Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with laptop kdcom.dll corrupt [Solved]


  • This topic is locked This topic is locked

#31
recsite

recsite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Scan result of Farbar Recovery Scan Tool Version: 26-08-2012 01
Ran by SYSTEM at 26-08-2012 14:45:42
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax" [3707704 2010-04-09] (Hewlett-Packard Company)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [PrintDisp] C:\Windows\system32\PrintDisp.exe [878080 2009-08-21] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-04-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Marissa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-07] (Google Inc.)
HKU\Marissa\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22631608 2011-05-18] (ooVoo LLC)
HKU\Marissa\...\Run: [Facebook Update] "C:\Users\Marissa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-11] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{20A38C2B-4AD4-4C9D-B912-36D8FD3A644A}: [NameServer]198.153.192.50,198.153.194.50
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Marissa\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 N360; "C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.3.0.14\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.3.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 NAT; "C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.36\ccSvcHst.exe" /s "NAT" /m "C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.36\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll" /prefetch:1 [303544 2011-10-11] (Symantec Corporation)
2 Printer Control; C:\Windows\system32\PrintCtrl.exe [77824 2009-06-16] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-03] (Intel Corporation)

==================== Drivers (Whitelisted) ===================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\0105000.024\ccSetx64.sys [167048 2011-11-04] (Symantec Corporation)
1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120824.001\IDSvia64.sys [512672 2012-08-24] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120825.007\ENG64.SYS [125600 2012-08-25] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120825.007\EX64.SYS [2084000 2012-08-25] (Symantec Corporation)
3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
3 SRTSP; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMDS64.SYS [451192 2012-04-17] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-08-26] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-26 08:04 - 2012-08-26 08:04 - 00000000 ____D C:\Users\Marissa\My Documents\Symantec
2012-08-26 08:04 - 2012-08-26 08:04 - 00000000 ____D C:\Users\Marissa\Documents\Symantec
2012-08-26 08:03 - 2012-08-26 08:03 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-26 08:03 - 2012-08-26 08:03 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-26 08:03 - 2012-08-26 08:03 - 00002573 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-08-26 08:03 - 2012-08-26 08:03 - 00002573 ____A C:\Users\All Users\Desktop\Norton 360.lnk
2012-08-26 08:03 - 2012-08-26 08:03 - 00000000 ____D C:\Program Files\Symantec
2012-08-26 07:47 - 2012-08-26 07:47 - 00920096 ____A C:\Users\Marissa\Desktop\Norton_Removal_Tool.exe
2012-08-26 02:06 - 2012-07-06 15:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-26 02:05 - 2012-06-28 22:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-26 02:05 - 2012-06-28 22:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-26 02:05 - 2012-06-28 22:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-26 02:05 - 2012-06-28 22:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-26 02:05 - 2012-06-28 22:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-26 02:05 - 2012-06-28 19:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-26 02:05 - 2012-06-28 19:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-26 02:05 - 2012-06-28 19:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-26 02:05 - 2012-06-28 19:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-26 02:05 - 2012-06-28 19:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-26 02:04 - 2012-06-28 23:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-26 02:04 - 2012-06-28 23:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-26 02:04 - 2012-06-28 22:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-26 02:04 - 2012-06-28 22:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-26 02:04 - 2012-06-28 22:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-26 02:04 - 2012-06-28 22:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-26 02:04 - 2012-06-28 22:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-26 02:04 - 2012-06-28 22:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-26 02:04 - 2012-06-28 22:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-26 02:04 - 2012-06-28 19:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-26 02:04 - 2012-06-28 19:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-26 02:04 - 2012-06-28 19:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-26 02:04 - 2012-06-28 19:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-26 02:04 - 2012-06-28 19:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-26 02:04 - 2012-06-28 19:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-26 02:04 - 2012-06-28 19:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-26 02:04 - 2012-06-28 19:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-26 02:04 - 2012-06-28 18:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-25 13:30 - 2012-07-18 13:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-25 13:30 - 2012-07-04 17:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-25 13:30 - 2012-07-04 17:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-25 13:30 - 2012-07-04 17:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-25 13:30 - 2012-07-04 16:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-25 13:30 - 2012-07-04 16:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-25 13:30 - 2012-05-14 00:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-25 13:30 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-25 13:30 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-25 13:30 - 2012-02-11 01:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-25 13:30 - 2012-02-11 01:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-25 13:30 - 2012-02-11 01:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-25 13:30 - 2012-02-11 00:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-25 11:43 - 2012-08-25 11:43 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-25 09:22 - 2012-08-25 09:22 - 00000000 ____D C:\Users\Marissa\Desktop\tdsskiller
2012-08-25 09:11 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-25 08:51 - 2012-08-25 08:51 - 00262144 ____A C:\Windows\Minidump\082512-53040-01.dmp
2012-08-24 19:53 - 2012-08-24 19:53 - 00082548 ____A C:\Users\Marissa\Desktop\Extras.Txt
2012-08-24 19:33 - 2012-08-24 19:33 - 00006288 ____A C:\Users\Marissa\Desktop\BITS.reg
2012-08-24 19:02 - 2012-08-24 19:03 - 00000000 ____D C:\Users\Marissa\Desktop\nortonpowereraserwebsite
2012-08-24 18:59 - 2012-08-24 19:00 - 02892816 ____A (Symantec Corporation) C:\Users\Marissa\Downloads\NPE (1).exe
2012-08-24 18:37 - 2012-08-25 09:27 - 00002458 ____A C:\Users\Marissa\Desktop\FSS.txt
2012-08-24 18:36 - 2012-08-24 18:36 - 00693235 ____A (Farbar) C:\Users\Marissa\Desktop\FSS.exe
2012-08-24 18:12 - 2012-08-24 18:12 - 00030583 ____A C:\ComboFix.txt
2012-08-24 17:34 - 2012-08-24 18:12 - 00000000 ____D C:\Qoobox
2012-08-24 17:34 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-24 17:34 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-24 17:34 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-24 17:34 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-24 17:34 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-24 17:34 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-24 17:34 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-24 17:34 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-24 17:33 - 2012-08-24 18:04 - 00000000 ____D C:\Windows\erdnt
2012-08-24 17:33 - 2012-08-24 17:33 - 04737458 ____R (Swearware) C:\Users\Marissa\Desktop\ComboFix.exe
2012-08-24 16:07 - 2012-08-24 16:07 - 00000000 ____D C:\_OTL
2012-08-24 16:05 - 2012-08-24 16:05 - 04731392 ____A (AVAST Software) C:\Users\Marissa\Desktop\aswMBR.exe
2012-08-24 16:05 - 2012-08-24 16:05 - 00596480 ____A (OldTimer Tools) C:\Users\Marissa\Desktop\OTL.exe
2012-08-24 12:55 - 2012-08-24 12:55 - 00266288 ____A C:\Windows\Minidump\082412-41667-01.dmp
2012-08-24 09:47 - 2012-08-24 09:47 - 00262144 ____A C:\Windows\Minidump\082412-50747-01.dmp
2012-08-24 09:27 - 2012-08-24 09:27 - 00728096 ____A C:\Windows\Minidump\082412-37845-01.dmp
2012-08-24 07:00 - 2012-08-24 07:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-24 07:00 - 2012-08-24 07:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-08-24 06:59 - 2012-08-24 06:59 - 00000000 ____D C:\Program Files\iTunes
2012-08-24 06:59 - 2012-08-24 06:59 - 00000000 ____D C:\Program Files\iPod
2012-08-24 06:59 - 2012-08-24 06:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-08-24 06:55 - 2012-08-24 06:55 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-08-24 06:55 - 2012-08-24 06:55 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-08-24 06:55 - 2012-08-24 06:55 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-08-22 09:37 - 2012-08-25 12:37 - 00003690 ____A C:\Users\Marissa\Desktop\aswMBR.txt
2012-08-22 09:37 - 2012-08-25 12:37 - 00000512 ____A C:\Users\Marissa\Desktop\MBR.dat
2012-08-22 09:29 - 2012-08-22 09:29 - 00070560 ____A C:\Users\Marissa\Downloads\Extras.Txt
2012-08-22 09:27 - 2012-08-26 08:14 - 00121322 ____A C:\Users\Marissa\Desktop\OTL.Txt
2012-08-11 14:19 - 2012-08-11 14:19 - 00809840 ____A (AirInstaller Inc.) C:\Users\Marissa\Downloads\setup.exe
2012-08-07 19:52 - 2012-08-07 19:52 - 00728048 ____A C:\Windows\Minidump\080712-24804-01.dmp
2012-08-06 16:26 - 2012-08-06 16:26 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-06 16:26 - 2012-08-06 16:26 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-06 16:23 - 2012-08-06 16:23 - 00262144 ____A C:\Windows\Minidump\080612-29000-01.dmp
2012-08-05 20:10 - 2012-08-05 20:10 - 00000000 ____D C:\Windows\Sun
2012-08-05 17:02 - 2012-08-05 17:02 - 00262144 ____A C:\Windows\Minidump\080512-34055-01.dmp
2012-08-05 16:34 - 2012-08-05 16:34 - 00002143 ____A C:\Users\Marissa\Desktop\repair your computer.txt
2012-08-05 15:24 - 2012-08-05 15:24 - 00371097 ____A C:\Users\Marissa\Downloads\Base Filtering Engine.reg
2012-08-05 15:03 - 2012-08-05 15:03 - 00002450 ____A C:\Users\Public\Desktop\Norton Anti-Theft.lnk
2012-08-05 15:03 - 2012-08-05 15:03 - 00002450 ____A C:\Users\All Users\Desktop\Norton Anti-Theft.lnk
2012-08-05 15:03 - 2012-08-05 15:03 - 00000000 ____D C:\Windows\System32\Drivers\NATx64
2012-08-05 15:03 - 2012-08-05 15:03 - 00000000 ____D C:\Program Files (x86)\Norton Anti-Theft
2012-08-05 14:55 - 2012-08-05 14:55 - 00828736 ____A (Symantec Corporation) C:\Users\Marissa\Downloads\NortonAnti-TheftDownloader.exe
2012-08-05 14:17 - 2012-08-05 14:17 - 00000000 ____D C:\N360_BACKUP
2012-08-05 14:05 - 2012-08-05 14:05 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
2012-08-04 22:43 - 2012-08-04 22:43 - 00262144 ____A C:\Windows\Minidump\080412-29203-01.dmp
2012-08-04 22:11 - 2012-08-04 22:11 - 02841104 ____A (Symantec Corporation) C:\Users\Marissa\Downloads\NPE.exe
2012-08-04 21:24 - 2012-08-24 19:20 - 00000000 ____D C:\Users\Marissa\Local Settings\NPE
2012-08-04 21:24 - 2012-08-24 19:20 - 00000000 ____D C:\Users\Marissa\Local Settings\Application Data\NPE
2012-08-04 21:24 - 2012-08-24 19:20 - 00000000 ____D C:\Users\Marissa\AppData\Local\NPE
2012-08-04 21:05 - 2012-08-26 08:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-08-04 21:05 - 2012-08-26 08:02 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2012-08-04 21:05 - 2012-08-26 08:02 - 00000000 ____D C:\Program Files (x86)\Norton 360
2012-08-04 20:53 - 2012-08-26 08:01 - 00001300 ____A C:\Users\Marissa\Desktop\Norton Installation Files.lnk
2012-08-04 20:53 - 2012-08-26 08:01 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-08-04 20:23 - 2012-08-05 16:20 - 00000000 ____D C:\Users\Marissa\Local Settings\LogMeIn Rescue Applet
2012-08-04 20:23 - 2012-08-05 16:20 - 00000000 ____D C:\Users\Marissa\Local Settings\Application Data\LogMeIn Rescue Applet
2012-08-04 20:23 - 2012-08-05 16:20 - 00000000 ____D C:\Users\Marissa\AppData\Local\LogMeIn Rescue Applet
2012-08-04 20:20 - 2012-08-04 20:20 - 01187504 ____A (LogMeIn, Inc.) C:\Users\Marissa\Downloads\Support-LogMeInRescue.exe
2012-08-04 19:38 - 2012-08-04 19:38 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
2012-08-04 19:38 - 2012-08-04 19:38 - 00000000 ____D C:\Program Files (x86)\Norton Safe Web Lite
2012-08-03 15:07 - 2012-08-03 15:07 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-29 20:08 - 2012-07-29 20:08 - 00262144 ____A C:\Windows\Minidump\072912-22682-01.dmp


==================== 3 Months Modified Files ================================

2012-08-26 13:39 - 2011-03-28 04:25 - 01624336 ____A C:\Windows\WindowsUpdate.log
2012-08-26 13:37 - 2009-07-14 00:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-26 13:35 - 2012-04-26 20:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-26 13:35 - 2011-08-23 21:32 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957519283-3269216495-3174932433-1001UA.job
2012-08-26 13:35 - 2011-06-07 14:42 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-26 13:35 - 2009-07-13 23:51 - 00003076 ____A C:\Windows\setupact.log
2012-08-26 08:14 - 2012-08-22 09:27 - 00121322 ____A C:\Users\Marissa\Desktop\OTL.Txt
2012-08-26 08:03 - 2012-08-26 08:03 - 00175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-08-26 08:03 - 2012-08-26 08:03 - 00007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-08-26 08:03 - 2012-08-26 08:03 - 00002573 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-08-26 08:03 - 2012-08-26 08:03 - 00002573 ____A C:\Users\All Users\Desktop\Norton 360.lnk
2012-08-26 08:02 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-26 08:02 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-26 08:01 - 2012-08-04 20:53 - 00001300 ____A C:\Users\Marissa\Desktop\Norton Installation Files.lnk
2012-08-26 07:55 - 2011-06-07 14:42 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-26 07:54 - 2011-03-28 04:46 - 00086226 ____A C:\Windows\PFRO.log
2012-08-26 07:54 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-26 07:47 - 2012-08-26 07:47 - 00920096 ____A C:\Users\Marissa\Desktop\Norton_Removal_Tool.exe
2012-08-26 02:23 - 2009-07-13 23:45 - 00463600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-26 02:10 - 2011-08-23 21:32 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957519283-3269216495-3174932433-1001Core.job
2012-08-26 02:01 - 2011-05-14 20:43 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-25 16:52 - 2012-02-01 17:52 - 00000456 ___AH C:\Windows\Tasks\Norton Security Scan for Marissa.job
2012-08-25 12:37 - 2012-08-22 09:37 - 00003690 ____A C:\Users\Marissa\Desktop\aswMBR.txt
2012-08-25 12:37 - 2012-08-22 09:37 - 00000512 ____A C:\Users\Marissa\Desktop\MBR.dat
2012-08-25 09:27 - 2012-08-24 18:37 - 00002458 ____A C:\Users\Marissa\Desktop\FSS.txt
2012-08-25 08:51 - 2012-08-25 08:51 - 00262144 ____A C:\Windows\Minidump\082512-53040-01.dmp
2012-08-25 08:51 - 2011-05-17 16:29 - 539660446 ____A C:\Windows\MEMORY.DMP
2012-08-25 06:42 - 2009-07-14 00:08 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-24 19:53 - 2012-08-24 19:53 - 00082548 ____A C:\Users\Marissa\Desktop\Extras.Txt
2012-08-24 19:33 - 2012-08-24 19:33 - 00006288 ____A C:\Users\Marissa\Desktop\BITS.reg
2012-08-24 19:00 - 2012-08-24 18:59 - 02892816 ____A (Symantec Corporation) C:\Users\Marissa\Downloads\NPE (1).exe
2012-08-24 18:36 - 2012-08-24 18:36 - 00693235 ____A (Farbar) C:\Users\Marissa\Desktop\FSS.exe
2012-08-24 18:12 - 2012-08-24 18:12 - 00030583 ____A C:\ComboFix.txt
2012-08-24 17:52 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-08-24 17:50 - 2009-07-13 21:34 - 80216064 ____A C:\Windows\System32\config\software.bak
2012-08-24 17:50 - 2009-07-13 21:34 - 23068672 ____A C:\Windows\System32\config\system.bak
2012-08-24 17:50 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-08-24 17:50 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-08-24 17:50 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\default.bak
2012-08-24 17:33 - 2012-08-24 17:33 - 04737458 ____R (Swearware) C:\Users\Marissa\Desktop\ComboFix.exe
2012-08-24 16:05 - 2012-08-24 16:05 - 04731392 ____A (AVAST Software) C:\Users\Marissa\Desktop\aswMBR.exe
2012-08-24 16:05 - 2012-08-24 16:05 - 00596480 ____A (OldTimer Tools) C:\Users\Marissa\Desktop\OTL.exe
2012-08-24 12:55 - 2012-08-24 12:55 - 00266288 ____A C:\Windows\Minidump\082412-41667-01.dmp
2012-08-24 09:47 - 2012-08-24 09:47 - 00262144 ____A C:\Windows\Minidump\082412-50747-01.dmp
2012-08-24 09:27 - 2012-08-24 09:27 - 00728096 ____A C:\Windows\Minidump\082412-37845-01.dmp
2012-08-24 07:02 - 2011-07-22 20:14 - 00002342 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-24 07:02 - 2011-07-22 20:14 - 00002342 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-08-24 07:00 - 2012-08-24 07:00 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-24 07:00 - 2012-08-24 07:00 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-08-24 06:55 - 2012-08-24 06:55 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-08-24 06:55 - 2012-08-24 06:55 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-08-22 09:29 - 2012-08-22 09:29 - 00070560 ____A C:\Users\Marissa\Downloads\Extras.Txt
2012-08-19 19:27 - 2012-04-26 20:24 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-19 19:27 - 2011-07-12 10:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-11 14:19 - 2012-08-11 14:19 - 00809840 ____A (AirInstaller Inc.) C:\Users\Marissa\Downloads\setup.exe
2012-08-07 19:52 - 2012-08-07 19:52 - 00728048 ____A C:\Windows\Minidump\080712-24804-01.dmp
2012-08-06 21:13 - 2011-10-03 19:28 - 00001157 ____A C:\Users\Marissa\My Documents\Einstein.txt
2012-08-06 21:13 - 2011-10-03 19:28 - 00001157 ____A C:\Users\Marissa\Documents\Einstein.txt
2012-08-06 21:13 - 2011-10-03 19:27 - 00001416 ____A C:\Users\Marissa\My Documents\Einstein.html
2012-08-06 21:13 - 2011-10-03 19:27 - 00001416 ____A C:\Users\Marissa\Documents\Einstein.html
2012-08-06 21:13 - 2011-10-03 19:26 - 00001153 ____A C:\Users\Marissa\My Documents\hi.html
2012-08-06 21:13 - 2011-10-03 19:26 - 00001153 ____A C:\Users\Marissa\Documents\hi.html
2012-08-06 21:12 - 2012-06-03 20:32 - 18315743 ____A C:\Users\Marissa\Downloads\Backstreet Boys - I Want It That Way(1).mp4
2012-08-06 21:12 - 2012-06-03 20:29 - 18315743 ____A C:\Users\Marissa\Downloads\Backstreet Boys - I Want It That Way.mp4
2012-08-06 21:12 - 2012-06-03 20:20 - 14144292 ____A C:\Users\Marissa\Downloads\Backstreet Boys - Everybody (Backstreets Back).mp4
2012-08-06 21:12 - 2012-06-03 19:58 - 16848712 ____A C:\Users\Marissa\Downloads\Aqua - Barbie Girl.mp4
2012-08-06 21:12 - 2012-06-03 19:46 - 00622260 ____A C:\Users\Marissa\Downloads\Backstreet Boys - Quit Playing Games (With My Heart).mp4
2012-08-06 21:12 - 2012-06-03 19:39 - 12195710 ____A C:\Users\Marissa\Downloads\Alanis Morissette - Ironic.mp4
2012-08-06 21:12 - 2012-06-03 19:02 - 16391544 ____A C:\Users\Marissa\Downloads\Ace Of Base - 1994 - The Sign.mp4
2012-08-06 21:12 - 2011-10-05 19:27 - 00000259 ____A C:\Users\Marissa\My Documents\Snoopy.html
2012-08-06 21:12 - 2011-10-05 19:27 - 00000259 ____A C:\Users\Marissa\Documents\Snoopy.html
2012-08-06 21:12 - 2011-10-03 19:36 - 00002141 ____A C:\Users\Marissa\My Documents\Snowman.html
2012-08-06 21:12 - 2011-10-03 19:36 - 00002141 ____A C:\Users\Marissa\Documents\Snowman.html
2012-08-06 21:11 - 2012-06-03 20:45 - 18219129 ____A C:\Users\Marissa\Downloads\Lou Bega - Mambo No. 5 (A Little Bit Of...).mp4
2012-08-06 21:11 - 2012-06-03 20:33 - 16078580 ____A C:\Users\Marissa\Downloads\Eiffel 65 - Blue (Da Ba Dee) (Original Video with subtitles).mp4
2012-08-06 21:11 - 2012-06-03 20:29 - 18026014 ____A C:\Users\Marissa\Downloads\Christina Aguilera - Genie In A Bottle.mp4
2012-08-06 21:11 - 2012-06-03 20:28 - 19661435 ____A C:\Users\Marissa\Downloads\Britney Spears - ...Baby One More Time.mp4
2012-08-06 21:11 - 2012-06-03 20:28 - 13562150 ____A C:\Users\Marissa\Downloads\Cher - Believe [Official Music Video].mp4
2012-08-06 21:11 - 2012-06-03 20:18 - 14828028 ____A C:\Users\Marissa\Downloads\I Want You Back - The Jackson 5.mp4
2012-08-06 21:11 - 2012-06-03 19:55 - 20102949 ____A C:\Users\Marissa\Downloads\Los del Rio - Macarena (Original Video) [HD].mp4
2012-08-06 21:11 - 2012-06-03 19:49 - 19295043 ____A C:\Users\Marissa\Downloads\Hanson - MMMBop.mp4
2012-08-06 21:11 - 2012-06-03 19:48 - 17880854 ____A C:\Users\Marissa\Downloads\Eurythmics - Sweet Dreams (Are Made Of This).mp4
2012-08-06 21:11 - 2012-06-03 19:26 - 09944136 ____A C:\Users\Marissa\Downloads\Macarena - Original version.mp4
2012-08-06 21:11 - 2012-06-03 19:25 - 21271353 ____A C:\Users\Marissa\Downloads\Mariah Carey - Always Be My Baby.mp4
2012-08-06 21:11 - 2012-06-03 19:22 - 21046746 ____A C:\Users\Marissa\Downloads\Hootie And The Blowfish - Only Wanna Be With You (Video).mp4
2012-08-06 21:11 - 2012-06-03 19:21 - 17123046 ____A C:\Users\Marissa\Downloads\Bonnie Tyler - Total Eclipse of the Heart (official music video + lyrics).mp4
2012-08-06 21:11 - 2012-06-03 19:20 - 10844446 ____A C:\Users\Marissa\Downloads\Gangstas Paradise - Coolio.mp4
2012-08-06 21:11 - 2012-06-03 19:12 - 12900701 ____A C:\Users\Marissa\Downloads\Haddaway - What Is Love.mp4
2012-08-06 21:11 - 2012-06-03 18:59 - 19248881 ____A C:\Users\Marissa\Downloads\Gin Blossoms - Hey Jealousy.mp4
2012-08-06 21:11 - 2012-06-03 18:59 - 16858247 ____A C:\Users\Marissa\Downloads\Cypress Hill - Insane In The Brain.mp4
2012-08-06 21:11 - 2012-06-03 18:37 - 19633389 ____A C:\Users\Marissa\Downloads\House of Pain - Jump Around.mp4
2012-08-06 21:11 - 2012-06-03 18:37 - 18207911 ____A C:\Users\Marissa\Downloads\Billy Ray Cyrus - Achy Breaky Heart.mp4
2012-08-06 21:11 - 2012-06-03 18:02 - 20083931 ____A C:\Users\Marissa\Downloads\Deee Lite - Groove is in the Heart (Music Video).mp4
2012-08-06 21:11 - 2012-06-03 18:00 - 18780876 ____A C:\Users\Marissa\Downloads\EMF - Unbelievable.mp4
2012-08-06 21:11 - 2012-06-03 17:59 - 25457193 ____A C:\Users\Marissa\Downloads\C & C Music Factory Gonna Make You Sweat Deejay gu Flash House anos 80, 90 - www.gtpromo.com.br.mp4
2012-08-06 21:11 - 2012-06-03 17:36 - 24573707 ____A C:\Users\Marissa\Downloads\Madonna - Vogue (video).mp4
2012-08-06 21:11 - 2011-07-26 19:34 - 97144226 ____A C:\Users\Marissa\Downloads\Katy Perry - Last Friday Night (T.G.I.F.)_(1080p)-1.mp4
2012-08-06 21:10 - 2012-06-03 20:33 - 18795249 ____A C:\Users\Marissa\Downloads\Ricky Martin - Livin La Vida Loca.mp4
2012-08-06 21:10 - 2012-06-03 20:32 - 21458015 ____A C:\Users\Marissa\Downloads\Santana - Smooth (feat. Rob Thomas).mp4
2012-08-06 21:10 - 2012-06-03 20:32 - 19632394 ____A C:\Users\Marissa\Downloads\Smash Mouth - All Star.mp4
2012-08-06 21:10 - 2012-06-03 20:16 - 21800896 ____A C:\Users\Marissa\Downloads\The Verve - Bitter Sweet Symphony.mp4
2012-08-06 21:10 - 2012-06-03 20:15 - 14685410 ____A C:\Users\Marissa\Downloads\Spice Girls - Spice Up Your Life.mp4
2012-08-06 21:10 - 2012-06-03 20:13 - 17878008 ____A C:\Users\Marissa\Downloads\Will Smith - Getting jiggy with it(1).mp4
2012-08-06 21:10 - 2012-06-03 20:09 - 17878008 ____A C:\Users\Marissa\Downloads\Will Smith - Getting jiggy with it.mp4
2012-08-06 21:10 - 2012-06-03 19:53 - 10640509 ____A C:\Users\Marissa\Downloads\Tubthumping (I Get Knocked Down) Lyrics.mp4
2012-08-06 21:10 - 2012-06-03 19:50 - 19236472 ____A C:\Users\Marissa\Downloads\Third Eye Blind - Semi Charmed Life (Official Music Video) HD.mp4
2012-08-06 21:10 - 2012-06-03 19:46 - 18638204 ____A C:\Users\Marissa\Downloads\Spice Girls - Wannabe.mp4
2012-08-06 21:10 - 2012-06-03 19:40 - 11341420 ____A C:\Users\Marissa\Downloads\Wonderwall.mp4
2012-08-06 21:10 - 2012-06-03 19:39 - 22866760 ____A C:\Users\Marissa\Downloads\Marilyn manson - Sweet Dreams (Official Video).mp4
2012-08-06 21:10 - 2012-06-03 19:23 - 14271011 ____A C:\Users\Marissa\Downloads\the pretenders - Ill stand by you ( video ).mp4
2012-08-06 21:10 - 2012-06-03 19:23 - 12994160 ____A C:\Users\Marissa\Downloads\Rednex - Cotton Eye Joe.mp4
2012-08-06 21:10 - 2012-06-03 19:11 - 19269693 ____A C:\Users\Marissa\Downloads\Salt N Pepa - Whatta Man 1994 (feat. En Vogue).mp4
2012-08-06 21:10 - 2012-06-03 19:05 - 19335280 ____A C:\Users\Marissa\Downloads\Sheryl Crow All I Wanna Do.mp4
2012-08-06 21:10 - 2012-06-03 18:56 - 13017053 ____A C:\Users\Marissa\Downloads\Whoomp There It Is - Tag Team.mp4
2012-08-06 21:10 - 2012-06-03 18:42 - 21438103 ____A C:\Users\Marissa\Downloads\Nirvana - Smells Like Teen Spirit.mp4
2012-08-06 21:10 - 2012-06-03 18:42 - 08952369 ____A C:\Users\Marissa\Downloads\Whitney Houston - I Will Always Love You Official Music Video.mp4
2012-08-06 21:10 - 2012-06-03 18:36 - 14083232 ____A C:\Users\Marissa\Downloads\Right Said Fred - I`m Too Sexy (The Original).mp4
2012-08-06 21:10 - 2012-06-03 18:36 - 12506849 ____A C:\Users\Marissa\Downloads\Sir Mix-A-Lot - Baby Got Back (I Like Big Butts) [ORIGINAL].mp4
2012-08-06 21:10 - 2012-06-03 18:04 - 23263847 ____A C:\Users\Marissa\Downloads\Marky Mark And The Funky Bunch - Good Vibrations.mp4
2012-08-06 21:10 - 2012-06-03 17:50 - 21810647 ____A C:\Users\Marissa\Downloads\MC Hammer - U Cant Touch This.mp4
2012-08-06 21:10 - 2012-06-03 17:48 - 12323548 ____A C:\Users\Marissa\Downloads\Snap - The power.mp4
2012-08-06 21:10 - 2012-06-03 17:47 - 18944047 ____A C:\Users\Marissa\Downloads\Vanilla Ice - Ice Ice Baby.mp4
2012-08-06 21:10 - 2012-06-03 17:45 - 30694648 ____A C:\Users\Marissa\Downloads\Technotronic - Pump Up The Jam.mp4
2012-08-06 20:54 - 2011-03-28 04:52 - 00000204 ____A C:\Users\Public\Desktop\My Identity Protection.url
2012-08-06 20:54 - 2011-03-28 04:52 - 00000204 ____A C:\Users\All Users\Desktop\My Identity Protection.url
2012-08-06 16:26 - 2012-08-06 16:26 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-06 16:26 - 2012-08-06 16:26 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-06 16:26 - 2009-07-13 23:51 - 00000000 ____A C:\Windows\setuperr.log
2012-08-06 16:23 - 2012-08-06 16:23 - 00262144 ____A C:\Windows\Minidump\080612-29000-01.dmp
2012-08-05 17:02 - 2012-08-05 17:02 - 00262144 ____A C:\Windows\Minidump\080512-34055-01.dmp
2012-08-05 16:34 - 2012-08-05 16:34 - 00002143 ____A C:\Users\Marissa\Desktop\repair your computer.txt
2012-08-05 15:24 - 2012-08-05 15:24 - 00371097 ____A C:\Users\Marissa\Downloads\Base Filtering Engine.reg
2012-08-05 15:03 - 2012-08-05 15:03 - 00002450 ____A C:\Users\Public\Desktop\Norton Anti-Theft.lnk
2012-08-05 15:03 - 2012-08-05 15:03 - 00002450 ____A C:\Users\All Users\Desktop\Norton Anti-Theft.lnk
2012-08-05 14:55 - 2012-08-05 14:55 - 00828736 ____A (Symantec Corporation) C:\Users\Marissa\Downloads\NortonAnti-TheftDownloader.exe
2012-08-04 22:43 - 2012-08-04 22:43 - 00262144 ____A C:\Windows\Minidump\080412-29203-01.dmp
2012-08-04 22:11 - 2012-08-04 22:11 - 02841104 ____A (Symantec Corporation) C:\Users\Marissa\Downloads\NPE.exe
2012-08-04 20:20 - 2012-08-04 20:20 - 01187504 ____A (LogMeIn, Inc.) C:\Users\Marissa\Downloads\Support-LogMeInRescue.exe
2012-07-29 20:12 - 2012-04-23 17:46 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 20:12 - 2012-04-23 17:46 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-29 20:08 - 2012-07-29 20:08 - 00262144 ____A C:\Windows\Minidump\072912-22682-01.dmp
2012-07-26 22:14 - 2012-07-26 22:13 - 00728128 ____A C:\Windows\Minidump\072612-15724-01.dmp
2012-07-18 13:15 - 2012-08-25 13:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 20:01 - 2012-07-11 20:01 - 00266728 ____A C:\Windows\Minidump\071112-23587-01.dmp
2012-07-11 14:33 - 2009-07-13 21:34 - 00000510 ____A C:\Windows\win.ini
2012-07-07 07:14 - 2012-07-07 07:14 - 00262144 ____A C:\Windows\Minidump\070712-17862-01.dmp
2012-07-06 15:07 - 2012-08-26 02:06 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 17:16 - 2012-08-25 13:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-25 13:30 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-25 13:30 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-25 13:30 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-25 13:30 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 12:46 - 2011-08-04 20:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 23:55 - 2012-08-26 02:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 23:09 - 2012-08-26 02:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 22:56 - 2012-08-26 02:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 22:49 - 2012-08-26 02:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 22:49 - 2012-08-26 02:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 22:48 - 2012-08-26 02:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 22:47 - 2012-08-26 02:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 22:45 - 2012-08-26 02:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 22:44 - 2012-08-26 02:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 22:43 - 2012-08-26 02:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 22:42 - 2012-08-26 02:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 22:40 - 2012-08-26 02:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 22:39 - 2012-08-26 02:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 22:35 - 2012-08-26 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 19:52 - 2012-08-26 02:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 19:27 - 2012-08-26 02:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 19:16 - 2012-08-26 02:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 19:09 - 2012-08-26 02:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 19:09 - 2012-08-26 02:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 19:08 - 2012-08-26 02:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 19:07 - 2012-08-26 02:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 19:06 - 2012-08-26 02:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 19:04 - 2012-08-26 02:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 19:04 - 2012-08-26 02:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 19:01 - 2012-08-26 02:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 19:01 - 2012-08-26 02:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 19:00 - 2012-08-26 02:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 18:57 - 2012-08-26 02:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 22:51 - 2012-06-13 22:51 - 00000118 ____A C:\Windows\System32\MRT.INI
2012-06-09 00:43 - 2012-07-10 13:27 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-10 13:27 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 19:59 - 2012-06-06 19:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-06 01:06 - 2012-07-10 13:27 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-10 13:27 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-10 13:26 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-10 13:27 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-10 13:27 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-10 13:27 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 20:51 - 2012-06-03 20:51 - 231751168 ____A C:\Users\Marissa\My Documents\1990s Music.wmv
2012-06-03 20:51 - 2012-06-03 20:51 - 231751168 ____A C:\Users\Marissa\Documents\1990s Music.wmv
2012-06-03 20:19 - 2012-06-03 20:19 - 00001010 ____A C:\Users\Marissa\Desktop\MixMeister Studio.lnk
2012-06-02 17:19 - 2012-06-22 08:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 08:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 08:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 08:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 08:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 08:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 08:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:19 - 2012-06-22 08:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 08:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 00:50 - 2012-07-10 13:27 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-10 13:27 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-10 13:27 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-10 13:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-10 13:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-10 13:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-10 13:27 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-10 13:27 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-10 13:27 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

ZeroAccess:
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\[email protected]
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde

ZeroAccess:
C:\Users\Marissa\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\Marissa\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
C:\Users\Marissa\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L
C:\Users\Marissa\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U

Type 00 partition infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-24 16:08:21
Restore point made on: 2012-08-24 17:11:31
Restore point made on: 2012-08-24 19:17:10
Restore point made on: 2012-08-24 19:36:13
Restore point made on: 2012-08-24 19:37:33
Restore point made on: 2012-08-24 19:38:13
Restore point made on: 2012-08-24 19:39:01
Restore point made on: 2012-08-26 02:01:26

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 5942.68 MB
Available physical RAM: 5196.56 MB
Total Pagefile: 5940.83 MB
Available Pagefile: 5196.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:468.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.79 GB) (Free:3.79 GB) FAT32
4 Drive f: (Recovery) (Fixed) (Total:14.65 GB) (Free:6.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3892 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 581 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 DELLUTILITY FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F Recovery NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3891 MB 400 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Removable 3891 MB Healthy

==================================================================================

Last Boot: 2012-08-18 16:02

==================== End Of Log =============================
  • 0

Advertisements


#32
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

For the first part of the new set of instructions below, we will work outside of the windows environment again as follows...

Custom FRST Script:

  • Open notepad (Start >> All Programs >> Accessories >> Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

    Start
    C:\Windows\svchost.exe
    C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    C:\Users\Marissa\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    End
  • Save it on the flashdrive as fixlist.txt
  • Now please enter System Recovery Options then select Command Prompt.
  • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
  • Reboot your machine back into Normal Mode.
Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Re-scan with ComboFix:

Delete your current version(ComboFix.exe) and follow my prior instructions here in post #6/Download/Run ComboFix

Post the new ComboFix log in your next reply also and we will go from there, thank you.
  • 0

#33
recsite

recsite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 26-08-2012 01
Ran by SYSTEM at 2012-08-26 16:50:20 Run:1
Running from E:\

==============================================

C:\Windows\svchost.exe moved successfully.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} moved successfully.
C:\Users\Marissa\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} moved successfully.

==== End of Fixlog ====

Combofix log to follow.
  • 0

#34
recsite

recsite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Just so you are aware, I shut down Norton 360 as per web site instructions, when I ran combofix, got a warning message that real-time scanning was active (Norton 360). I opened the program and manually turned off everything, ran the combofix program, then restarted 360 and Malwarebytes.


ComboFix 12-08-25.04 - Marissa 08/26/2012 17:25:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4000 [GMT -4:00]
Running from: c:\users\Marissa\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 21:31 . 2012-08-26 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 19:45 . 2012-08-26 19:45 -------- d-----w- C:\FRST
2012-08-26 13:03 . 2012-08-26 13:03 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-26 13:03 . 2012-08-26 13:03 -------- d-----w- c:\program files\Symantec
2012-08-26 07:06 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-26 07:04 . 2012-06-29 05:02 754784 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-08-25 18:30 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-25 18:30 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-25 18:30 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-25 18:30 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-25 18:30 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-25 18:30 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-25 18:30 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-25 18:30 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-25 18:30 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-25 18:30 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-25 18:30 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-25 18:30 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-25 16:43 . 2012-08-25 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-24 21:07 . 2012-08-24 21:07 -------- d-----w- C:\_OTL
2012-08-24 11:59 . 2012-08-24 11:59 -------- d-----w- c:\program files (x86)\iTunes
2012-08-24 11:59 . 2012-08-24 11:59 -------- d-----w- c:\program files\iPod
2012-08-24 11:59 . 2012-08-24 11:59 -------- d-----w- c:\program files\iTunes
2012-08-06 01:10 . 2012-08-06 01:10 -------- d-----w- c:\windows\Sun
2012-08-05 20:03 . 2012-08-05 20:03 -------- d-----w- c:\windows\system32\drivers\NATx64
2012-08-05 20:03 . 2012-08-05 20:03 -------- d-----w- c:\program files (x86)\Norton Anti-Theft
2012-08-05 19:17 . 2012-08-05 19:17 -------- d-----w- C:\N360_BACKUP
2012-08-05 19:05 . 2012-08-05 19:05 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2012-08-05 02:24 . 2012-08-25 00:20 -------- d-----w- c:\users\Marissa\AppData\Local\NPE
2012-08-05 02:05 . 2012-08-26 13:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-05 02:05 . 2012-08-26 13:02 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-08-05 02:05 . 2012-08-26 13:02 -------- d-----w- c:\program files (x86)\Norton 360
2012-08-05 01:23 . 2012-08-05 21:20 -------- d-----w- c:\users\Marissa\AppData\Local\LogMeIn Rescue Applet
2012-08-05 00:38 . 2012-08-05 00:38 -------- d-----w- c:\windows\system32\drivers\NSTx64
2012-08-05 00:38 . 2012-08-05 00:38 -------- d-----w- c:\program files (x86)\Norton Safe Web Lite
2012-08-03 20:07 . 2012-08-03 20:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 07:01 . 2011-05-15 01:43 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-20 00:27 . 2012-04-27 01:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-20 00:27 . 2011-07-12 15:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-08-05 01:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-10 18:27 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-10 18:27 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 18:27 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 18:26 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 18:27 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 18:27 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 18:27 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 13:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 13:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 13:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 13:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 13:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 18:27 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 18:27 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 18:27 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 18:27 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 18:27 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 18:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 18:27 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 18:27 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 18:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2010-01-26 15:11 . 2011-11-03 00:44 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((( [email protected]_22.52.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-25 18:30 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
- 2012-07-11 04:08 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-26 07:05 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-07-11 04:08 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-26 07:04 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-07-11 04:08 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-26 07:04 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-07-27 14:56 . 2012-08-24 22:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-27 14:56 . 2012-08-25 16:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-27 14:49 . 2012-08-25 16:35 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-07-27 14:49 . 2012-08-24 22:52 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-04-29 12:31 . 2012-08-26 12:56 34736 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-26 20:55 26724 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-14 23:39 . 2012-08-26 20:55 22798 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-957519283-3269216495-3174932433-1001_UserData.bin
+ 2012-08-26 07:05 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
- 2012-07-11 04:08 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-26 07:04 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-11 04:08 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-07-11 04:08 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-26 07:04 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2012-08-26 07:22 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-08-24 11:57 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 23:40 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
+ 2012-08-26 13:03 . 2012-07-06 02:17 37536 c:\windows\system32\drivers\N360x64\0603000.00E\srtspx64.sys
+ 2011-05-14 23:32 . 2012-08-26 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-14 23:32 . 2012-08-22 20:42 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-26 13:03 . 2012-08-26 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-22 20:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-26 13:02 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-08-22 20:41 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-05-23 01:36 . 2012-08-26 07:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-05-24 20:13 . 2012-08-25 00:18 1772 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-26 13:02 . 2012-05-15 01:21 8942 c:\windows\system32\drivers\N360x64\0603000.00E\SymVTcer.dat
+ 2012-08-26 20:51 . 2012-08-26 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-24 22:51 . 2012-08-24 22:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-26 20:51 . 2012-08-26 20:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-24 22:51 . 2012-08-24 22:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-26 07:05 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
- 2012-07-11 04:08 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-26 07:04 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
+ 2012-08-26 07:04 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-07-11 04:08 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-26 07:04 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2012-07-11 04:08 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-07-27 14:50 . 2012-08-25 16:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-27 14:50 . 2012-08-24 22:52 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-08-26 20:51 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-24 22:52 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-15 20:40 . 2012-08-26 07:00 266970 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-05-15 13:18 . 2012-08-26 20:36 231442 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-26 07:05 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
- 2012-07-11 04:08 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-08-26 20:55 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-19 23:23 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-19 23:23 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-26 20:55 106950 c:\windows\system32\perfc009.dat
+ 2012-08-26 07:04 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
+ 2012-08-26 07:04 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
- 2012-07-11 04:08 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-26 07:04 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2012-07-11 04:08 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-08-26 07:23 463600 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-07-11 19:38 463600 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-08-26 07:22 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-24 11:57 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-24 11:57 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-08-26 07:22 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-06-07 02:26 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-26 07:06 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
+ 2009-07-14 05:31 . 2012-08-26 07:22 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-07-15 16:28 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-08-26 13:03 . 2012-04-18 02:13 405624 c:\windows\system32\drivers\N360x64\0603000.00E\symnets.sys
+ 2012-08-26 13:03 . 2012-04-18 02:13 451192 c:\windows\system32\drivers\N360x64\0603000.00E\SymDS64.sys
+ 2012-08-26 13:03 . 2012-07-06 02:17 737952 c:\windows\system32\drivers\N360x64\0603000.00E\srtsp64.sys
+ 2012-08-26 13:03 . 2012-04-18 01:42 190072 c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.sys
+ 2012-08-26 13:03 . 2012-06-07 04:43 167072 c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
+ 2009-07-14 05:01 . 2012-08-26 20:43 430088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\3135c37.msp
+ 2011-05-23 01:36 . 2012-08-26 07:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-08-26 07:04 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-07-11 04:08 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-07-11 04:08 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-26 07:05 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-26 07:04 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
+ 2012-08-26 07:05 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
- 2012-07-11 04:08 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-26 07:04 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-07-11 04:08 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 04:54 . 2012-08-24 22:52 7815168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 20:51 7815168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-11 04:08 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
+ 2012-08-26 07:04 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
- 2012-07-11 04:08 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-26 07:05 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-26 07:04 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
+ 2012-08-26 07:05 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
- 2012-07-11 04:08 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-26 13:03 . 2012-05-22 01:37 1129120 c:\windows\system32\drivers\N360x64\0603000.00E\SymEFA64.sys
- 2009-07-14 04:45 . 2012-07-11 19:40 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-08-26 07:26 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-05 01:30 . 2012-08-25 13:45 1666776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-957519283-3269216495-3174932433-1001-12288.dat
- 2011-08-05 01:30 . 2012-08-11 19:55 1666776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-957519283-3269216495-3174932433-1001-12288.dat
+ 2012-07-29 03:00 . 2012-08-25 16:43 5428252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\3135c65.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 5009920 c:\windows\Installer\3135c09.msp
+ 2011-05-23 01:36 . 2012-08-26 07:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-05-23 01:36 . 2012-08-26 07:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-05-23 01:36 . 2012-07-11 19:33 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-08-26 07:04 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 04:54 . 2012-08-26 20:51 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-24 22:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-08-11 19:18 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-08-26 07:22 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-26 07:04 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-26 07:04 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2011-07-21 01:54 . 2012-08-26 20:43 10648468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-957519283-3269216495-3174932433-1001-8192.dat
+ 2011-08-05 01:30 . 2012-08-26 18:39 45569520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-957519283-3269216495-3174932433-1001-4096.dat
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\3135c4e.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\3135c20.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-07 39408]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-18 22631608]
"Facebook Update"="c:\users\Marissa\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-11 559616]
.
c:\users\Marissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-06-16 77824]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-24 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [2005-11-07 21120]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-02 250984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-15 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2012-04-18 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 ccSet_NAT;Norton Anti-Theft Settings Manager;c:\windows\system32\drivers\NATx64\0105000.024\ccSetx64.sys [2011-11-04 167048]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [2011-08-08 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-24 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0603000.00E\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 NAT;Norton Anti-Theft;c:\program files (x86)\Norton Anti-Theft\Engine\1.5.0.36\ccSvcHst.exe [2011-11-30 138248]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 00:27]
.
2012-08-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957519283-3269216495-3174932433-1001Core.job
- c:\users\Marissa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:09]
.
2012-08-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-957519283-3269216495-3174932433-1001UA.job
- c:\users\Marissa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-24 00:09]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 19:41]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 19:41]
.
2012-08-25 c:\windows\Tasks\Norton Security Scan for Marissa.job
- c:\progra~2\NORTON~2\Engine\370~1.18\Nss.exe [2012-02-01 06:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 3707704]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{20A38C2B-4AD4-4C9D-B912-36D8FD3A644A}: NameServer = 198.153.192.50,198.153.194.50
FF - ProfilePath - c:\users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\d8mmjjj8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-90451770.sys
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAT]
"ImagePath"="\"c:\program files (x86)\Norton Anti-Theft\Engine\1.5.0.36\ccSvcHst.exe\" /s \"NAT\" /m \"c:\program files (x86)\Norton Anti-Theft\Engine\1.5.0.36\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,74,77,db,d2,72,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 17:32:54
ComboFix-quarantined-files.txt 2012-08-26 21:32
ComboFix2.txt 2012-08-24 23:12
.
Pre-Run: 502,883,938,304 bytes free
Post-Run: 502,579,953,664 bytes free
.
- - End Of File - - 4A9039E7FD02AB93ED0AD43FB9DDA839
  • 0

#35
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Just so you are aware, I shut down Norton 360 as per web site instructions, when I ran combofix, got a warning message that real-time scanning was active (Norton 360). I opened the program and manually turned off everything, ran the combofix program, then restarted 360 and Malwarebytes.

OK fair play...to be quite honest anything Norton/Symantec related from my point of view as a Anti-Malware helper can prove to be a hindrance at times. Saying that the software is merely providing protection as it should, says on the box so to speak.

Anyway I think at this juncture it would be prudent for a further two further scans considering the infection(s) we have been dealing with. Tedious maybe but look at is as myself ensuring the machines overall integrity...

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go(click) here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log-file first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#36
recsite

recsite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marissa :: MARISSA-PC [administrator]

Protection: Enabled

8/26/2012 8:25:04 PM
mbam-log-2012-08-26 (20-25-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205793
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-27 02:15:44
# local_time=2012-08-26 10:15:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 71 0 96604761 0 0
# compatibility_mode=5893 16776574 66 85 34578960 97572115 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=246356
# found=13
# cleaned=0
# scan_time=5078
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Marissa\AppData\Local\Dell\Conduit\wofnazais.dll.vir a variant of Win32/Kryptik.AKVH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.08.2012_10.22.58\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Marissa\AppData\Local\Google\Chrome\User Data\Default\Default\aaocplihcifilofagfjcidnobodokahh\background.html Win32/BHO.OEI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\d8mmjjj8.default\extensions\[email protected] JS/Redirector.NCA trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#37
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Regarding the results of the online scan, some of the detections are those have been quarantined prior and will be fully removed once we clean up all tools used during the malware removal process. A few others are what as known as false positive detections and some we will deal with via one more scan to err on the side of caution...

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate download is here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.

New Adobe Reader Installation:

  • Go(click) here and click on AdbeRdr1014_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X(Right click and Run as administrator in with Windows 7).
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button
New Java Installation:

Note:- This is for the 32 bit version of Internet Explorer only.

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u6. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7u6 License Agreement box.
  • Click on jre-7u6-windows-i586.exe link next to Windows x86 Offline to download it and save this to your desktop.
  • Right-click on on jre-7u6-windows-i586.exe and select Run as Administrator to install Java.
If you also use the Internet Explorer (64-bit) browser with Windows 7 and want Java installed you will require a separate 64 bit installation as follows:-

New 64 bit Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u6. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7u6 License Agreement box.
  • Click on jre-7u6-windows-x64.exe link next to Windows x64 to download it and save this and save this to your desktop.
  • Right-click on jre-7u6-windows-x64.exe and select Run as Administrator to install Java.
Next:

Let myself know when completed the above. Post the AdwCleaner log and if any further issues remaining. If not we will clean up all tools used during the Malware Removal process and I will provide some advice about online safety etc.
  • 0

#38
recsite

recsite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
# AdwCleaner v1.801 - Logfile created 08/27/2012 at 08:00:00
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Marissa - MARISSA-PC
# Boot Mode : Normal
# Running from : C:\Users\Marissa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Marissa\AppData\Local\Conduit
Folder Deleted : C:\Users\Marissa\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marissa\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Marissa\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\d8mmjjj8.default\ConduitCommon
Folder Deleted : C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\d8mmjjj8.default\CT2786678
Folder Deleted : C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\d8mmjjj8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\uTorrentBar

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentBar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1CFD665-5CC8-4B2C-9E4E-DE44E4E3DF81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF225722-982D-438C-83F9-CBDD780948A4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Marissa\AppData\Roaming\Mozilla\Firefox\Profiles\d8mmjjj8.default\prefs.js

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "3-12-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu Dec 01 2011 18:53:41 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Dec 02 2011 21:01:09 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Dec 02 2011 20:47:38 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Dec 02 2011 20:47:09 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Dec 02 2011 20:47:08 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Dec 02 2011 20:47:08 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Dec 02 2011 20:47:09 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Dec 02 2011 20:47:09 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Dec 02 2011 20:47:08 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Dec 02 2011 20:47:38 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Dec 02 2011 20:47:09 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Dec 02 2011 20:47:09 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Dec 02 2011 20:47:08 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "3-8-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Tue Aug 02 2011 20:56:29 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Dec 02 2011 18:53:41 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Thu Aug 25 2011 00:52:26 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Sun Oct 02 2011 22:50:17 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Mon Nov 14 2011 22:58:05 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Fri Dec 02 2011 19:47:08 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Dec 02 2011 18:53:35 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Dec 02 2011 18:53:41 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Dec 02 2011 15:47:07 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Wed Nov 23 2011 19:25:17 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN60991176744605526");
Deleted : user_pref("CT2786678.ValidationData_Search", 0);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Dec 02 2011 20:56:09 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204F637420303220323031312031383A34353A34392[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E6F6365616E636F756E74796D617[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333137353935353536353530");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Fri Dec 02 2011 19:47:08 GMT-0500 (Eastern [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Dec 02 2011 18:53:41 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Dec 01 2011 18:53:41 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://facebook.conduit-services.com/Settings.ashx?locale=en&browse[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://newtab.conduit-hosting.com/newtab/?ctid=CT2786678", "\"6901b[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Marissa\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Dec 02 2011 18:53:35 GMT-0500 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "014c80d9-ebcf-4a3a-a106-21ce70006a4d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 01 2011 18:53:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 02 2011 15:47:16 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 02 2011 15:47:08 GMT-0500 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "9fd5e7f4-87fe-486a-a693-77249f73b804");

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Marissa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [17072 octets] - [27/08/2012 08:00:00]

########## EOF - C:\AdwCleaner[S1].txt - [17201 octets] ##########


The only thing I noticed (last night) was that when in IE, sometimes when clicking on a link, the page loads and is redirected to the Google page. But...when I right click on the link and say open in a new window, the window opens to the correct page. Just so you know, last night I had already reloaded adobe reader. everything else seems to have quieted down.
  • 0

#39
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

The only thing I noticed (last night) was that when in IE, sometimes when clicking on a link, the page loads and is redirected to the Google page. But...when I right click on the link and say open in a new window, the window opens to the correct page.

That does not sound actually malicious per-say, if such does occur again in the future you could download and run the MS FixIT for IE.

Note: Any add-ons will require to be re-applied after using the aforementioned FixIt.

Just so you know, last night I had already reloaded adobe reader. everything else seems to have quieted down.

OK and fair play.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...(or launch the Run Box via depressing both the Windows key and R together).
  • Now type in ComboFix /Uninstall into the Run Box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Next click Start(Windows 7 Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Norton 360 automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

I advise you consider installing this. Further information and a download link can be read here.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Update Mozilla Firefox:

The latest version is 14.0.1

To update, launch the browser >> Help >> About Firefox >> Check for Updates, then download and install. Restart the browser when prompted.

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Consider Installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via visiting the Secunia Online Software Inspector periodically.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#40
recsite

recsite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thank you so much for your patience and time. I Downloaded ERUNT and it will become a regular part of this computers maintenance. One last question before I let you go. Can you explain the proceedure needed to perform a complete system backup to removeable media using Windows 7? (or do you recommend another program such as Norton Ghost or Acronis backup & recovery)?
  • 0

Advertisements


#41
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Thank you so much for your patience and time.

You're most welcome!

Can you explain the proceedure needed to perform a complete system backup to removeable media using Windows 7? (or do you recommend another program such as Norton Ghost or Acronis backup & recovery)?

The two applications you mentioned far as I am aware are reliable but never actually used either myself.

This may be of intrest/use also:-

How to Backup and Restore your hard drive with DriveImage XML

With regard to inbuilt Windows 7...

Backup and Restore and How To Use Backup and Restore in Windows 7
  • 0

#42
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP