\founder7231\AppData\Roaming\AmmmH55sWJ7E\Cloud AV 2012.ico

c:\users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\searchplugins\bing-zugo.xml

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))

.

.

2011-12-13 03:05 . 2011-12-13 03:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-13 03:05 . 2011-12-13 03:05 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-12-13 03:05 . 2011-12-13 03:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-08 06:36 . 2011-12-11 07:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-01 04:48 . 2011-12-01 04:48 -------- d-----w- C:\found.001

2011-12-01 01:42 . 2011-12-01 01:43 -------- d-----w- c:\users\TEMP

2011-12-01 00:16 . 2011-12-01 00:16 -------- d-----w- C:\found.000

2011-11-27 02:54 . 2011-11-27 02:54 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes

2011-11-26 08:25 . 2011-11-26 08:25 -------- d-----w- c:\program files (x86)\FEB9F

2011-11-25 06:16 . 2011-11-25 06:16 -------- d-----w- c:\users\founder7231\AppData\Roaming\Z33oonF4a

2011-11-25 06:16 . 2011-11-25 06:16 -------- d-----w- c:\users\founder7231\AppData\Roaming\OivvDD3onF4aH5W

2011-11-25 06:16 . 2011-11-25 06:31 -------- d-----w- c:\users\founder7231\AppData\Roaming\PrrzzONNtx0uc2i

2011-11-25 06:16 . 2011-11-25 06:16 -------- d-----w- c:\users\founder7231\AppData\Roaming\eGG55aQHHdWK7R9

2011-11-24 04:28 . 2011-11-24 04:28 -------- d-----w- c:\users\founder7231\AppData\Roaming\dUCelIPNy1v2

2011-11-24 04:28 . 2011-11-24 04:28 -------- d-----w- c:\users\founder7231\AppData\Roaming\BpmG5aQJ6W

2011-11-24 03:42 . 2011-11-24 04:51 -------- d-----w- C:\amv convert

2011-11-21 04:26 . 2011-11-26 08:52 -------- d-----w- c:\users\founder7231\AppData\Roaming\FEB9F

2011-11-21 04:26 . 2011-11-28 02:40 -------- d-----w- c:\users\founder7231\AppData\Roaming\B4CFE

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\BsssQJJ6dK

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\zccAA1uvD2ob4pG

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\ozzONyyxA0uv2iF

2011-11-21 04:26 . 2011-11-24 04:49 -------- d-----w- c:\users\founder7231\AppData\Roaming\oPPNNyccA1u

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\uJJJ77dEK8gR

2011-11-19 07:42 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38FB65C-1A7D-4EA3-B7DA-6644DB0A6C42}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-14 03:02 . 2011-10-14 03:02 3949320 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.0.822.0oemBingBarSetup-Partner.EXE

2011-09-29 16:29 . 2011-11-09 20:22 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:03 . 2011-11-09 20:22 3144704 ----a-w- c:\windows\system32\win32k.sys

2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-02-01 19:58 1499440 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-05-18 21:25 194912 ------w- c:\program files (x86)\Yontoo Layers\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\program files (x86)\Ahead\InCD\InCD.exe" [2003-11-25 1232946]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-03-20 273544]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

.

c:\users\founder7231\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]

2011-11-29 21:27 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [x]

R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6\dbk64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-15 1431888]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]

S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100518.002\IDSvia64.sys [2010-05-18 463408]

S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-04-30 54616]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-10-29 117640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 04:50]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 04:50]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811944950-3358311789-1212778198-1000Core.job

- c:\users\founder7231\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 13:00]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811944950-3358311789-1212778198-1000UA.job

- c:\users\founder7231\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 13:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"combofix"="c:\combofix\CF4806.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

FF - ProfilePath - c:\users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Ahead\InCD\InCDsrv.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

.

**************************************************************************

.

Completion time: 2011-12-12 22:32:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-13 03:32

.

Pre-Run: 607,131,480,064 bytes free

Post-Run: 608,281,563,136 bytes free

.

- - End Of File - - D38C4A6B9FD2FBA78F1B81B752CF3461

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by founder7231 at 22:51:09 on 2011-12-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2631 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

mRun: [inCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

StartupFolder: C:\Users\FOUNDE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{DBA49E91-4F47-4D6F-A324-9758D022C244} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: klartew - C:\Windows\system32\config\systemprofile\AppData\Local\klartew.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO-X64: Updater For Simppull Toolbar - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

BHO-X64: SWEETIE - No File

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

mRun-x64: [inCD] C:\Program Files (x86)\Ahead\InCD\InCD.exe

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]

R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100518.002\IDSviA64.sys [2010-5-24 463408]

R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-5-29 401920]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-6-6 45912]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2010-6-6 132736]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]

R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-5-24 117640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-9 2255464]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2010-6-6 243328]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2010-6-6 345728]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 135664]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-2 1431888]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 135664]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS --> C:\Windows\system32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-13 03:15:25 -------- d-----w- C:\$RECYCLE.BIN

2011-12-13 02:46:34 98816 ----a-w- C:\Windows\sed.exe

2011-12-13 02:46:34 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-13 02:46:34 256000 ----a-w- C:\Windows\PEV.exe

2011-12-13 02:46:34 208896 ----a-w- C:\Windows\MBR.exe

2011-12-12 06:06:13 -------- d-----w- C:\Users\founder7231\AppData\Local\{C8C59207-BB92-4AB1-BBB0-1E35D23C4FC4}

2011-12-12 06:06:02 -------- d-----w- C:\Users\founder7231\AppData\Local\{22CCB6CC-EB0E-49D2-AB1A-E5BAF5ACE546}

2011-12-11 04:43:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{CF42B8E3-F06D-4FC5-BC14-5222B78A54EA}

2011-12-11 04:43:46 -------- d-----w- C:\Users\founder7231\AppData\Local\{2BB26434-C70B-4C71-8EE9-3CFCB63BDE42}

2011-12-11 04:16:27 -------- d-----w- C:\Users\founder7231\AppData\Local\{57902F3F-BAC0-474F-9850-3FA862938D09}

2011-12-11 04:16:16 -------- d-----w- C:\Users\founder7231\AppData\Local\{998E2B8B-A2DA-4357-9093-FC608AB16013}

2011-12-10 01:07:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{7F28274E-8B16-48C6-809F-D93542FAC9AC}

2011-12-10 01:07:45 -------- d-----w- C:\Users\founder7231\AppData\Local\{56A1640F-B6E0-4693-BBE8-58F0B996C0C9}

2011-12-09 02:32:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{99259AA7-DEAF-4A5C-AE54-E3564A0972E8}

2011-12-09 02:32:45 -------- d-----w- C:\Users\founder7231\AppData\Local\{3F26AD3F-81FD-4AF1-A943-B21B9AEAC351}

2011-12-09 02:31:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{5D01C3CC-6378-4D83-9F2D-8DF5E058E36D}

2011-12-09 02:31:38 -------- d-----w- C:\Users\founder7231\AppData\Local\{884CD171-C80E-4501-8312-0B6BF57EF430}

2011-12-09 01:17:01 -------- d-----w- C:\Users\founder7231\AppData\Local\{20D8AE2E-4C4D-4E20-B5E1-E89BE18235AA}

2011-12-09 01:16:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{91099258-6810-41BC-A4D6-0FB83ADA80CD}

2011-12-08 06:36:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-08 03:01:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{546F7082-20CA-458D-9FB3-2503AE2514B1}

2011-12-08 03:01:39 -------- d-----w- C:\Users\founder7231\AppData\Local\{6AC4D03D-540E-4397-AF00-E643DC75F5A3}

2011-12-05 06:05:36 -------- d-----w- C:\Users\founder7231\AppData\Local\{B127E439-F4E3-4950-ABC7-13FA6594DAD5}

2011-12-05 05:20:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{839D3B33-794A-458E-96AC-858BD4CF111B}

2011-12-05 05:20:19 -------- d-----w- C:\Users\founder7231\AppData\Local\{EF4BD751-0002-4E30-9A13-7881E4CA05A9}

2011-12-05 04:35:31 -------- d-----w- C:\Users\founder7231\AppData\Local\{B8FCDF4C-3345-499C-8288-4AFAEE16AD92}

2011-12-05 04:35:20 -------- d-----w- C:\Users\founder7231\AppData\Local\{02D387DD-CA93-411C-A67E-9C8147570C31}

2011-12-04 02:46:12 -------- d-----w- C:\Users\founder7231\AppData\Local\{DD3AC634-1AC5-4E8B-88F1-B37CF5AAD3F4}

2011-12-04 02:46:02 -------- d-----w- C:\Users\founder7231\AppData\Local\{2A556394-CADF-4A68-BA4B-3986099D9884}

2011-12-03 21:04:31 -------- d-----w- C:\Users\founder7231\AppData\Local\{7EE6E3EF-DC0A-4BD8-82B4-A68429AE9B08}

2011-12-03 06:33:56 -------- d-----w- C:\Users\founder7231\AppData\Local\{FC755AA7-8384-441B-96D6-F28C631D057C}

2011-12-03 06:33:45 -------- d-----w- C:\Users\founder7231\AppData\Local\{FD06F1C5-0721-4B3B-B7B9-90EDC564804C}

2011-12-03 05:14:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{62904A82-4122-409F-86F3-1BDE25731283}

2011-12-03 05:14:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{D7DE7DC4-38AC-4B89-85F2-D8F17F28078C}

2011-12-02 06:20:34 -------- d-----w- C:\Users\founder7231\AppData\Local\{F39720B5-8871-4262-8A56-75C8711DD8A5}

2011-12-02 06:20:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{1FB0C8EA-0265-4C2C-977A-E321D5D192E5}

2011-12-02 05:30:00 -------- d-----w- C:\Users\founder7231\AppData\Local\{270DDCFF-7256-4534-B916-697411A05FF0}

2011-12-02 05:29:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{69ADFFC7-0852-45C6-8DB8-430F9F7B42E2}

2011-12-01 22:31:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{2E1192A6-FCD2-4795-877C-C4FE2A09AE1C}

2011-12-01 22:31:13 -------- d-----w- C:\Users\founder7231\AppData\Local\{C0124C77-2D5B-4860-853A-17F0445DAABB}

2011-12-01 12:44:51 -------- d-----w- C:\Users\founder7231\AppData\Local\{568E0090-9E16-4D23-8918-D9455B7FF717}

2011-12-01 04:48:57 -------- d-----w- C:\found.001

2011-12-01 01:59:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{59E1EB4A-9ABF-4440-BDA0-845F05B1B40A}

2011-12-01 01:51:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{AA44DCDA-FEDF-460D-B133-4A396B3C6A1A}

2011-12-01 00:16:54 -------- d-----w- C:\found.000

2011-11-30 23:44:21 -------- d-----w- C:\Users\founder7231\AppData\Local\{45E5942F-88B6-4B21-9D8B-1473C29DB1FC}

2011-11-30 23:44:07 -------- d-----w- C:\Users\founder7231\AppData\Local\{C340F6DA-BE7A-477F-9B70-7987AEBE832B}

2011-11-30 23:28:30 -------- d-----w- C:\Users\founder7231\AppData\Local\{340DA7F4-EECD-47E5-B174-23A1C63F05C8}

2011-11-29 22:56:57 -------- d-----w- C:\Users\founder7231\AppData\Local\{76692C07-9F72-4C21-8AE7-AF93487AC004}

2011-11-29 22:56:46 -------- d-----w- C:\Users\founder7231\AppData\Local\{E54B14D1-1CBA-4948-BAF6-D1E10A2ACC78}

2011-11-28 22:23:09 -------- d-----w- C:\Users\founder7231\AppData\Local\{8B1306DA-6D92-428D-8ED0-82C5C05BF57F}

2011-11-28 22:22:59 -------- d-----w- C:\Users\founder7231\AppData\Local\{99DBE7AB-2168-4693-8B42-01C73D6CB005}

2011-11-28 20:29:15 -------- d-----w- C:\Users\founder7231\AppData\Local\{33CCCDD8-7EC6-47AA-84D4-E6B373E65366}

2011-11-28 20:29:04 -------- d-----w- C:\Users\founder7231\AppData\Local\{139FE20D-4428-4489-8E06-947683F26839}

2011-11-27 03:03:53 -------- d-----w- C:\Users\founder7231\AppData\Local\{50067468-B9E9-48FF-9508-70B11D4648ED}

2011-11-27 03:03:43 -------- d-----w- C:\Users\founder7231\AppData\Local\{AC0D1FB8-8337-4166-8927-51B08B0EA17F}

2011-11-27 03:00:19 -------- d-----w- C:\Users\founder7231\AppData\Local\{97B2383E-3B79-4993-8FA5-289FEED88A63}

2011-11-27 01:32:43 -------- d-----w- C:\Users\founder7231\AppData\Local\{3AFF129B-8677-4403-AD41-BCDA7FBA8066}

2011-11-27 01:08:28 -------- d-----w- C:\Users\founder7231\AppData\Local\{1977E70C-E616-4B18-9BF4-2CA89E3B47E7}

2011-11-27 01:00:29 -------- d-----w- C:\Users\founder7231\AppData\Local\{1ED66661-9688-46FC-8E75-03D92689224E}

2011-11-27 01:00:17 -------- d-----w- C:\Users\founder7231\AppData\Local\{954BD340-28F2-43E6-8B32-8158A811F380}

2011-11-26 20:15:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{4F710B64-BB2B-489D-9710-4C51166C83AC}

2011-11-26 20:15:23 -------- d-----w- C:\Users\founder7231\AppData\Local\{84925C6A-78C3-45CE-AF14-73D9F2389BCB}

2011-11-26 08:55:10 -------- d-----w- C:\Users\founder7231\AppData\Local\{EE52BC06-7A93-4CDA-ACC5-601F8C9A36C1}

2011-11-26 08:54:07 -------- d-----w- C:\Users\founder7231\AppData\Local\{ABB42E49-3F02-4110-895C-A4C6120FE0B0}

2011-11-26 08:25:43 -------- d-----w- C:\Program Files (x86)\FEB9F

2011-11-26 03:45:50 -------- d-----w- C:\Users\founder7231\AppData\Local\{054CA38C-D37D-497E-A8B9-DD3085EA224B}

2011-11-26 03:45:48 -------- d-----w- C:\Users\founder7231\AppData\Local\{053DF7F5-4F91-4F92-83E6-4C8F2DFB39A7}

2011-11-25 06:16:11 -------- d-----w- C:\Users\founder7231\AppData\Roaming\Z33oonF4a

2011-11-25 06:16:06 -------- d-----w- C:\Users\founder7231\AppData\Roaming\OivvDD3onF4aH5W

2011-11-25 06:16:04 -------- d-----w- C:\Users\founder7231\AppData\Roaming\PrrzzONNtx0uc2i

2011-11-25 06:16:04 -------- d-----w- C:\Users\founder7231\AppData\Roaming\eGG55aQHHdWK7R9

2011-11-24 04:28:33 -------- d-----w- C:\Users\founder7231\AppData\Roaming\dUCelIPNy1v2

2011-11-24 04:28:33 -------- d-----w- C:\Users\founder7231\AppData\Roaming\BpmG5aQJ6W

2011-11-24 03:42:18 -------- d-----w- C:\amv convert

2011-11-24 03:30:22 -------- d-----w- C:\Users\founder7231\AppData\Local\{51B0A5D5-911F-4C70-A5BD-11B852916349}

2011-11-24 03:30:12 -------- d-----w- C:\Users\founder7231\AppData\Local\{0F87A4AD-7A37-4C2A-94D3-DCE7BFC569B8}

2011-11-22 00:55:48 -------- d-----w- C:\Users\founder7231\AppData\Local\{1A6A8873-4140-42F1-A670-1AEC11A7D145}

2011-11-22 00:55:37 -------- d-----w- C:\Users\founder7231\AppData\Local\{A1F887E9-9EB4-4923-AAE3-10EE1F70897D}

2011-11-21 06:05:15 -------- d-----w- C:\Users\founder7231\AppData\Local\{A0247D39-B9F0-4573-9FFA-0CB737FE470B}

2011-11-21 06:05:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{E3A73508-337C-40E3-A971-32ACF7B6B847}

2011-11-21 04:26:49 -------- d-----w- C:\Users\founder7231\AppData\Roaming\FEB9F

2011-11-21 04:26:15 -------- d-----w- C:\Users\founder7231\AppData\Roaming\B4CFE

2011-11-21 04:26:13 -------- d-----w- C:\Users\founder7231\AppData\Roaming\BsssQJJ6dK

2011-11-21 04:26:12 -------- d-----w- C:\Users\founder7231\AppData\Roaming\zccAA1uvD2ob4pG

2011-11-21 04:26:09 -------- d-----w- C:\Users\founder7231\AppData\Roaming\ozzONyyxA0uv2iF

2011-11-21 04:26:07 -------- d-----w- C:\Users\founder7231\AppData\Roaming\uJJJ77dEK8gR

2011-11-21 04:26:07 -------- d-----w- C:\Users\founder7231\AppData\Roaming\oPPNNyccA1u

2011-11-20 23:06:57 -------- d-----w- C:\Users\founder7231\AppData\Local\{A5B45029-7FD3-451C-89B2-499BE009747E}

2011-11-20 23:06:47 -------- d-----w- C:\Users\founder7231\AppData\Local\{70C977AC-5EAB-4F65-BDC6-560D29F57E0E}

2011-11-20 05:07:00 -------- d-----w- C:\Users\founder7231\AppData\Local\{628B09A7-9E36-4782-BA76-5157EEB9B8B6}

2011-11-20 05:06:49 -------- d-----w- C:\Users\founder7231\AppData\Local\{2C15D511-EE7D-4A5A-98E2-3402BA9F3F6E}

2011-11-20 04:21:52 -------- d-----w- C:\Users\founder7231\AppData\Local\{04111364-CFA4-4CFC-B484-64E884E3EE45}

2011-11-20 04:21:41 -------- d-----w- C:\Users\founder7231\AppData\Local\{374FD8A5-4186-4665-A408-0F5C894175D3}

2011-11-19 07:42:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A38FB65C-1A7D-4EA3-B7DA-6644DB0A6C42}\mpengine.dll

2011-11-19 07:37:18 -------- d-----w- C:\Users\founder7231\AppData\Local\{78DF5E65-8674-4ED5-B097-2ACC7F81FA01}

2011-11-19 07:37:05 -------- d-----w- C:\Users\founder7231\AppData\Local\{AB3A057F-3A3A-4E52-9038-4C372EA9D68F}

2011-11-17 03:41:27 -------- d-----w- C:\Users\founder7231\AppData\Local\{95CE71F2-6FEE-4649-B589-A7A9F46BD34F}

2011-11-17 03:41:17 -------- d-----w- C:\Users\founder7231\AppData\Local\{5CB8717C-844D-4E8D-9ADC-70982B518586}

2011-11-16 02:33:58 -------- d-----w- C:\Users\founder7231\AppData\Local\{8C496FFB-261C-40BE-A59C-032E24D268A7}

2011-11-16 02:33:47 -------- d-----w- C:\Users\founder7231\AppData\Local\{F5E14D19-4DB4-4CF2-AD7B-8936B982CB8A}

2011-11-14 00:23:16 -------- d-----w- C:\Users\founder7231\AppData\Local\{893DC89A-C2D2-4EDA-9ED7-898B941B84C5}

2011-11-14 00:23:06 -------- d-----w- C:\Users\founder7231\AppData\Local\{9F993F26-AC53-475A-81D9-CB7F65CE14F4}

.

==================== Find3M ====================

.

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys

2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 22:52:23.39 ===============

Link to post
Share on other sites

Ok, I got hit twice after Combofix. At first after Combofix, everything seemed fine, and switch user feature for Windows account finally worked also.

I don't know what the problem is, but like some malewares has been managing to latch on to the system somehow and disables Malwarebyte and other apps like Outlook Express and Word get disabled. I have been able to track source to user app local folder from Task Manager and deleted the images but it seems to happen every so often. And I been having to reinstall Malewarebytes after I get hit by maleware, somethings seems to get on system to block apps from opening or something.

I got hit first by like Windows 7 Security 2012 and then Windows 7 Antispyware 2012.

Link to post
Share on other sites

ComboFix 11-12-20.04 - founder7231 12/20/2011 21:10:37.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2454 [GMT -5:00]

Running from: c:\users\founder7231\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))

.

.

2011-12-21 02:27 . 2011-12-21 02:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-21 02:27 . 2011-12-21 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-20 22:09 . 2011-12-20 22:09 -------- d-----w- c:\windows\system32\Macromed

2011-12-16 01:37 . 2011-12-21 02:27 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-12-14 23:45 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-14 23:45 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-14 23:45 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-14 23:45 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-14 23:45 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-14 23:45 . 2011-12-14 23:45 -------- d-----w- c:\program files\AVAST Software

2011-12-14 23:44 . 2011-12-14 23:44 -------- d-----w- c:\programdata\AVAST Software

2011-12-13 23:15 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-13 23:15 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-13 23:15 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-13 23:15 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-13 23:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-13 23:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-08 06:36 . 2011-12-17 02:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-01 04:48 . 2011-12-01 04:48 -------- d-----w- C:\found.001

2011-12-01 01:42 . 2011-12-01 01:43 -------- d-----w- c:\users\TEMP

2011-12-01 00:16 . 2011-12-01 00:16 -------- d-----w- C:\found.000

2011-11-27 02:54 . 2011-11-27 02:54 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes

2011-11-26 08:25 . 2011-11-26 08:25 -------- d-----w- c:\program files (x86)\FEB9F

2011-11-25 06:16 . 2011-11-25 06:16 -------- d-----w- c:\users\founder7231\AppData\Roaming\Z33oonF4a

2011-11-25 06:16 . 2011-11-25 06:16 -------- d-----w- c:\users\founder7231\AppData\Roaming\OivvDD3onF4aH5W

2011-11-25 06:16 . 2011-11-25 06:31 -------- d-----w- c:\users\founder7231\AppData\Roaming\PrrzzONNtx0uc2i

2011-11-25 06:16 . 2011-11-25 06:16 -------- d-----w- c:\users\founder7231\AppData\Roaming\eGG55aQHHdWK7R9

2011-11-24 04:28 . 2011-11-24 04:28 -------- d-----w- c:\users\founder7231\AppData\Roaming\dUCelIPNy1v2

2011-11-24 04:28 . 2011-11-24 04:28 -------- d-----w- c:\users\founder7231\AppData\Roaming\BpmG5aQJ6W

2011-11-24 03:42 . 2011-11-24 04:51 -------- d-----w- C:\amv convert

2011-11-21 04:26 . 2011-11-26 08:52 -------- d-----w- c:\users\founder7231\AppData\Roaming\FEB9F

2011-11-21 04:26 . 2011-11-28 02:40 -------- d-----w- c:\users\founder7231\AppData\Roaming\B4CFE

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\BsssQJJ6dK

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\zccAA1uvD2ob4pG

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\ozzONyyxA0uv2iF

2011-11-21 04:26 . 2011-11-24 04:49 -------- d-----w- c:\users\founder7231\AppData\Roaming\oPPNNyccA1u

2011-11-21 04:26 . 2011-11-21 04:26 -------- d-----w- c:\users\founder7231\AppData\Roaming\uJJJ77dEK8gR

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-20 22:10 . 2011-05-29 06:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-28 18:01 . 2010-06-07 01:34 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 17:52 . 2010-06-07 01:34 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2010-06-07 01:34 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2010-06-07 01:34 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-10-14 03:02 . 2011-10-14 03:02 3949320 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.0.822.0oemBingBarSetup-Partner.EXE

2011-10-07 04:16 . 2011-11-19 07:42 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38FB65C-1A7D-4EA3-B7DA-6644DB0A6C42}\mpengine.dll

2011-09-29 16:29 . 2011-11-09 20:22 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-12-16_01.35.42 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-12-16 01:20 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-12-21 02:05 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-28 09:31 . 2011-12-19 21:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-28 09:31 . 2011-12-14 09:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-28 09:31 . 2011-12-14 09:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-28 09:31 . 2011-12-19 21:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-19 21:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-14 09:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2011-12-17 01:16 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-12-20 22:10 . 2011-12-20 22:10 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

+ 2011-12-20 22:10 . 2011-12-20 22:10 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll

+ 2009-07-14 04:54 . 2011-12-21 02:05 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-16 01:20 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-10 23:58 . 2011-12-21 01:53 306738 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

- 2009-07-14 02:36 . 2011-12-16 01:27 660280 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-19 07:14 660280 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-12-19 07:14 121208 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-12-16 01:27 121208 c:\windows\system32\perfc009.dat

+ 2011-12-20 22:09 . 2011-12-20 22:09 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe

+ 2011-12-20 22:09 . 2011-12-20 22:09 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.dll

+ 2009-07-14 04:54 . 2011-12-21 02:05 2457600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-16 01:20 2457600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]

c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\program files (x86)\Ahead\InCD\InCD.exe" [2003-11-25 1232946]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-03-20 273544]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\founder7231\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klartew]

2011-11-29 21:27 11264 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\klartew.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [x]

R3 CEDRIVER60;CEDRIVER60;c:\program files (x86)\Cheat Engine 6\dbk64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-15 1431888]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100518.002\IDSvia64.sys [2010-05-18 463408]

S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-10-29 117640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 04:50]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 04:50]

.

2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811944950-3358311789-1212778198-1000Core.job

- c:\users\founder7231\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 13:00]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3811944950-3358311789-1212778198-1000UA.job

- c:\users\founder7231\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-15 13:00]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

FF - ProfilePath - c:\users\founder7231\AppData\Roaming\Mozilla\Firefox\Profiles\qaf8rdjb.default\

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers\YontooIEClient.dll

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-20 22:14:16

ComboFix-quarantined-files.txt 2011-12-21 03:14

ComboFix2.txt 2011-12-16 01:37

ComboFix3.txt 2011-12-13 03:32

.

Pre-Run: 599,163,830,272 bytes free

Post-Run: 599,288,913,920 bytes free

.

- - End Of File - - F19A9BA3C1AF638AAB96BBF0F540CF22

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

How are things running now?

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.