Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Home Desktop - Firefox - Server Not Found - Virus? [Closed]

Started by Daniel Christmas Lee , Mar 29 2012 12:19 AM

  • Please log in to reply

#61
Daniel Christmas Lee
Posted 25 June 2012 - 09:34 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
For some reason ComboFix left my mind! But here's the log! I will report back on how my computer is running shortly. Thanks Godawgs!

ComboFix 12-06-25.03 - DLee 06/25/2012 8:25.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3063.2191 [GMT -7:00]
Running from: c:\users\DLee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christmas\AppData\Local\{91A6E3BF-3359-4417-9BDC-91192FD099B2}
c:\users\Christmas\AppData\Local\{91A6E3BF-3359-4417-9BDC-91192FD099B2}\chrome\content\overlay.xul
c:\users\Christmas\AppData\Local\{91A6E3BF-3359-4417-9BDC-91192FD099B2}\install.rdf
c:\users\Christmas\g2mdlhlpx.exe
c:\users\Christmas\GoToAssistDownloadHelper.exe
c:\users\DLee\AppData\Local\assembly\tmp
c:\users\DLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\DLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\DLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\DLee\Desktop\ElephantDrive-4.9.4-32bit.exe.txt
c:\users\DLee\Desktop\mozy.txt
c:\users\DLee\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 15:29 . 2012-06-25 15:30 -------- d-----w- c:\users\DLee\AppData\Local\temp
2012-06-25 15:29 . 2012-06-25 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 15:29 . 2012-06-25 15:29 -------- d-----w- c:\users\Christmas\AppData\Local\temp
2012-06-25 15:25 . 2012-06-25 15:25 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\MpKsl8f094e7e.sys
2012-06-25 15:22 . 2012-06-25 15:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\MpKsl824aa630.sys
2012-06-25 15:21 . 2012-06-25 15:23 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\offreg.dll
2012-06-24 16:04 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\mpengine.dll
2012-06-24 09:06 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-22 22:05 . 2012-06-22 22:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-21 06:01 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 06:01 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 06:01 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 06:01 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 06:00 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 06:00 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 06:00 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 06:00 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 06:00 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 20:01 . 2012-06-18 20:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-14 15:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 15:32 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:32 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 15:32 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 15:32 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 15:32 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 15:32 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 15:32 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 15:32 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 15:32 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 15:32 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 15:27 . 2012-06-13 15:27 -------- d-----w- c:\users\DLee\AppData\Local\Macromedia
2012-06-12 15:06 . 2012-04-23 16:34 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 15:06 . 2012-04-23 16:34 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67CD46DC-D76E-4CCC-879A-B324BA106F99}\gapaengine.dll
2012-06-07 21:39 . 2012-06-07 21:39 -------- d-----w- c:\users\DLee\dwhelper
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-05 20:10 . 2012-06-05 20:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-06-05 20:08 . 2012-06-05 20:08 -------- d-----w- c:\program files\Common Files\Java
2012-06-05 20:07 . 2012-06-05 20:07 -------- d-----w- c:\program files\Oracle
2012-06-05 20:07 . 2012-04-05 01:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-05 17:44 . 2012-06-05 17:44 -------- d-----w- c:\users\DLee\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 20:36 . 2012-03-29 16:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 20:36 . 2011-06-03 23:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-05 01:47 . 2011-07-18 18:36 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2012-04-16 16:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-11 19:48 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 19:47 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 19:48 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-18 20:01 . 2012-06-05 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01ElephantIconOverlay]
@="{AFA39CBB-DF66-47f9-A047-47ED25FE655E}"
[HKEY_CLASSES_ROOT\CLSID\{AFA39CBB-DF66-47f9-A047-47ED25FE655E}]
2011-12-28 22:48 449536 ----a-w- c:\program files\ElephantDrive\ElephantDrive\IconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02ElephantIconOverlay]
@="{1E519A85-494E-4706-AC87-1CC8BB9CC5DA}"
[HKEY_CLASSES_ROOT\CLSID\{1E519A85-494E-4706-AC87-1CC8BB9CC5DA}]
2011-12-28 22:48 449536 ----a-w- c:\program files\ElephantDrive\ElephantDrive\IconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03ElephantIconOverlay]
@="{0E2DD711-458A-4b39-8211-3F5FDAA0539E}"
[HKEY_CLASSES_ROOT\CLSID\{0E2DD711-458A-4b39-8211-3F5FDAA0539E}]
2011-12-28 22:48 449536 ----a-w- c:\program files\ElephantDrive\ElephantDrive\IconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04ElephantIconOverlay]
@="{2E28D71B-2733-46CD-B61B-49926AC3FD6F}"
[HKEY_CLASSES_ROOT\CLSID\{2E28D71B-2733-46CD-B61B-49926AC3FD6F}]
2011-12-28 22:48 449536 ----a-w- c:\program files\ElephantDrive\ElephantDrive\IconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Shortcut to ElephantDesktop.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to ElephantDesktop.exe.lnk
backup=c:\windows\pss\Shortcut to ElephantDesktop.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Shortcut to ElephantDrive.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to ElephantDrive.exe.lnk
backup=c:\windows\pss\Shortcut to ElephantDrive.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^DLee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\DLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 11:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-03 18:44 136176 ----atw- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
2011-06-14 16:04 39816 ----a-w- c:\program files\Citrix\GoToMeeting\723\g2mstart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-17 00:20 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 ElephantDrive-MappedDrive.exe;ElephantDrive-MappedDrive;c:\program files\ElephantDrive\ElephantDrive\ElephantDrive-MappedDrive.exe [2012-02-14 125096]
R3 ElephantDrive-Service.exe;ElephantDrive-Service;c:\program files\ElephantDrive\ElephantDrive\ElephantDrive-Service.exe [2012-02-14 125096]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 214952]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-03 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-03 232512]
S1 MpKsl824aa630;MpKsl824aa630;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\MpKsl824aa630.sys [2012-06-25 29904]
S1 MpKsl8f094e7e;MpKsl8f094e7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\MpKsl8f094e7e.sys [2012-06-25 29904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-04-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-04-30 12184]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2010-02-12 844064]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL824AA630
*NewlyCreated* - MPKSL8F094E7E
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:36]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 16:34]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 16:34]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568101592-3335626919-1504947496-1000Core.job
- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:44]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568101592-3335626919-1504947496-1000UA.job
- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 18:44]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\56qmzw2d.Daniel\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-25 08:32:13
ComboFix-quarantined-files.txt 2012-06-25 15:32
.
Pre-Run: 195,728,523,264 bytes free
Post-Run: 195,722,993,664 bytes free
.
- - End Of File - - 37507C5A1F111960476C5A00D7215357
  • 0

Advertisements

#62
Daniel Christmas Lee
Posted 25 June 2012 - 01:19 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Mid day update on computer performance at work...

Unfortunately, ComboFix did not cure my problem.

Recent incident: Tried to "attach" images to a redmine support ticket via clicking browse then selecting file. But upon clicking "submit" attachments fail to upload, and connection is lost, must restart browser.

Note: I am using Firefox.

Problem has not occurred with Chrome or Safari which I use simultaneously as a part of my job.

Also note: This, "attaching" something via Firefox is the main problem that leads to a loss of browser connection. However, I've loss connection by downloading attachments. And I occasionally would lose connection in Chrome when trying to do the same, attaching/uploading/downloading, but in Chrome, this problem is fixed usually by refreshing the page. With FF, I have to restart the whole browser. Safari exhibits behavior like Chrome. Firefox is problematic because I use the browser for email (gmail).
  • 0

#63
godawgs
Posted 25 June 2012 - 06:52 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Daniel,

Is there anybody else there having these same problems with FF?

ComboFix removed some more malware files. Now I need to get you to do the MalwareBytes and ESET scans that I asked for in Steps 2 and 3 of post 43

We use these to look for any malware remnants. Especially the online scans as they use more scan engines.



Things For Your Next Post:
1. The MalwareBytes log
2. The ESET scan log.
  • 0

#64
Daniel Christmas Lee
Posted 25 June 2012 - 07:12 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
... yeah this is getting ridiculous. I dont know any one who has this problem but me.

I am at home right now, but will do the scans tomorrow evening.

Thanks again Godawgs, thanks for sticking with me this long... I hope we fix this problem!
  • 0

#65
Daniel Christmas Lee
Posted 26 June 2012 - 10:13 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Just wanted to update that... and this might not happen 100% of the time... but uploading an image in Chrome caused FF to lose connection.
  • 0

#66
Daniel Christmas Lee
Posted 26 June 2012 - 11:59 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Just another update, Safari is affecting FF too. I notice this doesn't happen 100% for either Chrome or Safari. Reminder, uploading files through Chrome or Safari causes Firefox to lose connection about half the time.
  • 0

#67
godawgs
Posted 26 June 2012 - 01:20 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. Please get me the MBAM and ESET scans as soon as you can.
  • 0

#68
Daniel Christmas Lee
Posted 27 June 2012 - 09:20 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Here's the MBAM! Do I still need to do the ESET? I basically run the scan after work, and then come back in the morning and post. The ESET scan takes forever.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DLee :: DOLICA [administrator]

6/26/2012 3:35:28 PM
mbam-log-2012-06-26 (15-35-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393087
Time elapsed: 56 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#69
Daniel Christmas Lee
Posted 27 June 2012 - 09:23 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
I did manage to run the ESET the first time you requested it, but I never posted the results.

Here they are:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d68036117144e447988a13975efc5fc5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-23 01:23:29
# local_time=2012-06-22 06:23:29 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 18719688 91951747 0 0
# compatibility_mode=8192 67108863 100 0 5724009 5724009 0 0
# scanned=196296
# found=0
# cleaned=0
# scan_time=7653
  • 0

#70
godawgs
Posted 27 June 2012 - 09:45 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Please run a fresh MalwareBytes and ESET scan. Because the TDSS File System got back on the computer, it may have brought some misc. malware files that MalwareBytes and ESET will look for.

They may come back clean, but I'd rather be safe than sorry.
If they are clean we can look for other causes for the file attachment problems in FF.
  • 0

Advertisements

#71
Daniel Christmas Lee
Posted 27 June 2012 - 09:58 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
The MBAM I posted earlier was fresh. Here it is again.
I will run ESET this evening, and it will be available tomorrow morning.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DLee :: DOLICA [administrator]

6/26/2012 3:35:28 PM
mbam-log-2012-06-26 (15-35-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393087
Time elapsed: 56 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Daniel Christmas Lee, 27 June 2012 - 09:58 AM.

  • 0

#72
Daniel Christmas Lee
Posted 28 June 2012 - 09:16 AM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Here's the most reset ESET Scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d68036117144e447988a13975efc5fc5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-23 01:23:29
# local_time=2012-06-22 06:23:29 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 18719688 91951747 0 0
# compatibility_mode=8192 67108863 100 0 5724009 5724009 0 0
# scanned=196296
# found=0
# cleaned=0
# scan_time=7653
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d68036117144e447988a13975efc5fc5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-28 01:02:55
# local_time=2012-06-27 06:02:55 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 19150316 92382375 0 0
# compatibility_mode=8192 67108863 100 0 6154637 6154637 0 0
# scanned=213879
# found=0
# cleaned=0
# scan_time=7791
  • 0

#73
godawgs
Posted 28 June 2012 - 01:59 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Daniel,

Well I don't see any signs of malware left.

Once you have restarted FF after the problem occurs, does it allow you to attach the file and upload it?

I haven't asked this before but what is the size of the files you are trying to attach? Gmail has a 25mb limit.

You stated in an earlier post that you got FF to work once by disabling MSSE before attaching the file to send. Can you try that again and see if it works the first time again?

I haven't seen an OTL log since you completely removed and reinstalled FF. Could you open OTL and click the Quick Scan button. After the scan is completed attach the Extras.txt log so I can get a fresh look at the addons.

Edited by godawgs, 28 June 2012 - 02:00 PM.

  • 0

#74
Daniel Christmas Lee
Posted 28 June 2012 - 05:07 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
... this is unfortunate. Maybe I need to format my HD and reinstall Windows? I hope that is not it...

Here's the OTL.

OTL logfile created on: 6/28/2012 4:01:26 PM - Run 6
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\DLee\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.65% Memory free
5.98 Gb Paging File | 3.75 Gb Available in Paging File | 62.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.31 Gb Total Space | 180.70 Gb Free Space | 60.78% Space Free | Partition Type: NTFS

Computer Name: DOLICA | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/23 13:36:11 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/18 13:01:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/12 13:15:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/22 14:14:12 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/20 21:28:54 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2011/05/26 02:11:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 13:36:11 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/18 13:01:05 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/04/04 18:47:24 | 000,015,760 | ---- | M] () -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 13:36:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/18 13:01:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/14 03:43:50 | 000,125,096 | ---- | M] (ElephantDrive) [On_Demand | Stopped] -- C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-MappedDrive.exe -- (ElephantDrive-MappedDrive.exe)
SRV - [2012/02/14 03:43:36 | 000,125,096 | ---- | M] (ElephantDrive) [On_Demand | Stopped] -- C:\Program Files\ElephantDrive\ElephantDrive\ElephantDrive-Service.exe -- (ElephantDrive-Service.exe)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/17 00:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/03 12:48:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E899CC8F-BA48-4CBF-B61B-6C16B0CA9FEE}\MpKsl824aa630.sys -- (MpKsl824aa630)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DLee\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa8ww0fx)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/03 16:39:56 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/03 16:17:46 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/30 05:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 05:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 05:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 05:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/02/12 09:42:42 | 000,844,064 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/21 13:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 13:01:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/05 10:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2012/06/21 12:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\56qmzw2d.Daniel\extensions
[2012/06/05 11:04:50 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\56qmzw2d.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2012/06/05 11:04:50 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\56qmzw2d.Daniel\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2012/06/07 14:38:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\56qmzw2d.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/05 10:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/18 13:01:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 08:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 08:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/06/25 08:29:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFE3109-674F-420F-AF17-373785DBD5EF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 15:46:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\DLee\Desktop\esetsmartinstaller_enu(2).exe
[2012/06/25 08:32:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/25 08:32:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/25 08:32:14 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Local\temp
[2012/06/25 08:22:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 08:22:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 08:20:38 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\DLee\Desktop\ComboFix.exe
[2012/06/22 15:05:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/22 13:31:30 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DLee\Desktop\tdsskiller.exe
[2012/06/22 09:12:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/06/18 13:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/13 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Local\Macromedia
[2012/06/12 13:15:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/06/07 14:39:27 | 000,000,000 | ---D | C] -- C:\Users\DLee\dwhelper
[2012/06/05 13:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/05 13:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/05 10:44:17 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Mozilla
[2012/06/05 10:44:17 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Local\Mozilla
[2012/06/05 10:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/06/28 15:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 15:25:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3568101592-3335626919-1504947496-1000UA.job
[2012/06/28 15:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 14:30:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 14:25:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3568101592-3335626919-1504947496-1000Core.job
[2012/06/28 10:41:27 | 000,060,304 | ---- | M] () -- C:\Users\DLee\g2mdlhlpx.exe
[2012/06/28 08:27:03 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 08:27:03 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 08:24:06 | 000,707,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/28 08:24:06 | 000,138,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/28 08:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 08:19:30 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 15:46:34 | 002,322,184 | ---- | M] (ESET) -- C:\Users\DLee\Desktop\esetsmartinstaller_enu(2).exe
[2012/06/27 13:00:38 | 000,001,456 | ---- | M] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/06/25 14:59:01 | 002,496,699 | ---- | M] () -- C:\Users\DLee\Desktop\Deep End Travelocity Guarantee Commercial.flv
[2012/06/25 08:29:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/25 08:20:43 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\DLee\Desktop\ComboFix.exe
[2012/06/22 13:31:33 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DLee\Desktop\tdsskiller.exe
[2012/06/22 10:25:55 | 002,821,398 | ---- | M] () -- C:\Users\DLee\Desktop\Snowy Walk Travelocity Commercial.flv
[2012/06/22 10:25:44 | 002,312,175 | ---- | M] () -- C:\Users\DLee\Desktop\Nooo Travelocity Commercial.flv
[2012/06/22 10:25:33 | 003,688,764 | ---- | M] () -- C:\Users\DLee\Desktop\New_ Travelocity commercial_ Dune Buggy _30.flv
[2012/06/22 10:22:16 | 001,258,679 | ---- | M] () -- C:\Users\DLee\Desktop\NEW_ Spring into Summer.flv
[2012/06/22 09:36:58 | 000,000,512 | ---- | M] () -- C:\Users\DLee\Desktop\MBR.dat
[2012/06/22 09:12:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/06/22 08:49:50 | 000,413,104 | ---- | M] () -- C:\Users\DLee\Desktop\6-22-2012 8-49-44 AM.jpg
[2012/06/22 08:49:23 | 000,195,462 | ---- | M] () -- C:\Users\DLee\Desktop\6-22-2012 8-48-36 AM.jpg
[2012/06/14 12:03:15 | 001,471,812 | ---- | M] () -- C:\Users\DLee\Desktop\bf36fa3306ba8222aba1f9814c2592a3.mp4
[2012/06/14 08:50:42 | 000,003,342 | ---- | M] () -- C:\Users\DLee\Desktop\logo.png
[2012/06/14 03:21:53 | 003,703,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 16:02:51 | 013,856,793 | ---- | M] () -- C:\Users\DLee\Desktop\Sears Exclusive -- Kenmore 4-Burner LP Gas Grill with Steame.flv
[2012/06/12 13:15:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/06/11 18:26:22 | 000,002,366 | ---- | M] () -- C:\Users\DLee\Desktop\Google Chrome.lnk
[2012/06/08 11:33:30 | 000,155,100 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/06/06 15:41:32 | 000,041,036 | ---- | M] () -- C:\Users\DLee\Desktop\TMPLogoTallSm.jpg
[2012/06/06 15:16:25 | 000,068,212 | ---- | M] () -- C:\Users\DLee\Desktop\313824_010_n.jpg
[2012/06/05 15:29:13 | 000,029,563 | ---- | M] () -- C:\Users\DLee\Desktop\10ideas.pdf
[2012/06/05 15:28:22 | 001,856,362 | ---- | M] () -- C:\Users\DLee\Desktop\wakeemup.pdf
[2012/06/05 10:44:10 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/05 10:27:40 | 000,327,410 | ---- | M] () -- C:\Users\DLee\6-5-2012 10-27-35 AM.jpg
[2012/06/05 10:27:03 | 000,365,560 | ---- | M] () -- C:\Users\DLee\6-5-2012 10-26-47 AM.jpg
[2012/06/05 10:25:19 | 002,065,960 | ---- | M] () -- C:\Users\DLee\bookmarks.html

========== Files Created - No Company Name ==========

[2012/06/28 10:41:27 | 000,060,304 | ---- | C] () -- C:\Users\DLee\g2mdlhlpx.exe
[2012/06/25 14:58:54 | 002,496,699 | ---- | C] () -- C:\Users\DLee\Desktop\Deep End Travelocity Guarantee Commercial.flv
[2012/06/25 08:22:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 08:22:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 08:22:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 08:22:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 08:22:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 10:25:52 | 002,821,398 | ---- | C] () -- C:\Users\DLee\Desktop\Snowy Walk Travelocity Commercial.flv
[2012/06/22 10:25:41 | 002,312,175 | ---- | C] () -- C:\Users\DLee\Desktop\Nooo Travelocity Commercial.flv
[2012/06/22 10:25:30 | 003,688,764 | ---- | C] () -- C:\Users\DLee\Desktop\New_ Travelocity commercial_ Dune Buggy _30.flv
[2012/06/22 10:22:10 | 001,258,679 | ---- | C] () -- C:\Users\DLee\Desktop\NEW_ Spring into Summer.flv
[2012/06/22 09:36:58 | 000,000,512 | ---- | C] () -- C:\Users\DLee\Desktop\MBR.dat
[2012/06/22 08:49:44 | 000,413,104 | ---- | C] () -- C:\Users\DLee\Desktop\6-22-2012 8-49-44 AM.jpg
[2012/06/22 08:48:36 | 000,195,462 | ---- | C] () -- C:\Users\DLee\Desktop\6-22-2012 8-48-36 AM.jpg
[2012/06/14 12:03:11 | 001,471,812 | ---- | C] () -- C:\Users\DLee\Desktop\bf36fa3306ba8222aba1f9814c2592a3.mp4
[2012/06/14 08:50:42 | 000,003,342 | ---- | C] () -- C:\Users\DLee\Desktop\logo.png
[2012/06/13 16:01:55 | 013,856,793 | ---- | C] () -- C:\Users\DLee\Desktop\Sears Exclusive -- Kenmore 4-Burner LP Gas Grill with Steame.flv
[2012/06/06 15:41:37 | 000,041,036 | ---- | C] () -- C:\Users\DLee\Desktop\TMPLogoTallSm.jpg
[2012/06/05 15:29:13 | 000,029,563 | ---- | C] () -- C:\Users\DLee\Desktop\10ideas.pdf
[2012/06/05 15:28:21 | 001,856,362 | ---- | C] () -- C:\Users\DLee\Desktop\wakeemup.pdf
[2012/06/05 10:44:10 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/05 10:44:10 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/05 10:27:35 | 000,327,410 | ---- | C] () -- C:\Users\DLee\6-5-2012 10-27-35 AM.jpg
[2012/06/05 10:26:47 | 000,365,560 | ---- | C] () -- C:\Users\DLee\6-5-2012 10-26-47 AM.jpg
[2012/06/05 10:25:19 | 002,065,960 | ---- | C] () -- C:\Users\DLee\bookmarks.html
[2012/02/22 16:48:56 | 000,007,631 | ---- | C] () -- C:\Users\DLee\AppData\Local\Resmon.ResmonCfg
[2011/11/02 11:58:36 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/09/07 16:50:41 | 000,155,100 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/08/29 13:35:38 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/03 12:46:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/03 11:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/25 22:37:08 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/02/09 21:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini

========== LOP Check ==========

[2011/08/02 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\.minecraft
[2011/06/30 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\CoreFTP
[2011/08/03 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\DAEMON Tools Lite
[2012/04/02 08:40:05 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Dropbox
[2012/03/21 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\ElephantDrive
[2011/08/12 09:29:50 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Leadertech
[2011/06/03 12:14:24 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Notepad++
[2012/03/15 09:44:01 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\OffiSync
[2011/11/14 11:20:41 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Opera
[2012/05/22 10:07:40 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\PrimoPDF
[2011/08/04 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\TP
[2012/05/22 12:55:35 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\uTorrent
[2012/02/16 13:02:29 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\webex
[2011/09/30 16:45:58 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Wizards of the Coast
[2012/06/11 07:55:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#75
Daniel Christmas Lee
Posted 28 June 2012 - 05:13 PM

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
The stuff I am attaching does not exceed any size limits. My day to day job involves attach documents, images to clients. Upload video to sites. Downloading files. Etc.

Could this be a network issue?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP