Jump to content

Malwarebytes finds zero issues, but getting a credit card pop up when I visit any secure page


Recommended Posts

One of our users has a pretty nasty spyware, latest Symantec Endpoint Protection finds nothing, Spybot Search and Destory finds nothing and even Malwarebytes finds nothing. Nothing obvious in the registry, but every thing she visits pages that are ssl (such as Amazon's check out page), it pops up an EXTRA window asking for a credit card that goes to ispwell.com

Here's the hijack this log, hope you can help out:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:40:34 AM, on 11/29/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Windows\system32\rdpclip.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\alexish\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fedcja.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa.fcja.org:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Armeuz] C:\Users\alexish\AppData\Roaming\Kuivuc\obwa.exe

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fcja.org

O17 - HKLM\Software\..\Telephony: DomainName = fcja.org

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fcja.org

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fcja.org

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--

End of file - 6908 bytes

Link to post
Share on other sites

Run the following:

download OTM by OldTimer.

Alternative Mirror 1

Alternative Mirror 2

Save it to your desktop.

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Armeuz"
    :Files
    ipconfig /flushdns /c
    C:\Users\alexish\AppData\Roaming\Kuivuc\obwa.exe
    C:\Users\alexish\AppData\Roaming\Kuivuc
    :Commands
    [EmptyTemp]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Update Malwarebytes, run quick scan. Post that log...

Kevin

Link to post
Share on other sites

OTM actually froze when I clicked MOVEit, the last thing I saw on the screen was

"ALL PROCESSES KILLED"

=======REGISTRY===========

and OTM didn't respond anymore.

I forced a shutdown -r after waiting 5 minutes for it to respond, it didn't. Went into the registry and the entry was still there, if I manually DELETED it with regedit,

The registry key with the spyware in it HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

C:\Users\alexish\AppData\Roaming\Kuivuc\obwa.exe

This would keep coming back every few seconds, the OTM couldn't even kill the process (wow).

So, I took your idea and went differently with it. I logged in as local admin in Windows 7 Safe Mode, the spyware didn't launch (badly written I guess, lucky me). I removed the registry key myself and deleted the file in your paste and rebooted with the user profile, it's gone.

Thank you very much for your help and hope this post will help someone else that googles for it. I really appreciate it!

Link to post
Share on other sites

Hijack log here, you'll have to wait an hour for the scan to finish with Malwarebytes (in case there are other issues).

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:22:17 PM, on 11/29/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\rdpclip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\alexish\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fedcja.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isa.fcja.org:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fcja.org

O17 - HKLM\Software\..\Telephony: DomainName = fcja.org

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fcja.org

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fcja.org

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--

End of file - 7099 bytes

Link to post
Share on other sites

Let me see the Malwarebytes log when you`re ready, also runn DDS when MB is finished and post the two logs it produces...

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Link to post
Share on other sites

Thanks again for all your help! I fixed the two issues in the Malwarebytes by the way.

Logs you requested:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.29.09

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

alexish :: ALEXISH1 [administrator]

11/29/2012 1:23:33 PM

mbam-log-2012-11-29 (13-23-33).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 343981

Time elapsed: 38 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/27/2011 11:51:32 AM

System Uptime: 11/29/2012 1:19:36 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0GDG8Y

Processor: Intel® Core i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 220 GiB total, 168.747 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP83: 11/2/2012 3:29:50 PM - Windows Update

RP84: 11/12/2012 1:12:53 PM - Scheduled Checkpoint

RP85: 11/20/2012 1:30:08 PM - Scheduled Checkpoint

RP86: 11/27/2012 1:43:34 PM - Scheduled Checkpoint

RP87: 11/28/2012 2:44:38 PM - Installed Java 7 Update 9

RP88: 11/28/2012 2:46:59 PM - Removed Java 6 Update 32

RP89: 11/28/2012 4:31:52 PM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 9.20

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

BookSmart® 3.2.3 3.2.3

Conexant HD Audio

CutePDF Writer 2.7

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

FRx 6.7 (C:\Program Files\FRx Software\FRx 6.7)

Google Chrome

Google Update Helper

Java 7 Update 9

Kyocera Product Library

Lexmark Software Uninstall

LiveUpdate 3.3 (Symantec Corporation)

Living Cookbook 2011

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Firewall Client

Microsoft FRx 6.7 Programmability Support

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Project Professional 2003

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Realtek Ethernet Controller Driver

Sage Fundraising 100 - Workstation Setup 9.02

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Spybot - Search & Destroy

Symantec Endpoint Protection

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

11/29/2012 12:56:29 PM, Error: Service Control Manager [7034] - The Firewall Client Agent service terminated unexpectedly. It has done this 1 time(s).

11/29/2012 12:54:05 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

11/29/2012 12:53:23 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/29/2012 12:53:23 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

11/29/2012 1:04:39 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

11/29/2012 1:04:16 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

11/29/2012 1:02:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/29/2012 1:02:40 PM, Error: Service Control Manager [7034] - The lmab_device service terminated unexpectedly. It has done this 1 time(s).

11/28/2012 8:55:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by alexish at 14:04:38 on 2012-11-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2979.1740 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe

C:\Windows\system32\LMabcoms.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\rdpclip.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Lexmark\ErrorApp\lmab1err.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://fedcja.net/

uProxyServer = isa.fcja.org:8080

uProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [LMab1err] c:\program files\lexmark\errorapp\LMab1err.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoSMBalloonTip = dword:1

uPolicies-Explorer: NoSMConfigurePrograms = dword:1

uPolicies-Explorer: NoRecentDocsNetHood = dword:1

uPolicies-Explorer: NoActiveDesktop = dword:1

uPolicies-Explorer: NoWebServices = dword:1

uPolicies-Explorer: NoOnlinePrintsWizard = dword:1

uPolicies-Explorer: NoWelcomeScreen = dword:1

uPolicies-Explorer: NoThumbnailCache = dword:1

uPolicies-Explorer: NoStartMenuMyMusic = dword:1

uPolicies-Explorer: DisallowRun = dword:1

uPolicies-DisallowRun: 1 = acl.exe

uPolicies-DisallowRun: 2 = MarioForever.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableBkGndGroupPolicy = dword:1

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

TCP: NameServer = 192.168.128.14 192.168.128.15

TCP: Interfaces\{A78ED552-D9A9-4DC1-BED2-EA6F79338184} : DHCPNameServer = 192.168.128.14 192.168.128.15

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R2 FwcAgent;Firewall Client Agent;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-11-8 1839776]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-10-27 328808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-2 14848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-2 49664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-27 1343400]

.

=============== Created Last 30 ================

.

2012-11-29 17:33:13 -------- d-----w- C:\_OTM

2012-11-29 13:37:48 -------- d-----w- c:\users\alexish\appdata\local\{9343FBBD-7A6F-448C-A59E-376438911177}

2012-11-28 21:35:14 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-28 21:35:13 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-28 21:35:13 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-28 21:34:35 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-28 21:34:35 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-28 21:34:33 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-28 21:34:33 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-28 21:34:31 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-28 21:34:30 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-28 21:34:30 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-28 21:30:59 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-11-28 21:29:22 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-28 21:29:22 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-28 21:29:20 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-11-28 20:26:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-28 20:26:53 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-28 19:45:36 -------- d-----w- c:\windows\system32\appmgmt

2012-11-28 19:45:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-28 19:43:13 -------- d-----w- c:\users\alexish\appdata\roaming\Malwarebytes

2012-11-28 19:43:07 -------- d-----w- c:\programdata\Malwarebytes

2012-11-28 19:43:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 19:43:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-28 13:53:35 -------- d-----w- c:\users\alexish\appdata\local\{94576ADB-C910-47F3-9C4F-87C85B64AE40}

2012-11-27 14:04:46 -------- d-----w- c:\users\alexish\appdata\local\{D3D57A50-100C-4BE2-9C83-9E02997E296E}

2012-11-26 14:44:18 -------- d-----w- c:\users\alexish\appdata\local\{104E0F2A-74D7-43F8-830A-212BECFF7F08}

2012-11-23 13:31:46 -------- d-----w- c:\users\alexish\appdata\local\Google

2012-11-23 13:30:26 -------- d-----w- c:\users\alexish\appdata\local\{08B7C41E-99A8-4595-933E-CD8C981F484E}

2012-11-22 13:31:09 -------- d-----w- c:\users\alexish\appdata\local\{75D0990F-AE30-4E05-8004-723420F7E3FA}

2012-11-21 13:44:20 -------- d-----w- c:\users\alexish\appdata\local\{32BEFB30-828C-469F-BFBD-7E90CDAC9144}

2012-11-20 13:53:22 -------- d-----w- c:\users\alexish\appdata\local\{1E87E354-FAC5-4C52-B0F4-1B823B493BBF}

2012-11-19 13:44:06 -------- d-----w- c:\users\alexish\appdata\local\{BE255A0E-CF34-4D13-B68D-EA077BB68E4D}

2012-11-16 13:35:50 -------- d-----w- c:\users\alexish\appdata\local\{DEF7C647-088E-40BE-A65C-D05A8596D731}

2012-11-15 13:46:24 -------- d-----w- c:\users\alexish\appdata\local\{72DDF69D-9375-4E59-8FF4-794597396BC8}

2012-11-14 13:53:14 -------- d-----w- c:\users\alexish\appdata\local\{221E7A18-4961-4D21-9565-EE79956B18AB}

2012-11-13 13:48:17 -------- d-----w- c:\users\alexish\appdata\local\{6BFF7F0A-E678-4B8F-944A-7C2C72D857B0}

2012-11-12 13:43:57 -------- d-----w- c:\users\alexish\appdata\local\{098DB909-CE27-4A55-BA12-E07F68F4BD6B}

2012-11-09 14:15:41 -------- d-----w- c:\users\alexish\appdata\local\{021B93CE-DDA5-4308-937C-806E07FB2351}

2012-11-08 13:25:17 -------- d-----w- c:\users\alexish\appdata\local\{8D699A81-6B6A-4221-B701-BDC6821415A6}

2012-11-07 13:06:24 -------- d-----w- c:\users\alexish\appdata\local\{D9117423-8ECE-4A19-A988-FAB2E4C09EA8}

2012-11-06 13:54:14 -------- d-----w- c:\users\alexish\appdata\local\{3B0FC483-BE4C-4DDB-934E-AB5373EA6625}

2012-11-05 13:45:24 -------- d-----w- c:\users\alexish\appdata\local\{7210E0A0-8A52-4692-BA9D-5D6BD76C060E}

2012-11-02 19:32:44 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 19:31:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-11-02 19:31:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-11-02 19:31:41 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-11-02 19:31:11 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-11-02 19:30:44 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-11-02 19:30:34 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-11-02 19:30:33 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-11-02 19:30:17 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-11-02 19:30:17 247808 ----a-w- c:\windows\system32\schannel.dll

2012-11-02 19:30:17 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-02 19:30:17 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-11-02 19:30:17 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-11-02 11:47:29 -------- d-----w- c:\users\alexish\appdata\local\{BF6F4656-F7F7-4D24-88E4-C4E4BD7EEEC4}

2012-11-01 12:17:23 -------- d-----w- c:\users\alexish\appdata\local\{DFC46E13-1865-48B9-BE40-C70493584FD8}

2012-10-31 12:43:18 -------- d-----w- c:\users\alexish\appdata\local\{D1020DEA-E5D8-4360-9055-B6932F7AB7F3}

.

==================== Find3M ====================

.

2012-11-28 19:45:01 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-28 19:45:01 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-23 13:31:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-23 13:31:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-28 04:52:20 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-09-25 22:47:43 78336 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 14:05:06.20 ===============

Link to post
Share on other sites

Hey, thanks very much for the kind gesture... You`ll need to UNinstallremove OTM and its folders.. Run it like so:

  • Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
  • While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  • It should ask if you want to clean up, select Yes and allow the system to clean up these items. (and itself)

I`ll get one of the mods to close this thread out, take care...

Kevin

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.