Jump to content

blocking outgoing ie ports


cosmo4u

Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Glover1 at 13:53:18 on 2011-11-15

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3887.1342 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Glover1\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://mail.google.com/a/opportunitycharter.org/#inbox

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry

uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

uRun: [Google Update] "C:\Users\Glover1\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Glover1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\Glover1\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{88693885-F3F2-440E-B7F5-A7B755795BC2} : DhcpNameServer = 10.9.78.203 10.9.78.200

TCP: Interfaces\{88693885-F3F2-440E-B7F5-A7B755795BC2}\F6363713 : DhcpNameServer = 167.206.245.129 167.206.245.130

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Glover1\AppData\Roaming\Mozilla\Firefox\Profiles\xjvj8f46.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Users\Glover1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111112.030\IDSviA64.sys [2011-11-15 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-9 138760]

R2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2011-11-15 18:45:56 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-14 17:35:26 165232 ---ha-w- C:\Users\Glover1\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll

2011-11-14 17:28:44 -------- d-----w- C:\Program Files (x86)\Microsoft Virtual PC

2011-11-09 12:33:18 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 12:33:18 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 12:33:18 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 12:33:16 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 12:31:17 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys

2011-11-09 12:31:17 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys

2011-11-09 12:31:17 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys

2011-11-09 12:31:17 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys

2011-11-09 12:31:16 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys

2011-11-09 12:31:16 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys

2011-11-09 12:31:16 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys

2011-11-09 12:31:09 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A

2011-11-04 15:39:59 -------- d-----w- C:\Users\Glover1\AppData\Roaming\Xilisoft

2011-11-04 15:39:10 -------- d-----w- C:\ProgramData\Xilisoft

2011-11-04 15:39:10 -------- d-----w- C:\Program Files (x86)\Xilisoft

2011-11-04 13:46:57 -------- d-----w- C:\output media

2011-11-04 13:46:02 -------- d-----w- C:\Program Files (x86)\Free Convert DIVX AVI to MOV MPEG WMV Converter

2011-11-04 13:45:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-10-31 13:42:03 90112 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge.dll

2011-10-31 13:42:03 32768 ----a-w- C:\Windows\SysWow64\JAWTAccessBridge.dll

2011-10-31 13:42:03 167936 ----a-w- C:\Windows\SysWow64\JavaAccessBridge.dll

2011-10-31 13:41:21 -------- d-----w- C:\SkillSoft

2011-10-27 12:44:45 -------- d-----w- C:\Program Files (x86)\Amazon

2011-10-26 11:31:41 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-26 11:31:41 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-19 15:02:15 -------- d-sh--w- C:\found.000

2011-10-17 13:13:59 -------- d-----w- C:\Users\Glover1\AppData\Roaming\Intel Corporation

2011-10-17 13:09:01 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys

.

==================== Find3M ====================

.

2011-10-15 11:41:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-13 00:51:29 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-01 00:08:50 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2011-09-01 00:08:48 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2011-09-01 00:08:44 416024 ----a-w- C:\Windows\System32\igfxpers.exe

2011-09-01 00:08:42 239896 ----a-w- C:\Windows\System32\igfxext.exe

2011-09-01 00:08:34 392472 ----a-w- C:\Windows\System32\hkcmd.exe

2011-09-01 00:08:24 4378392 ----a-w- C:\Windows\System32\GfxUI.exe

2011-09-01 00:08:22 179992 ----a-w- C:\Windows\System32\difx64.exe

2011-08-31 23:58:50 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2509.dll

2011-08-31 23:53:22 12306848 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2011-08-31 23:53:20 8312320 ----a-w- C:\Windows\System32\igdumd64.dll

2011-08-31 23:51:16 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2011-08-31 23:51:16 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2011-08-31 23:51:16 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2011-08-31 23:51:16 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2011-08-31 23:51:16 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2011-08-31 23:51:16 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2011-08-31 23:47:42 6322688 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2011-08-31 23:45:02 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2011-08-31 23:42:42 14598656 ----a-w- C:\Windows\System32\igd10umd64.dll

2011-08-31 23:37:18 12340224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2011-08-31 23:31:14 18641408 ----a-w- C:\Windows\System32\ig4icd64.dll

2011-08-31 23:26:20 13903872 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2011-08-31 23:21:50 375808 ----a-w- C:\Windows\System32\igfxpph.dll

2011-08-31 23:21:46 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2011-08-31 23:21:40 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2011-08-31 23:21:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2011-08-31 23:20:58 110080 ----a-w- C:\Windows\System32\hccutils.dll

2011-08-31 23:20:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2011-08-31 23:20:50 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2011-08-31 23:20:48 390144 ----a-w- C:\Windows\System32\igfxdev.dll

2011-08-31 23:20:14 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2011-08-31 23:20:08 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2011-08-31 23:20:08 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2011-08-31 23:16:32 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2011-08-31 23:15:46 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2011-08-31 23:13:52 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2011-08-31 23:13:52 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2011-08-31 23:13:52 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2011-08-31 23:13:52 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2011-08-31 23:13:52 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2011-08-31 23:13:52 162816 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2011-08-31 23:13:52 140288 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 13:53:42.96 ===============

im hoping someone could tell me why im getting IE outgoing ports blocked from ip addresses on mbam. i looked up to the ip addresses and most of them seemed to be on suspect lists with palevo attached to them.. any help or ideas would be appreciated

Attach.rar

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

updated mbam results:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8207

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

11/21/2011 8:56:06 AM

mbam-log-2011-11-21 (08-56-06).txt

Scan type: Quick scan

Objects scanned: 184926

Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Glover1 at 8:58:04 on 2011-11-21

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3887.545 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft Virtual PC\Virtual PC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

N:\Newsbin\Newsbinpro64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://mail.google.com/a/opportunitycharter.org/#inbox

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

uRun: [Google Update] "C:\Users\Glover1\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.9.78.203 10.9.78.200

TCP: Interfaces\{88693885-F3F2-440E-B7F5-A7B755795BC2} : DhcpNameServer = 10.9.78.203 10.9.78.200

TCP: Interfaces\{88693885-F3F2-440E-B7F5-A7B755795BC2}\F6363713 : DhcpNameServer = 167.206.245.129 167.206.245.130

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO-X64: dTPodcastBHO - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Glover1\AppData\Roaming\Mozilla\Firefox\Profiles\xjvj8f46.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Users\Glover1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111118.030\IDSviA64.sys [2011-11-19 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13336]

R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-9 138760]

R2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2011-11-21 13:48:14 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-16 12:44:30 -------- d-----w- C:\Windows\pss

2011-11-15 22:24:41 294232 ----a-w- C:\Windows\System32\drivers\VMM.sys

2011-11-15 22:03:27 -------- d-----w- C:\Users\Glover1\AppData\Local\doubleTwist Corporation

2011-11-15 22:03:23 -------- d-----w- C:\Program Files (x86)\Common Files\doubleTwist

2011-11-15 22:03:16 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll

2011-11-15 22:03:16 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-11-15 22:03:15 -------- d-----w- C:\Program Files (x86)\ffdshow

2011-11-15 21:59:53 -------- d-----w- C:\Program Files (x86)\doubleTwist 2.0

2011-11-14 17:35:26 165232 ---ha-w- C:\Users\Glover1\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll

2011-11-14 17:28:44 -------- d-----w- C:\Program Files (x86)\Microsoft Virtual PC

2011-11-09 12:33:18 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 12:33:18 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 12:33:18 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 12:33:16 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 12:31:17 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys

2011-11-09 12:31:17 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys

2011-11-09 12:31:17 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys

2011-11-09 12:31:17 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys

2011-11-09 12:31:16 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys

2011-11-09 12:31:16 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys

2011-11-09 12:31:16 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys

2011-11-09 12:31:09 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A

2011-11-04 15:39:59 -------- d-----w- C:\Users\Glover1\AppData\Roaming\Xilisoft

2011-11-04 15:39:10 -------- d-----w- C:\ProgramData\Xilisoft

2011-11-04 15:39:10 -------- d-----w- C:\Program Files (x86)\Xilisoft

2011-11-04 13:46:57 -------- d-----w- C:\output media

2011-11-04 13:46:02 -------- d-----w- C:\Program Files (x86)\Free Convert DIVX AVI to MOV MPEG WMV Converter

2011-11-04 13:45:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-10-31 13:42:03 90112 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge.dll

2011-10-31 13:42:03 32768 ----a-w- C:\Windows\SysWow64\JAWTAccessBridge.dll

2011-10-31 13:42:03 167936 ----a-w- C:\Windows\SysWow64\JavaAccessBridge.dll

2011-10-31 13:41:21 -------- d-----w- C:\SkillSoft

2011-10-27 12:44:45 -------- d-----w- C:\Program Files (x86)\Amazon

2011-10-26 11:31:41 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-26 11:31:41 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

.

==================== Find3M ====================

.

2011-10-15 11:41:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-13 00:51:29 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-01 00:08:50 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2011-09-01 00:08:48 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2011-09-01 00:08:44 416024 ----a-w- C:\Windows\System32\igfxpers.exe

2011-09-01 00:08:42 239896 ----a-w- C:\Windows\System32\igfxext.exe

2011-09-01 00:08:34 392472 ----a-w- C:\Windows\System32\hkcmd.exe

2011-09-01 00:08:24 4378392 ----a-w- C:\Windows\System32\GfxUI.exe

2011-09-01 00:08:22 179992 ----a-w- C:\Windows\System32\difx64.exe

2011-08-31 23:58:50 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2509.dll

2011-08-31 23:53:22 12306848 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2011-08-31 23:53:20 8312320 ----a-w- C:\Windows\System32\igdumd64.dll

2011-08-31 23:51:16 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2011-08-31 23:51:16 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2011-08-31 23:51:16 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2011-08-31 23:51:16 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2011-08-31 23:51:16 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2011-08-31 23:51:16 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2011-08-31 23:47:42 6322688 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2011-08-31 23:45:02 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2011-08-31 23:42:42 14598656 ----a-w- C:\Windows\System32\igd10umd64.dll

2011-08-31 23:37:18 12340224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2011-08-31 23:31:14 18641408 ----a-w- C:\Windows\System32\ig4icd64.dll

2011-08-31 23:26:20 13903872 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2011-08-31 23:21:50 375808 ----a-w- C:\Windows\System32\igfxpph.dll

2011-08-31 23:21:46 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2011-08-31 23:21:40 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2011-08-31 23:21:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2011-08-31 23:20:58 110080 ----a-w- C:\Windows\System32\hccutils.dll

2011-08-31 23:20:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2011-08-31 23:20:50 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2011-08-31 23:20:48 390144 ----a-w- C:\Windows\System32\igfxdev.dll

2011-08-31 23:20:14 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2011-08-31 23:20:08 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2011-08-31 23:20:08 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2011-08-31 23:16:32 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2011-08-31 23:15:46 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2011-08-31 23:13:52 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2011-08-31 23:13:52 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2011-08-31 23:13:52 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2011-08-31 23:13:52 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2011-08-31 23:13:52 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2011-08-31 23:13:52 162816 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2011-08-31 23:13:52 140288 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 8:59:26.13 ===============

Attach.rar

Link to post
Share on other sites

updated mbam results:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8207

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

11/21/2011 8:56:06 AM

mbam-log-2011-11-21 (08-56-06).txt

Scan type: Quick scan

Objects scanned: 184926

Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Glover1 at 8:58:04 on 2011-11-21

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3887.545 [GMT -5:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Microsoft Virtual PC\Virtual PC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

N:\Newsbin\Newsbinpro64.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://mail.google.com/a/opportunitycharter.org/#inbox

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

uRun: [Google Update] "C:\Users\Glover1\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.9.78.203 10.9.78.200

TCP: Interfaces\{88693885-F3F2-440E-B7F5-A7B755795BC2} : DhcpNameServer = 10.9.78.203 10.9.78.200

TCP: Interfaces\{88693885-F3F2-440E-B7F5-A7B755795BC2}\F6363713 : DhcpNameServer = 167.206.245.129 167.206.245.130

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

BHO-X64: dTPodcastBHO - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Glover1\AppData\Roaming\Mozilla\Firefox\Profiles\xjvj8f46.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Users\Glover1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111118.030\IDSviA64.sys [2011-11-19 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13336]

R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-13 366152]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-9 138760]

R2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

.

=============== Created Last 30 ================

.

2011-11-21 13:48:14 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-11-16 12:44:30 -------- d-----w- C:\Windows\pss

2011-11-15 22:24:41 294232 ----a-w- C:\Windows\System32\drivers\VMM.sys

2011-11-15 22:03:27 -------- d-----w- C:\Users\Glover1\AppData\Local\doubleTwist Corporation

2011-11-15 22:03:23 -------- d-----w- C:\Program Files (x86)\Common Files\doubleTwist

2011-11-15 22:03:16 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll

2011-11-15 22:03:16 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2011-11-15 22:03:15 -------- d-----w- C:\Program Files (x86)\ffdshow

2011-11-15 21:59:53 -------- d-----w- C:\Program Files (x86)\doubleTwist 2.0

2011-11-14 17:35:26 165232 ---ha-w- C:\Users\Glover1\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll

2011-11-14 17:28:44 -------- d-----w- C:\Program Files (x86)\Microsoft Virtual PC

2011-11-09 12:33:18 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 12:33:18 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 12:33:18 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 12:33:16 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-09 12:31:17 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1302000.00A\symds64.sys

2011-11-09 12:31:17 401016 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symnets.sys

2011-11-09 12:31:17 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtspx64.sys

2011-11-09 12:31:17 1084024 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\symefa64.sys

2011-11-09 12:31:16 729720 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\srtsp64.sys

2011-11-09 12:31:16 189560 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ironx64.sys

2011-11-09 12:31:16 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1302000.00A\ccsetx64.sys

2011-11-09 12:31:09 -------- d-----w- C:\Windows\System32\drivers\NISx64\1302000.00A

2011-11-04 15:39:59 -------- d-----w- C:\Users\Glover1\AppData\Roaming\Xilisoft

2011-11-04 15:39:10 -------- d-----w- C:\ProgramData\Xilisoft

2011-11-04 15:39:10 -------- d-----w- C:\Program Files (x86)\Xilisoft

2011-11-04 13:46:57 -------- d-----w- C:\output media

2011-11-04 13:46:02 -------- d-----w- C:\Program Files (x86)\Free Convert DIVX AVI to MOV MPEG WMV Converter

2011-11-04 13:45:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-10-31 13:42:03 90112 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge.dll

2011-10-31 13:42:03 32768 ----a-w- C:\Windows\SysWow64\JAWTAccessBridge.dll

2011-10-31 13:42:03 167936 ----a-w- C:\Windows\SysWow64\JavaAccessBridge.dll

2011-10-31 13:41:21 -------- d-----w- C:\SkillSoft

2011-10-27 12:44:45 -------- d-----w- C:\Program Files (x86)\Amazon

2011-10-26 11:31:41 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-26 11:31:41 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

.

==================== Find3M ====================

.

2011-10-15 11:41:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-13 00:51:29 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-01 00:08:50 167704 ----a-w- C:\Windows\System32\igfxtray.exe

2011-09-01 00:08:48 510232 ----a-w- C:\Windows\System32\igfxsrvc.exe

2011-09-01 00:08:44 416024 ----a-w- C:\Windows\System32\igfxpers.exe

2011-09-01 00:08:42 239896 ----a-w- C:\Windows\System32\igfxext.exe

2011-09-01 00:08:34 392472 ----a-w- C:\Windows\System32\hkcmd.exe

2011-09-01 00:08:24 4378392 ----a-w- C:\Windows\System32\GfxUI.exe

2011-09-01 00:08:22 179992 ----a-w- C:\Windows\System32\difx64.exe

2011-08-31 23:58:50 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2509.dll

2011-08-31 23:53:22 12306848 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2011-08-31 23:53:20 8312320 ----a-w- C:\Windows\System32\igdumd64.dll

2011-08-31 23:51:16 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin

2011-08-31 23:51:16 867020 ----a-w- C:\Windows\System32\igkrng575.bin

2011-08-31 23:51:16 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin

2011-08-31 23:51:16 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin

2011-08-31 23:51:16 105608 ----a-w- C:\Windows\SysWow64\igfcg575m.bin

2011-08-31 23:51:16 105608 ----a-w- C:\Windows\System32\igfcg575m.bin

2011-08-31 23:47:42 6322688 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2011-08-31 23:45:02 581120 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2011-08-31 23:42:42 14598656 ----a-w- C:\Windows\System32\igd10umd64.dll

2011-08-31 23:37:18 12340224 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2011-08-31 23:31:14 18641408 ----a-w- C:\Windows\System32\ig4icd64.dll

2011-08-31 23:26:20 13903872 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2011-08-31 23:21:50 375808 ----a-w- C:\Windows\System32\igfxpph.dll

2011-08-31 23:21:46 378368 ----a-w- C:\Windows\System32\igfxTMM.dll

2011-08-31 23:21:40 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2011-08-31 23:21:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll

2011-08-31 23:20:58 110080 ----a-w- C:\Windows\System32\hccutils.dll

2011-08-31 23:20:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2011-08-31 23:20:50 146432 ----a-w- C:\Windows\System32\gfxSrvc.dll

2011-08-31 23:20:48 390144 ----a-w- C:\Windows\System32\igfxdev.dll

2011-08-31 23:20:14 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc

2011-08-31 23:20:08 9014784 ----a-w- C:\Windows\System32\igfxress.dll

2011-08-31 23:20:08 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2011-08-31 23:16:32 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2011-08-31 23:15:46 294400 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2011-08-31 23:13:52 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2011-08-31 23:13:52 98304 ----a-w- C:\Windows\System32\iglhcp64.dll

2011-08-31 23:13:52 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2011-08-31 23:13:52 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2011-08-31 23:13:52 376832 ----a-w- C:\Windows\System32\iglhsip64.dll

2011-08-31 23:13:52 162816 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2011-08-31 23:13:52 140288 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

.

============= FINISH: 8:59:26.13 ===============

ComboFix 11-11-20.02 - Glover1 11/21/2011 9:16.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3887.2562 [GMT -5:00]

Running from: c:\users\Glover1\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Glover1\AppData\Roaming\vso_ts_preview.xml

c:\users\Glover1\Desktop\thumb drive\images\_desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))

.

.

2011-11-21 14:22 . 2011-11-21 14:22 -------- d-----w- c:\users\melinda\AppData\Local\temp

2011-11-21 14:22 . 2011-11-21 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-15 22:24 . 2011-11-15 22:24 294232 ----a-w- c:\windows\system32\drivers\VMM.sys

2011-11-15 22:03 . 2011-11-15 22:03 -------- d-----w- c:\users\Glover1\AppData\Local\doubleTwist Corporation

2011-11-15 22:03 . 2011-11-15 22:03 -------- d-----w- c:\program files (x86)\Common Files\doubleTwist

2011-11-15 22:03 . 2008-12-18 00:22 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2011-11-15 22:03 . 2008-12-11 18:26 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll

2011-11-15 22:03 . 2011-11-15 22:03 -------- d-----w- c:\program files (x86)\ffdshow

2011-11-15 21:59 . 2011-11-15 22:03 -------- d-----w- c:\program files (x86)\doubleTwist 2.0

2011-11-14 19:27 . 2011-11-14 20:30 -------- d-----w- c:\users\Glover1\AppData\Roaming\Download Manager

2011-11-14 17:35 . 2011-11-16 16:48 165232 ---ha-w- c:\users\Glover1\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll

2011-11-14 17:28 . 2011-11-14 17:28 -------- d-----w- c:\program files (x86)\Microsoft Virtual PC

2011-11-09 12:33 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-09 12:33 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-09 12:33 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 12:33 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 12:31 . 2011-11-10 22:56 -------- d-----w- c:\windows\system32\drivers\NISx64\1302000.00A

2011-11-04 15:39 . 2011-11-04 15:39 -------- d-----w- c:\users\Glover1\AppData\Roaming\Xilisoft

2011-11-04 15:39 . 2011-11-04 15:39 -------- d-----w- c:\programdata\Xilisoft

2011-11-04 15:39 . 2011-11-04 15:39 -------- d-----w- c:\program files (x86)\Xilisoft

2011-11-04 13:54 . 2011-11-04 13:54 -------- d-----w- c:\users\Glover1\AppData\Roaming\Media Player Classic

2011-11-04 13:46 . 2011-11-04 15:34 -------- d-----w- C:\output media

2011-11-04 13:46 . 2011-11-04 15:35 -------- d-----w- c:\program files (x86)\Free Convert DIVX AVI to MOV MPEG WMV Converter

2011-11-04 13:45 . 2004-01-11 22:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-10-31 13:42 . 2011-10-31 13:41 90112 ----a-w- c:\windows\SysWow64\WindowsAccessBridge.dll

2011-10-31 13:42 . 2011-10-31 13:41 32768 ----a-w- c:\windows\SysWow64\JAWTAccessBridge.dll

2011-10-31 13:42 . 2011-10-31 13:41 167936 ----a-w- c:\windows\SysWow64\JavaAccessBridge.dll

2011-10-31 13:41 . 2011-10-31 13:41 -------- d-----w- C:\SkillSoft

2011-10-27 12:44 . 2011-10-27 12:44 -------- d-----w- c:\program files (x86)\Amazon

2011-10-26 11:31 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-10-26 11:31 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-10-25 18:32 . 2011-10-25 18:32 -------- d-----w- c:\users\melinda\AppData\Roaming\Intel Corporation

2011-10-24 13:00 . 2011-10-24 13:00 -------- d-----w- c:\program files (x86)\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-21 12:21 . 2011-06-15 15:38 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin

2011-10-15 11:41 . 2011-06-15 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-13 00:51 . 2011-06-15 16:32 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-10-03 09:06 . 2011-07-23 11:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-10-01 03:25 . 2011-10-12 11:37 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:42 . 2011-10-12 11:37 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-09-01 00:08 . 2011-09-01 00:08 167704 ----a-w- c:\windows\system32\igfxtray.exe

2011-09-01 00:08 . 2011-09-01 00:08 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-09-01 00:08 . 2011-09-01 00:08 416024 ----a-w- c:\windows\system32\igfxpers.exe

2011-09-01 00:08 . 2011-09-01 00:08 239896 ----a-w- c:\windows\system32\igfxext.exe

2011-09-01 00:08 . 2011-09-01 00:08 392472 ----a-w- c:\windows\system32\hkcmd.exe

2011-09-01 00:08 . 2011-09-01 00:08 4378392 ----a-w- c:\windows\system32\GfxUI.exe

2011-09-01 00:08 . 2011-09-01 00:08 179992 ----a-w- c:\windows\system32\difx64.exe

2011-08-31 23:58 . 2011-08-31 23:58 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll

2011-08-31 23:53 . 2011-08-31 23:53 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2011-08-31 23:53 . 2011-08-31 23:53 8312320 ----a-w- c:\windows\system32\igdumd64.dll

2011-08-31 23:51 . 2011-08-31 23:51 867020 ----a-w- c:\windows\system32\igkrng575.bin

2011-08-31 23:51 . 2011-08-31 23:51 128204 ----a-w- c:\windows\system32\igcompkrng575.bin

2011-08-31 23:51 . 2011-08-31 23:51 105608 ----a-w- c:\windows\system32\igfcg575m.bin

2011-08-31 23:47 . 2011-02-11 23:12 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll

2011-08-31 23:45 . 2011-02-11 23:09 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2011-08-31 23:42 . 2011-02-11 23:07 14598656 ----a-w- c:\windows\system32\igd10umd64.dll

2011-08-31 23:37 . 2011-08-31 23:37 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2011-08-31 23:31 . 2011-08-31 23:31 18641408 ----a-w- c:\windows\system32\ig4icd64.dll

2011-08-31 23:26 . 2011-08-31 23:26 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-08-31 23:22 . 2011-08-31 23:22 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-08-31 23:22 . 2011-08-31 23:22 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-08-31 23:22 . 2011-08-31 23:22 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2011-08-31 23:22 . 2011-08-31 23:22 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-08-31 23:22 . 2011-08-31 23:22 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-08-31 23:22 . 2011-08-31 23:22 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-08-31 23:22 . 2011-08-31 23:22 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-08-31 23:22 . 2011-08-31 23:22 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-08-31 23:22 . 2011-08-31 23:22 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-08-31 23:22 . 2011-08-31 23:22 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-08-31 23:22 . 2011-08-31 23:22 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2011-08-31 23:22 . 2011-08-31 23:22 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-08-31 23:22 . 2011-08-31 23:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-08-31 23:21 . 2011-02-11 22:46 375808 ----a-w- c:\windows\system32\igfxpph.dll

2011-08-31 23:21 . 2011-08-31 23:21 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2011-08-31 23:21 . 2011-08-31 23:21 28672 ----a-w- c:\windows\system32\igfxexps.dll

2011-08-31 23:21 . 2011-02-11 22:46 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-08-31 23:20 . 2011-02-11 22:45 110080 ----a-w- c:\windows\system32\hccutils.dll

2011-08-31 23:20 . 2011-08-31 23:20 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2011-08-31 23:20 . 2011-08-31 23:20 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2011-08-31 23:20 . 2011-08-31 23:20 390144 ----a-w- c:\windows\system32\igfxdev.dll

2011-08-31 23:20 . 2011-08-31 23:20 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-08-31 23:20 . 2011-08-31 23:20 142336 ----a-w- c:\windows\system32\igfxdo.dll

2011-08-31 23:20 . 2011-02-11 22:45 9014784 ----a-w- c:\windows\system32\igfxress.dll

2011-08-31 23:16 . 2011-08-31 23:16 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2011-08-31 23:15 . 2011-08-31 23:15 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2011-08-31 23:13 . 2011-08-31 23:13 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll

2011-08-31 23:13 . 2011-08-31 23:13 98304 ----a-w- c:\windows\system32\iglhcp64.dll

2011-08-31 23:13 . 2011-08-31 23:13 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll

2011-08-31 23:13 . 2011-08-31 23:13 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll

2011-08-31 23:13 . 2011-08-31 23:13 376832 ----a-w- c:\windows\system32\iglhsip64.dll

2011-08-31 23:13 . 2011-08-31 23:13 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2011-08-31 23:13 . 2011-08-31 23:13 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll

2011-08-31 21:00 . 2011-07-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 05:37 . 2011-10-12 11:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 05:37 . 2011-10-12 11:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-08-27 04:26 . 2011-10-12 11:37 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-27 04:26 . 2011-10-12 11:37 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111118.030\IDSvia64.sys [2011-10-12 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]

S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-03-11 52736]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262174008-1491182654-1775221262-1000Core.job

- c:\users\Glover1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 18:27]

.

2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2262174008-1491182654-1775221262-1000UA.job

- c:\users\Glover1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 18:27]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://mail.google.com/a/opportunitycharter.org/#inbox

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.9.78.203 10.9.78.200

FF - ProfilePath - c:\users\Glover1\AppData\Roaming\Mozilla\Firefox\Profiles\xjvj8f46.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-21 09:24:47

ComboFix-quarantined-files.txt 2011-11-21 14:24

.

Pre-Run: 46,119,768,064 bytes free

Post-Run: 46,115,459,072 bytes free

.

- - End Of File - - 8B764F783690EB07AFB362E28E182E04

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

im still getting the same "mbam blocking an outgoing ie site" about once a day. usually it seems to happen when i visit (what i deem to be)less secure websites. as far as speed goes, im running ok...ie crashes on me once a day.. but i do keep 6 or 7 tabs open at one time.

when i ran eset it ran fine for an hour looking at all my files, then seemed to hang at the operating system memory check

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.28

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 29

Adobe Flash Player ( 10.3.183.7) Flash Player out of Date!

Adobe Reader X (10.1.0) Adobe Reader out of Date!

Mozilla Firefox (7.0.1) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Adobe Flash Player ( 10.3.183.7)

Adobe Reader X (10.1.0)

Mozilla Firefox (7.0.1)

Restart your computer.

Get the latest version of Adobe Reader, Firefox, and Adobe Flash Player.

Let me know what issues remain.

Are you still getting blocks? Is it only when visiting certain pages?

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.