Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Firefox Keeps Redirecting

This is a discussion on Firefox Keeps Redirecting within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I've been having issues with Firefox redirecting to other websites. I don't seem to have the issue with IE. Can


Closed Thread
 
Thread Tools Search this Thread
Old 10-12-2011, 04:19 PM   #1
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



I've been having issues with Firefox redirecting to other websites. I don't seem to have the issue with IE. Can you please help?

I've ran DDS and tried to run GMER however when running GMER it kept crashing and getting the blue screen.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Reggie at 12:47:04 on 2011-10-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1051 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\jwpen.exe
C:\Windows\Jwpen.exe
C:\IDrive\IDriveE Service.exe
C:\IDrive\IDriveWebM.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Users\Reggie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Hanvon_soft\hwshell.exe
C:\Users\Reggie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\IDrive\IDriveETray.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\IDrive\IDriveEBackground.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.yahoo.com/
uSearch Bar =
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - c:\program files\somototoolbar\vmntemplateX.dll
TB: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SBC79.tmp" /EF "HKCU"
uRun: [EPSONDE420F] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S1005.tmp" /EF "HKCU"
uRun: [IDriveE Startup] "c:\idrive\IDrvieEStartup.exe" Hide
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [Google Update] "c:\users\reggie\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\reggie\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_Plugin.exe -update plugin
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [GuideMenu] c:\program files\corel\corel guidemenu\GuideMenu.exe -hide
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\reggie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\reggie\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\reggie\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idrive\IDriveEReg2ini.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hanvon~1.lnk - c:\hanvon_soft\hwshell.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{01DC172A-9F78-4223-9566-CE6F8EB1E463} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{942AC390-4223-4104-B65B-36C7A6D9686D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{942AC390-4223-4104-B65B-36C7A6D9686D}\F46756274627966756D2333383 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli psqlpwd
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\reggie\appdata\roaming\mozilla\firefox\profiles\y71zimrv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\reggie\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\reggie\appdata\roaming\mozilla\firefox\profiles\y71zimrv.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
.
---- FIREFOX POLICIES ----















FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-3-24 40560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-1 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-1 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-1 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-1 54616]
R2 HYRDBios;HYRDBios;c:\windows\system32\drivers\HYRDBios.sys [2010-3-13 5632]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-8-1 17984]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-2-14 36640]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 VHWDrawing;HanWang Drawing Tablet;c:\windows\system32\drivers\HWDrawing.sys [2010-1-21 6400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-2-14 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-8-11 77624]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-8 39272]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 57840]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;c:\windows\system32\drivers\libusb0.sys [2010-3-15 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-14 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-14 136680]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-8-11 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
.
=============== Created Last 30 ================
.
2011-10-12 09:20:04 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{411de469-3090-4832-9dc2-d9eb18f34954}\offreg.dll
2011-10-12 09:20:02 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{411de469-3090-4832-9dc2-d9eb18f34954}\mpengine.dll
2011-10-06 01:35:37 -------- d-----w- c:\users\reggie\appdata\local\Deluxe_Digital_Studios
2011-09-24 03:11:14 -------- d-----w- c:\program files\Siber Systems
2011-09-24 03:05:22 -------- d-----w- c:\program files\somototoolbar
2011-09-24 03:04:32 -------- d-----w- c:\program files\Vuze Trial FileBulldog Toolbar
2011-09-22 20:59:24 -------- d-----w- c:\users\reggie\appdata\roaming\MyPublisher
2011-09-22 20:59:24 -------- d-----w- c:\program files\MyPublisher
.
==================== Find3M ====================
.
2011-10-08 15:59:06 3116 ----a-w- c:\windows\HWTablet.bin
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 21:37:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:31:24 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-08-12 02:31:20 77624 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-08-01 12:27:40 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-08-01 12:27:21 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601 Disk: TOSHIBA_MK2035GSS rev.DK020M -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83446000]<< >>UNKNOWN [0x8C027000]<< >>UNKNOWN [0x84200000]<< >>UNKNOWN [0x83BD2000]<< >>UNKNOWN [0x8340F000]<< >>UNKNOWN [0x841B4000]<< >>UNKNOWN [0x83BF5000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8347D52A] -> \Device\Harddisk0\DR0[0x86FA5A00]
\Driver\Disk[0x86FA4D00] -> IRP_MJ_CREATE -> 0x8C02B39F
3 [0x8C02B59E] -> ntkrnlpa!IofCallDriver[0x8347D52A] -> \Device\Ide\IdeDeviceP2T0L0-4[0x86E40030]
\Driver\atapi[0x86E8C1D8] -> IRP_MJ_CREATE -> 0x83BEC8CC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
copy of MBR has been found in sector 62 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:50:46.74 ===============
Attached Files
File Type: zip Attach.zip (4.6 KB, 9 views)

__________________
Baldie559 is offline  
Old 10-13-2011, 08:08 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Did you edit your DDS.txt log? There is a gap in the Firefox Policies section.

------------------------------------------------------

I need to see a gmer log in order to help you.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • First, gmer will run a short, initial scan.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-13-2011, 08:29 PM   #3
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



No I did not edit the DDS.txt log. Just to be certain I ran the DDS scan again and result was the same thing. It was blank by the Firfox policy.

I ran the GMER and attached is the log.

Please let me know what the next steps are.
Attached Files
File Type: txt GMER.txt (158.2 KB, 12 views)
__________________
Baldie559 is offline  
Old 10-14-2011, 03:52 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello Baldie559.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-14-2011, 07:51 PM   #5
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



Here it the Combo.txt log:


ComboFix 11-10-14.04 - Reggie 10/14/2011 18:41:14.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1825 [GMT -7:00]
Running from: c:\users\Reggie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\trzDAF3.tmp
c:\programdata\trzDB0.tmp
c:\programdata\trzDB06.tmp
c:\programdata\trzDB0D.tmp
c:\programdata\trzDB0E.tmp
c:\programdata\trzDB0F.tmp
c:\programdata\trzDB1.tmp
c:\programdata\trzDB14.tmp
c:\programdata\trzDB15.tmp
c:\programdata\trzDB19.tmp
c:\programdata\trzDB1F.tmp
c:\programdata\trzDB21.tmp
c:\programdata\trzDB23.tmp
c:\programdata\trzDB25.tmp
c:\programdata\trzDB32.tmp
c:\programdata\trzDB3E.tmp
c:\programdata\trzDB3F.tmp
c:\programdata\trzDB47.tmp
c:\programdata\trzDB48.tmp
c:\programdata\trzDB55.tmp
c:\programdata\trzDB56.tmp
c:\programdata\trzDB5B.tmp
c:\programdata\trzDB5D.tmp
c:\programdata\trzDB68.tmp
c:\programdata\trzDB7.tmp
c:\programdata\trzDB9A.tmp
c:\programdata\trzDBAA.tmp
c:\programdata\trzDBAD.tmp
c:\programdata\trzDBB.tmp
c:\programdata\trzDBBE.tmp
c:\programdata\trzDBC0.tmp
c:\programdata\trzDBCB.tmp
c:\programdata\trzDBDB.tmp
c:\programdata\trzDBDC.tmp
c:\programdata\trzDBE0.tmp
c:\programdata\trzDBE1.tmp
c:\programdata\trzDBE2.tmp
c:\programdata\trzDBED.tmp
c:\programdata\trzDBF.tmp
c:\programdata\trzDBF5.tmp
c:\programdata\trzDBF8.tmp
c:\programdata\trzDC17.tmp
c:\programdata\trzDC1C.tmp
c:\programdata\trzDC1D.tmp
c:\programdata\trzDC38.tmp
c:\programdata\trzDC57.tmp
c:\programdata\trzDC64.tmp
c:\programdata\trzDC6A.tmp
c:\programdata\trzDC6E.tmp
c:\programdata\trzDC70.tmp
c:\programdata\trzDC76.tmp
c:\programdata\trzDC7C.tmp
c:\programdata\trzDC87.tmp
c:\programdata\trzDC88.tmp
c:\programdata\trzDC94.tmp
c:\programdata\trzDC97.tmp
c:\programdata\trzDCA1.tmp
c:\programdata\trzDCA9.tmp
c:\programdata\trzDCB.tmp
c:\programdata\trzDCCB.tmp
c:\programdata\trzDCD4.tmp
c:\programdata\trzDCD8.tmp
c:\programdata\trzDCE3.tmp
c:\programdata\trzDCE4.tmp
c:\programdata\trzDCF9.tmp
c:\programdata\trzDD02.tmp
c:\programdata\trzDD03.tmp
c:\programdata\trzDD04.tmp
c:\programdata\trzDD08.tmp
c:\programdata\trzDD0C.tmp
c:\programdata\trzDD1B.tmp
c:\programdata\trzDD22.tmp
c:\programdata\trzDD23.tmp
c:\programdata\trzDD2C.tmp
c:\programdata\trzDD30.tmp
c:\programdata\trzDD31.tmp
c:\programdata\trzDD38.tmp
c:\programdata\trzDD44.tmp
c:\programdata\trzDD48.tmp
c:\programdata\trzDD63.tmp
c:\programdata\trzDD6B.tmp
c:\programdata\trzDD6C.tmp
c:\programdata\trzDD7D.tmp
c:\programdata\trzDD7E.tmp
c:\programdata\trzDD8.tmp
c:\programdata\trzDD82.tmp
c:\programdata\trzDD89.tmp
c:\programdata\trzDD8C.tmp
c:\programdata\trzDD91.tmp
c:\programdata\trzDDA4.tmp
c:\programdata\trzDDB3.tmp
c:\programdata\trzDDB7.tmp
c:\programdata\trzDDC0.tmp
c:\programdata\trzDDC9.tmp
c:\programdata\trzDDCE.tmp
c:\programdata\trzDDCF.tmp
c:\programdata\trzDDD5.tmp
c:\programdata\trzDDEE.tmp
c:\programdata\trzDDF3.tmp
c:\programdata\trzDDF5.tmp
c:\programdata\trzDDFE.tmp
c:\programdata\trzDDFF.tmp
c:\programdata\trzDE0.tmp
c:\programdata\trzDE04.tmp
c:\programdata\trzDE06.tmp
c:\programdata\trzDE0B.tmp
c:\programdata\trzDE10.tmp
c:\programdata\trzDE2A.tmp
c:\programdata\trzDE2F.tmp
c:\programdata\trzDE46.tmp
c:\programdata\trzDE48.tmp
c:\programdata\trzDE49.tmp
c:\programdata\trzDE6.tmp
c:\programdata\trzDE63.tmp
c:\programdata\trzDE64.tmp
c:\programdata\trzDE6B.tmp
c:\programdata\trzDE6E.tmp
c:\programdata\trzDE7.tmp
c:\programdata\trzDE79.tmp
c:\programdata\trzDE7B.tmp
c:\programdata\trzDE8B.tmp
c:\programdata\trzDE8F.tmp
c:\programdata\trzDE9.tmp
c:\programdata\trzDE92.tmp
c:\programdata\trzDE9B.tmp
c:\programdata\trzDE9C.tmp
c:\programdata\trzDE9E.tmp
c:\programdata\trzDEA4.tmp
c:\programdata\trzDEAA.tmp
c:\programdata\trzDEB0.tmp
c:\programdata\trzDEB2.tmp
c:\programdata\trzDEB9.tmp
c:\programdata\trzDEBC.tmp
c:\programdata\trzDEC0.tmp
c:\programdata\trzDECA.tmp
c:\programdata\trzDED2.tmp
c:\programdata\trzDEE7.tmp
c:\programdata\trzDEEB.tmp
c:\programdata\trzDF08.tmp
c:\programdata\trzDF0E.tmp
c:\programdata\trzDF2.tmp
c:\programdata\trzDF22.tmp
c:\programdata\trzDF24.tmp
c:\programdata\trzDF25.tmp
c:\programdata\trzDF28.tmp
c:\programdata\trzDF3.tmp
c:\programdata\trzDF34.tmp
c:\programdata\trzDF42.tmp
c:\programdata\trzDF4B.tmp
c:\programdata\trzDF4E.tmp
c:\programdata\trzDF63.tmp
c:\programdata\trzDF66.tmp
c:\programdata\trzDF67.tmp
c:\programdata\trzDF68.tmp
c:\programdata\trzDF6D.tmp
c:\programdata\trzDF72.tmp
c:\programdata\trzDF7D.tmp
c:\programdata\trzDF85.tmp
c:\programdata\trzDF89.tmp
c:\programdata\trzDF8B.tmp
c:\programdata\trzDF95.tmp
c:\programdata\trzDF97.tmp
c:\programdata\trzDF9C.tmp
c:\programdata\trzDF9D.tmp
c:\programdata\trzDFA6.tmp
c:\programdata\trzDFC.tmp
c:\programdata\trzDFC4.tmp
c:\programdata\trzDFCD.tmp
c:\programdata\trzDFDD.tmp
c:\programdata\trzDFE1.tmp
c:\programdata\trzDFE3.tmp
c:\programdata\trzDFF1.tmp
c:\programdata\trzDFF4.tmp
c:\programdata\trzDFFF.tmp
c:\programdata\trzE001.tmp
c:\programdata\trzE009.tmp
c:\programdata\trzE01E.tmp
c:\programdata\trzE028.tmp
c:\programdata\trzE029.tmp
c:\programdata\trzE04.tmp
c:\programdata\trzE041.tmp
c:\programdata\trzE042.tmp
c:\programdata\trzE048.tmp
c:\programdata\trzE049.tmp
c:\programdata\trzE051.tmp
c:\programdata\trzE052.tmp
c:\programdata\trzE053.tmp
c:\programdata\trzE054.tmp
c:\programdata\trzE067.tmp
c:\programdata\trzE068.tmp
c:\programdata\trzE06D.tmp
c:\programdata\trzE06F.tmp
c:\programdata\trzE072.tmp
c:\programdata\trzE091.tmp
c:\programdata\trzE092.tmp
c:\programdata\trzE09C.tmp
c:\programdata\trzE09E.tmp
c:\programdata\trzE0A8.tmp
c:\programdata\trzE0AC.tmp
c:\programdata\trzE0BB.tmp
c:\programdata\trzE0BC.tmp
c:\programdata\trzE0BF.tmp
c:\programdata\trzE0C.tmp
c:\programdata\trzE0C7.tmp
c:\programdata\trzE0CA.tmp
c:\programdata\trzE0DC.tmp
c:\programdata\trzE0DE.tmp
c:\programdata\trzE0E9.tmp
c:\programdata\trzE100.tmp
c:\programdata\trzE104.tmp
c:\programdata\trzE10D.tmp
c:\programdata\trzE113.tmp
c:\programdata\trzE114.tmp
c:\programdata\trzE11C.tmp
c:\programdata\trzE11D.tmp
c:\programdata\trzE124.tmp
c:\programdata\trzE139.tmp
c:\programdata\trzE143.tmp
c:\programdata\trzE144.tmp
c:\programdata\trzE14B.tmp
c:\programdata\trzE14D.tmp
c:\programdata\trzE154.tmp
c:\programdata\trzE159.tmp
c:\programdata\trzE15C.tmp
c:\programdata\trzE17.tmp
c:\programdata\trzE17C.tmp
c:\programdata\trzE17D.tmp
c:\programdata\trzE187.tmp
c:\programdata\trzE189.tmp
c:\programdata\trzE196.tmp
c:\programdata\trzE1AA.tmp
c:\programdata\trzE1B9.tmp
c:\programdata\trzE1BC.tmp
c:\programdata\trzE1C1.tmp
c:\programdata\trzE1C5.tmp
c:\programdata\trzE1D0.tmp
c:\programdata\trzE1DF.tmp
c:\programdata\trzE1E1.tmp
c:\programdata\trzE1E6.tmp
c:\programdata\trzE1E9.tmp
c:\programdata\trzE1EA.tmp
c:\programdata\trzE1EF.tmp
c:\programdata\trzE1F4.tmp
c:\programdata\trzE209.tmp
c:\programdata\trzE214.tmp
c:\programdata\trzE22E.tmp
c:\programdata\trzE232.tmp
c:\programdata\trzE23F.tmp
c:\programdata\trzE244.tmp
c:\programdata\trzE248.tmp
c:\programdata\trzE24C.tmp
c:\programdata\trzE252.tmp
c:\programdata\trzE256.tmp
c:\programdata\trzE26.tmp
c:\programdata\trzE266.tmp
c:\programdata\trzE268.tmp
c:\programdata\trzE283.tmp
c:\programdata\trzE288.tmp
c:\programdata\trzE293.tmp
c:\programdata\trzE296.tmp
c:\programdata\trzE29C.tmp
c:\programdata\trzE29D.tmp
c:\programdata\trzE2A4.tmp
c:\programdata\trzE2B0.tmp
c:\programdata\trzE2B2.tmp
c:\programdata\trzE2B3.tmp
c:\programdata\trzE2BA.tmp
c:\programdata\trzE2BB.tmp
c:\programdata\trzE2C0.tmp
c:\programdata\trzE2C1.tmp
c:\programdata\trzE2C5.tmp
c:\programdata\trzE2E9.tmp
c:\programdata\trzE2FD.tmp
c:\programdata\trzE304.tmp
c:\programdata\trzE30A.tmp
c:\programdata\trzE320.tmp
c:\programdata\trzE321.tmp
c:\programdata\trzE323.tmp
c:\programdata\trzE32A.tmp
c:\programdata\trzE332.tmp
c:\programdata\trzE333.tmp
c:\programdata\trzE338.tmp
c:\programdata\trzE340.tmp
c:\programdata\trzE344.tmp
c:\programdata\trzE348.tmp
c:\programdata\trzE34E.tmp
c:\programdata\trzE35.tmp
c:\programdata\trzE353.tmp
c:\programdata\trzE36.tmp
c:\programdata\trzE360.tmp
c:\programdata\trzE367.tmp
c:\programdata\trzE369.tmp
c:\programdata\trzE36F.tmp
c:\programdata\trzE37E.tmp
c:\programdata\trzE381.tmp
c:\programdata\trzE3AA.tmp
c:\programdata\trzE3BB.tmp
c:\programdata\trzE3BE.tmp
c:\programdata\trzE3BF.tmp
c:\programdata\trzE3C0.tmp
c:\programdata\trzE3C5.tmp
c:\programdata\trzE3CF.tmp
c:\programdata\trzE3E5.tmp
c:\programdata\trzE3E8.tmp
c:\programdata\trzE3EA.tmp
c:\programdata\trzE3EC.tmp
c:\programdata\trzE404.tmp
c:\programdata\trzE41A.tmp
c:\programdata\trzE41D.tmp
c:\programdata\trzE41F.tmp
c:\programdata\trzE42.tmp
c:\programdata\trzE423.tmp
c:\programdata\trzE42A.tmp
c:\programdata\trzE442.tmp
c:\programdata\trzE444.tmp
c:\programdata\trzE467.tmp
c:\programdata\trzE47.tmp
c:\programdata\trzE473.tmp
c:\programdata\trzE479.tmp
c:\programdata\trzE485.tmp
c:\programdata\trzE489.tmp
c:\programdata\trzE49.tmp
c:\programdata\trzE491.tmp
c:\programdata\trzE499.tmp
c:\programdata\trzE49B.tmp
c:\programdata\trzE49C.tmp
c:\programdata\trzE4A0.tmp
c:\programdata\trzE4B4.tmp
c:\programdata\trzE4C7.tmp
c:\programdata\trzE4D5.tmp
c:\programdata\trzE4DE.tmp
c:\programdata\trzE4E.tmp
c:\programdata\trzE4E6.tmp
c:\programdata\trzE4F5.tmp
c:\programdata\trzE4FE.tmp
c:\programdata\trzE508.tmp
c:\programdata\trzE524.tmp
c:\programdata\trzE527.tmp
c:\programdata\trzE52A.tmp
c:\programdata\trzE536.tmp
c:\programdata\trzE537.tmp
c:\programdata\trzE542.tmp
c:\programdata\trzE545.tmp
c:\programdata\trzE552.tmp
c:\programdata\trzE554.tmp
c:\programdata\trzE55D.tmp
c:\programdata\trzE564.tmp
c:\programdata\trzE56D.tmp
c:\programdata\trzE576.tmp
c:\programdata\trzE57B.tmp
c:\programdata\trzE57C.tmp
c:\programdata\trzE57F.tmp
c:\programdata\trzE582.tmp
c:\programdata\trzE585.tmp
c:\programdata\trzE596.tmp
c:\programdata\trzE597.tmp
c:\programdata\trzE59F.tmp
c:\programdata\trzE5A.tmp
c:\programdata\trzE5BF.tmp
c:\programdata\trzE5C1.tmp
c:\programdata\trzE5D1.tmp
c:\programdata\trzE5D2.tmp
c:\programdata\trzE5E0.tmp
c:\programdata\trzE5EF.tmp
c:\programdata\trzE5F3.tmp
c:\programdata\trzE5F4.tmp
c:\programdata\trzE600.tmp
c:\programdata\trzE605.tmp
c:\programdata\trzE60E.tmp
c:\programdata\trzE612.tmp
c:\programdata\trzE61D.tmp
c:\programdata\trzE61F.tmp
c:\programdata\trzE621.tmp
c:\programdata\trzE622.tmp
c:\programdata\trzE630.tmp
c:\programdata\trzE648.tmp
c:\programdata\trzE64B.tmp
c:\programdata\trzE64C.tmp
c:\programdata\trzE64F.tmp
c:\programdata\trzE653.tmp
c:\programdata\trzE657.tmp
c:\programdata\trzE66.tmp
c:\programdata\trzE661.tmp
c:\programdata\trzE663.tmp
c:\programdata\trzE670.tmp
c:\programdata\trzE681.tmp
c:\programdata\trzE685.tmp
c:\programdata\trzE68D.tmp
c:\programdata\trzE699.tmp
c:\programdata\trzE69B.tmp
c:\programdata\trzE69D.tmp
c:\programdata\trzE69E.tmp
c:\programdata\trzE6A2.tmp
c:\programdata\trzE6A6.tmp
c:\programdata\trzE6AD.tmp
c:\programdata\trzE6BD.tmp
c:\programdata\trzE6C.tmp
c:\programdata\trzE6CA.tmp
c:\programdata\trzE6DD.tmp
c:\programdata\trzE6DE.tmp
c:\programdata\trzE6E8.tmp
c:\programdata\trzE6EB.tmp
c:\programdata\trzE6F5.tmp
c:\programdata\trzE6FC.tmp
c:\programdata\trzE6FE.tmp
c:\programdata\trzE6FF.tmp
c:\programdata\trzE708.tmp
c:\programdata\trzE70F.tmp
c:\programdata\trzE71B.tmp
c:\programdata\trzE71E.tmp
c:\programdata\trzE72.tmp
c:\programdata\trzE72C.tmp
c:\programdata\trzE757.tmp
c:\programdata\trzE758.tmp
c:\programdata\trzE768.tmp
c:\programdata\trzE769.tmp
c:\programdata\trzE76C.tmp
c:\programdata\trzE76E.tmp
c:\programdata\trzE778.tmp
c:\programdata\trzE784.tmp
c:\programdata\trzE793.tmp
c:\programdata\trzE795.tmp
c:\programdata\trzE797.tmp
c:\programdata\trzE798.tmp
c:\programdata\trzE7B.tmp
c:\programdata\trzE7B1.tmp
c:\programdata\trzE7B5.tmp
c:\programdata\trzE7BA.tmp
c:\programdata\trzE7BD.tmp
c:\programdata\trzE7BE.tmp
c:\programdata\trzE7C6.tmp
c:\programdata\trzE7C8.tmp
c:\programdata\trzE7E4.tmp
c:\programdata\trzE7E7.tmp
c:\programdata\trzE7FA.tmp
c:\programdata\trzE7FC.tmp
c:\programdata\trzE808.tmp
c:\programdata\trzE80B.tmp
c:\programdata\trzE81.tmp
c:\programdata\trzE812.tmp
c:\programdata\trzE825.tmp
c:\programdata\trzE82B.tmp
c:\programdata\trzE838.tmp
c:\programdata\trzE840.tmp
c:\programdata\trzE845.tmp
c:\programdata\trzE84E.tmp
c:\programdata\trzE85B.tmp
c:\programdata\trzE863.tmp
c:\programdata\trzE864.tmp
c:\programdata\trzE865.tmp
c:\programdata\trzE866.tmp
c:\programdata\trzE86A.tmp
c:\programdata\trzE86F.tmp
c:\programdata\trzE871.tmp
c:\programdata\trzE885.tmp
c:\programdata\trzE8B2.tmp
c:\programdata\trzE8B3.tmp
c:\programdata\trzE8B8.tmp
c:\programdata\trzE8C5.tmp
c:\programdata\trzE8C9.tmp
c:\programdata\trzE8D.tmp
c:\programdata\trzE8D0.tmp
c:\programdata\trzE8D1.tmp
c:\programdata\trzE8D2.tmp
c:\programdata\trzE8D6.tmp
c:\programdata\trzE8D7.tmp
c:\programdata\trzE8D8.tmp
c:\programdata\trzE8D9.tmp
c:\programdata\trzE8E3.tmp
c:\programdata\trzE8E4.tmp
c:\programdata\trzE8E6.tmp
c:\programdata\trzE8EE.tmp
c:\programdata\trzE8F3.tmp
c:\programdata\trzE8FB.tmp
c:\programdata\trzE900.tmp
c:\programdata\trzE91B.tmp
c:\programdata\trzE932.tmp
c:\programdata\trzE937.tmp
c:\programdata\trzE93E.tmp
c:\programdata\trzE94C.tmp
c:\programdata\trzE94F.tmp
c:\programdata\trzE950.tmp
c:\programdata\trzE95B.tmp
c:\programdata\trzE96.tmp
c:\programdata\trzE964.tmp
c:\programdata\trzE96A.tmp
c:\programdata\trzE97.tmp
c:\programdata\trzE976.tmp
c:\programdata\trzE98E.tmp
c:\programdata\trzE98F.tmp
c:\programdata\trzE990.tmp
c:\programdata\trzE99F.tmp
c:\programdata\trzE9A.tmp
c:\programdata\trzE9A8.tmp
c:\programdata\trzE9AC.tmp
c:\programdata\trzE9B0.tmp
c:\programdata\trzE9B1.tmp
c:\programdata\trzE9B2.tmp
c:\programdata\trzE9B3.tmp
c:\programdata\trzE9C2.tmp
c:\programdata\trzE9CC.tmp
c:\programdata\trzE9CD.tmp
c:\programdata\trzE9D7.tmp
c:\programdata\trzE9F0.tmp
c:\programdata\trzE9F2.tmp
c:\programdata\trzE9F8.tmp
c:\programdata\trzEA0D.tmp
c:\programdata\trzEA18.tmp
c:\programdata\trzEA1A.tmp
c:\programdata\trzEA1B.tmp
c:\programdata\trzEA27.tmp
c:\programdata\trzEA29.tmp
c:\programdata\trzEA3B.tmp
c:\programdata\trzEA3C.tmp
c:\programdata\trzEA40.tmp
c:\programdata\trzEA45.tmp
c:\programdata\trzEA50.tmp
c:\programdata\trzEA61.tmp
c:\programdata\trzEA67.tmp
c:\programdata\trzEA7.tmp
c:\programdata\trzEA71.tmp
c:\programdata\trzEA74.tmp
c:\programdata\trzEA7D.tmp
c:\programdata\trzEA87.tmp
c:\programdata\trzEA8A.tmp
c:\programdata\trzEA9D.tmp
c:\programdata\trzEAA7.tmp
c:\programdata\trzEAA8.tmp
c:\programdata\trzEABA.tmp
c:\programdata\trzEABC.tmp
c:\programdata\trzEAC3.tmp
c:\programdata\trzEAC4.tmp
c:\programdata\trzEAD4.tmp
c:\programdata\trzEAD5.tmp
c:\programdata\trzEAF6.tmp
c:\programdata\trzEAF8.tmp
c:\programdata\trzEB06.tmp
c:\programdata\trzEB07.tmp
c:\programdata\trzEB0B.tmp
c:\programdata\trzEB0C.tmp
c:\programdata\trzEB24.tmp
c:\programdata\trzEB2D.tmp
c:\programdata\trzEB33.tmp
c:\programdata\trzEB34.tmp
c:\programdata\trzEB3D.tmp
c:\programdata\trzEB5.tmp
c:\programdata\trzEB50.tmp
c:\programdata\trzEB52.tmp
c:\programdata\trzEB56.tmp
c:\programdata\trzEB59.tmp
c:\programdata\trzEB5F.tmp
c:\programdata\trzEB6B.tmp
c:\programdata\trzEB70.tmp
c:\programdata\trzEB73.tmp
c:\programdata\trzEB8.tmp
c:\programdata\trzEB86.tmp
c:\programdata\trzEB9.tmp
c:\programdata\trzEB97.tmp
c:\programdata\trzEB9B.tmp
c:\programdata\trzEBA0.tmp
c:\programdata\trzEBA5.tmp
c:\programdata\trzEBCA.tmp
c:\programdata\trzEBCF.tmp
c:\programdata\trzEBE1.tmp
c:\programdata\trzEBE2.tmp
c:\programdata\trzEBEA.tmp
c:\programdata\trzEBF1.tmp
c:\programdata\trzEBFD.tmp
c:\programdata\trzEC01.tmp
c:\programdata\trzEC11.tmp
c:\programdata\trzEC15.tmp
c:\programdata\trzEC1E.tmp
c:\programdata\trzEC1F.tmp
c:\programdata\trzEC2.tmp
c:\programdata\trzEC29.tmp
c:\programdata\trzEC2C.tmp
c:\programdata\trzEC3.tmp
c:\programdata\trzEC4.tmp
c:\programdata\trzEC41.tmp
c:\programdata\trzEC44.tmp
c:\programdata\trzEC5B.tmp
c:\programdata\trzEC63.tmp
c:\programdata\trzEC70.tmp
c:\programdata\trzEC71.tmp
c:\programdata\trzEC79.tmp
c:\programdata\trzEC7A.tmp
c:\programdata\trzEC7C.tmp
c:\programdata\trzEC8D.tmp
c:\programdata\trzEC8F.tmp
c:\programdata\trzEC96.tmp
c:\programdata\trzEC9A.tmp
c:\programdata\trzECA6.tmp
c:\programdata\trzECAA.tmp
c:\programdata\trzECB1.tmp
c:\programdata\trzECBD.tmp
c:\programdata\trzECC5.tmp
c:\programdata\trzECC6.tmp
c:\programdata\trzECCC.tmp
c:\programdata\trzECD1.tmp
c:\programdata\trzECDC.tmp
c:\programdata\trzECF5.tmp
c:\programdata\trzECFA.tmp
c:\programdata\trzECFE.tmp
c:\programdata\trzED04.tmp
c:\programdata\trzED17.tmp
c:\programdata\trzED1B.tmp
c:\programdata\trzED20.tmp
c:\programdata\trzED27.tmp
c:\programdata\trzED2C.tmp
c:\programdata\trzED3.tmp
c:\programdata\trzED44.tmp
c:\programdata\trzED45.tmp
c:\programdata\trzED46.tmp
c:\programdata\trzED47.tmp
c:\programdata\trzED4E.tmp
c:\programdata\trzED52.tmp
c:\programdata\trzED57.tmp
c:\programdata\trzED5C.tmp
c:\programdata\trzED62.tmp
c:\programdata\trzED6A.tmp
c:\programdata\trzED72.tmp
c:\programdata\trzED76.tmp
c:\programdata\trzED7B.tmp
c:\programdata\trzED8B.tmp
c:\programdata\trzED8D.tmp
c:\programdata\trzED8E.tmp
c:\programdata\trzED98.tmp
c:\programdata\trzEDB1.tmp
c:\programdata\trzEDC3.tmp
c:\programdata\trzEDD.tmp
c:\programdata\trzEDD7.tmp
c:\programdata\trzEDDE.tmp
c:\programdata\trzEDE.tmp
c:\programdata\trzEDE0.tmp
c:\programdata\trzEDEE.tmp
c:\programdata\trzEDF3.tmp
c:\programdata\trzEDF4.tmp
c:\programdata\trzEDF5.tmp
c:\programdata\trzEDF7.tmp
c:\programdata\trzEDF9.tmp
c:\programdata\trzEE0F.tmp
c:\programdata\trzEE17.tmp
c:\programdata\trzEE20.tmp
c:\programdata\trzEE21.tmp
c:\programdata\trzEE29.tmp
c:\programdata\trzEE2E.tmp
c:\programdata\trzEE30.tmp
c:\programdata\trzEE36.tmp
c:\programdata\trzEE3F.tmp
c:\programdata\trzEE42.tmp
c:\programdata\trzEE52.tmp
c:\programdata\trzEE54.tmp
c:\programdata\trzEE56.tmp
c:\programdata\trzEE66.tmp
c:\programdata\trzEE68.tmp
c:\programdata\trzEE78.tmp
c:\programdata\trzEE8A.tmp
c:\programdata\trzEE9F.tmp
c:\programdata\trzEEAB.tmp
c:\programdata\trzEEBB.tmp
c:\programdata\trzEEBD.tmp
c:\programdata\trzEEBE.tmp
c:\programdata\trzEEC2.tmp
c:\programdata\trzEEC4.tmp
c:\programdata\trzEECE.tmp
c:\programdata\trzEED2.tmp
c:\programdata\trzEED3.tmp
c:\programdata\trzEED9.tmp
c:\programdata\trzEEDF.tmp
c:\programdata\trzEEE5.tmp
c:\programdata\trzEEF.tmp
c:\programdata\trzEEF3.tmp
c:\programdata\trzEEF4.tmp
c:\programdata\trzEEFC.tmp
c:\programdata\trzEF0.tmp
c:\programdata\trzEF09.tmp
c:\programdata\trzEF0C.tmp
c:\programdata\trzEF14.tmp
c:\programdata\trzEF25.tmp
c:\programdata\trzEF32.tmp
c:\programdata\trzEF3F.tmp
c:\programdata\trzEF48.tmp
c:\programdata\trzEF5A.tmp
c:\programdata\trzEF7.tmp
c:\programdata\trzEF7B.tmp
c:\programdata\trzEF87.tmp
c:\programdata\trzEF88.tmp
c:\programdata\trzEF92.tmp
c:\programdata\trzEFA8.tmp
c:\programdata\trzEFA9.tmp
c:\programdata\trzEFAB.tmp
c:\programdata\trzEFAD.tmp
c:\programdata\trzEFAE.tmp
c:\programdata\trzEFAF.tmp
c:\programdata\trzEFB4.tmp
c:\programdata\trzEFB6.tmp
c:\programdata\trzEFC0.tmp
c:\programdata\trzEFD3.tmp
c:\programdata\trzEFDC.tmp
c:\programdata\trzEFE1.tmp
c:\programdata\trzEFFF.tmp
c:\programdata\trzF018.tmp
c:\programdata\trzF024.tmp
c:\programdata\trzF03.tmp
c:\programdata\trzF034.tmp
c:\programdata\trzF040.tmp
c:\programdata\trzF046.tmp
c:\programdata\trzF047.tmp
c:\programdata\trzF049.tmp
c:\programdata\trzF04A.tmp
c:\programdata\trzF051.tmp
c:\programdata\trzF054.tmp
c:\programdata\trzF055.tmp
c:\programdata\trzF056.tmp
c:\programdata\trzF072.tmp
c:\programdata\trzF073.tmp
c:\programdata\trzF078.tmp
c:\programdata\trzF083.tmp
c:\programdata\trzF084.tmp
c:\programdata\trzF08F.tmp
c:\programdata\trzF091.tmp
c:\programdata\trzF09B.tmp
c:\programdata\trzF09D.tmp
c:\programdata\trzF0A7.tmp
c:\programdata\trzF0B5.tmp
c:\programdata\trzF0B7.tmp
c:\programdata\trzF0B8.tmp
c:\programdata\trzF0CC.tmp
c:\programdata\trzF0CE.tmp
c:\programdata\trzF0D9.tmp
c:\programdata\trzF11.tmp
c:\programdata\trzF112.tmp
c:\programdata\trzF115.tmp
c:\programdata\trzF116.tmp
c:\programdata\trzF11C.tmp
c:\programdata\trzF122.tmp
c:\programdata\trzF126.tmp
c:\programdata\trzF132.tmp
c:\programdata\trzF140.tmp
c:\programdata\trzF141.tmp
c:\programdata\trzF14F.tmp
c:\programdata\trzF157.tmp
c:\programdata\trzF15F.tmp
c:\programdata\trzF164.tmp
c:\programdata\trzF165.tmp
c:\programdata\trzF168.tmp
c:\programdata\trzF16B.tmp
c:\programdata\trzF16D.tmp
c:\programdata\trzF16F.tmp
c:\programdata\trzF17B.tmp
c:\programdata\trzF191.tmp
c:\programdata\trzF196.tmp
c:\programdata\trzF1A2.tmp
c:\programdata\trzF1C4.tmp
c:\programdata\trzF1C6.tmp
c:\programdata\trzF1D8.tmp
c:\programdata\trzF1DB.tmp
c:\programdata\trzF1E1.tmp
c:\programdata\trzF1E2.tmp
c:\programdata\trzF1F.tmp
c:\programdata\trzF1F9.tmp
c:\programdata\trzF1FC.tmp
c:\programdata\trzF1FD.tmp
c:\programdata\trzF1FE.tmp
c:\programdata\trzF20.tmp
c:\programdata\trzF205.tmp
c:\programdata\trzF211.tmp
c:\programdata\trzF21D.tmp
c:\programdata\trzF223.tmp
c:\programdata\trzF22E.tmp
c:\programdata\trzF23A.tmp
c:\programdata\trzF240.tmp
c:\programdata\trzF248.tmp
c:\programdata\trzF249.tmp
c:\programdata\trzF24A.tmp
c:\programdata\trzF257.tmp
c:\programdata\trzF25C.tmp
c:\programdata\trzF25E.tmp
c:\programdata\trzF268.tmp
c:\programdata\trzF26E.tmp
c:\programdata\trzF279.tmp
c:\programdata\trzF28.tmp
c:\programdata\trzF285.tmp
c:\programdata\trzF29.tmp
c:\programdata\trzF291.tmp
c:\programdata\trzF29F.tmp
c:\programdata\trzF2A.tmp
c:\programdata\trzF2A2.tmp
c:\programdata\trzF2AA.tmp
c:\programdata\trzF2B3.tmp
c:\programdata\trzF2B6.tmp
c:\programdata\trzF2BC.tmp
c:\programdata\trzF2CA.tmp
c:\programdata\trzF2CC.tmp
c:\programdata\trzF2CD.tmp
c:\programdata\trzF2D7.tmp
c:\programdata\trzF2DF.tmp
c:\programdata\trzF2E9.tmp
c:\programdata\trzF2F2.tmp
c:\programdata\trzF2F3.tmp
c:\programdata\trzF2F9.tmp
c:\programdata\trzF2FB.tmp
c:\programdata\trzF2FC.tmp
c:\programdata\trzF30.tmp
c:\programdata\trzF300.tmp
c:\programdata\trzF301.tmp
c:\programdata\trzF306.tmp
c:\programdata\trzF308.tmp
c:\programdata\trzF309.tmp
c:\programdata\trzF30A.tmp
c:\programdata\trzF312.tmp
c:\programdata\trzF315.tmp
c:\programdata\trzF316.tmp
c:\programdata\trzF323.tmp
c:\programdata\trzF333.tmp
c:\programdata\trzF335.tmp
c:\programdata\trzF33D.tmp
c:\programdata\trzF34.tmp
c:\programdata\trzF341.tmp
c:\programdata\trzF354.tmp
c:\programdata\trzF368.tmp
c:\programdata\trzF378.tmp
c:\programdata\trzF385.tmp
c:\programdata\trzF388.tmp
c:\programdata\trzF38A.tmp
c:\programdata\trzF39C.tmp
c:\programdata\trzF3A1.tmp
c:\programdata\trzF3A5.tmp
c:\programdata\trzF3A7.tmp
c:\programdata\trzF3B7.tmp
c:\programdata\trzF3C2.tmp
c:\programdata\trzF3C8.tmp
c:\programdata\trzF3CC.tmp
c:\programdata\trzF3CF.tmp
c:\programdata\trzF3D2.tmp
c:\programdata\trzF3D4.tmp
c:\programdata\trzF3D5.tmp
c:\programdata\trzF3DA.tmp
c:\programdata\trzF3DC.tmp
c:\programdata\trzF3DD.tmp
c:\programdata\trzF3DF.tmp
c:\programdata\trzF3E5.tmp
c:\programdata\trzF3E7.tmp
c:\programdata\trzF3F0.tmp
c:\programdata\trzF3F1.tmp
c:\programdata\trzF40D.tmp
c:\programdata\trzF413.tmp
c:\programdata\trzF414.tmp
c:\programdata\trzF41E.tmp
c:\programdata\trzF425.tmp
c:\programdata\trzF428.tmp
c:\programdata\trzF43F.tmp
c:\programdata\trzF444.tmp
c:\programdata\trzF44A.tmp
c:\programdata\trzF44B.tmp
c:\programdata\trzF454.tmp
c:\programdata\trzF464.tmp
c:\programdata\trzF46C.tmp
c:\programdata\trzF470.tmp
c:\programdata\trzF481.tmp
c:\programdata\trzF485.tmp
c:\programdata\trzF487.tmp
c:\programdata\trzF493.tmp
c:\programdata\trzF496.tmp
c:\programdata\trzF498.tmp
c:\programdata\trzF49C.tmp
c:\programdata\trzF49D.tmp
c:\programdata\trzF49E.tmp
c:\programdata\trzF4B8.tmp
c:\programdata\trzF4C0.tmp
c:\programdata\trzF4C3.tmp
c:\programdata\trzF4CF.tmp
c:\programdata\trzF4D.tmp
c:\programdata\trzF4D7.tmp
c:\programdata\trzF4E8.tmp
c:\programdata\trzF4EB.tmp
c:\programdata\trzF4F6.tmp
c:\programdata\trzF5.tmp
c:\programdata\trzF500.tmp
c:\programdata\trzF513.tmp
c:\programdata\trzF52F.tmp
c:\programdata\trzF530.tmp
c:\programdata\trzF535.tmp
c:\programdata\trzF536.tmp
c:\programdata\trzF53F.tmp
c:\programdata\trzF549.tmp
c:\programdata\trzF54C.tmp
c:\programdata\trzF54D.tmp
c:\programdata\trzF556.tmp
c:\programdata\trzF564.tmp
c:\programdata\trzF572.tmp
c:\programdata\trzF579.tmp
c:\programdata\trzF580.tmp
c:\programdata\trzF59.tmp
c:\programdata\trzF593.tmp
c:\programdata\trzF5AB.tmp
c:\programdata\trzF5AC.tmp
c:\programdata\trzF5B0.tmp
c:\programdata\trzF5B5.tmp
c:\programdata\trzF5C1.tmp
c:\programdata\trzF5C6.tmp
c:\programdata\trzF5D8.tmp
c:\programdata\trzF5DB.tmp
c:\programdata\trzF5DC.tmp
c:\programdata\trzF5F7.tmp
c:\programdata\trzF5F9.tmp
c:\programdata\trzF5FC.tmp
c:\programdata\trzF601.tmp
c:\programdata\trzF607.tmp
c:\programdata\trzF608.tmp
c:\programdata\trzF60E.tmp
c:\programdata\trzF61A.tmp
c:\programdata\trzF620.tmp
c:\programdata\trzF624.tmp
c:\programdata\trzF627.tmp
c:\programdata\trzF629.tmp
c:\programdata\trzF634.tmp
c:\programdata\trzF640.tmp
c:\programdata\trzF641.tmp
c:\programdata\trzF642.tmp
c:\programdata\trzF64A.tmp
c:\programdata\trzF64B.tmp
c:\programdata\trzF66B.tmp
c:\programdata\trzF670.tmp
c:\programdata\trzF67E.tmp
c:\programdata\trzF686.tmp
c:\programdata\trzF688.tmp
c:\programdata\trzF68C.tmp
c:\programdata\trzF693.tmp
c:\programdata\trzF696.tmp
c:\programdata\trzF69B.tmp
c:\programdata\trzF6A0.tmp
c:\programdata\trzF6A2.tmp
c:\programdata\trzF6BF.tmp
c:\programdata\trzF6C3.tmp
c:\programdata\trzF6C7.tmp
c:\programdata\trzF6CC.tmp
c:\programdata\trzF6D0.tmp
c:\programdata\trzF6D4.tmp
c:\programdata\trzF6D5.tmp
c:\programdata\trzF6DC.tmp
c:\programdata\trzF6E0.tmp
c:\programdata\trzF6F1.tmp
c:\programdata\trzF6F9.tmp
c:\programdata\trzF6FB.tmp
c:\programdata\trzF71.tmp
c:\programdata\trzF72.tmp
c:\programdata\trzF72C.tmp
c:\programdata\trzF735.tmp
c:\programdata\trzF736.tmp
c:\programdata\trzF737.tmp
c:\programdata\trzF73C.tmp
c:\programdata\trzF73D.tmp
c:\programdata\trzF742.tmp
c:\programdata\trzF743.tmp
c:\programdata\trzF74A.tmp
c:\programdata\trzF760.tmp
c:\programdata\trzF763.tmp
c:\programdata\trzF767.tmp
c:\programdata\trzF769.tmp
c:\programdata\trzF76A.tmp
c:\programdata\trzF76C.tmp
c:\programdata\trzF774.tmp
c:\programdata\trzF776.tmp
c:\programdata\trzF78D.tmp
c:\programdata\trzF78E.tmp
c:\programdata\trzF796.tmp
c:\programdata\trzF799.tmp
c:\programdata\trzF79A.tmp
c:\programdata\trzF79B.tmp
c:\programdata\trzF7A3.tmp
c:\programdata\trzF7B.tmp
c:\programdata\trzF7B8.tmp
c:\programdata\trzF7BF.tmp
c:\programdata\trzF7C5.tmp
c:\programdata\trzF7C7.tmp
c:\programdata\trzF7E3.tmp
c:\programdata\trzF7EC.tmp
c:\programdata\trzF7F6.tmp
c:\programdata\trzF801.tmp
c:\programdata\trzF804.tmp
c:\programdata\trzF809.tmp
c:\programdata\trzF80E.tmp
c:\programdata\trzF80F.tmp
c:\programdata\trzF811.tmp
c:\programdata\trzF817.tmp
c:\programdata\trzF81C.tmp
c:\programdata\trzF81E.tmp
c:\programdata\trzF82.tmp
c:\programdata\trzF828.tmp
c:\programdata\trzF841.tmp
c:\programdata\trzF846.tmp
c:\programdata\trzF852.tmp
c:\programdata\trzF857.tmp
c:\programdata\trzF85E.tmp
c:\programdata\trzF863.tmp
c:\programdata\trzF866.tmp
c:\programdata\trzF868.tmp
c:\programdata\trzF869.tmp
c:\programdata\trzF86B.tmp
c:\programdata\trzF871.tmp
c:\programdata\trzF872.tmp
c:\programdata\trzF87B.tmp
c:\programdata\trzF87E.tmp
c:\programdata\trzF88A.tmp
c:\programdata\trzF8A7.tmp
c:\programdata\trzF8B4.tmp
c:\programdata\trzF8C0.tmp
c:\programdata\trzF8C2.tmp
c:\programdata\trzF8C9.tmp
c:\programdata\trzF8DA.tmp
c:\programdata\trzF8E0.tmp
c:\programdata\trzF8E1.tmp
c:\programdata\trzF8E4.tmp
c:\programdata\trzF8E5.tmp
c:\programdata\trzF8F9.tmp
c:\programdata\trzF903.tmp
c:\programdata\trzF906.tmp
c:\programdata\trzF90B.tmp
c:\programdata\trzF90C.tmp
c:\programdata\trzF90D.tmp
c:\programdata\trzF918.tmp
c:\programdata\trzF92.tmp
c:\programdata\trzF924.tmp
c:\programdata\trzF928.tmp
c:\programdata\trzF92B.tmp
c:\programdata\trzF93B.tmp
c:\programdata\trzF94C.tmp
c:\programdata\trzF94D.tmp
c:\programdata\trzF94E.tmp
c:\programdata\trzF95D.tmp
c:\programdata\trzF95E.tmp
c:\programdata\trzF966.tmp
c:\programdata\trzF968.tmp
c:\programdata\trzF973.tmp
c:\programdata\trzF974.tmp
c:\programdata\trzF975.tmp
c:\programdata\trzF980.tmp
c:\programdata\trzF981.tmp
c:\programdata\trzF99.tmp
c:\programdata\trzF9A0.tmp
c:\programdata\trzF9AB.tmp
c:\programdata\trzF9AC.tmp
c:\programdata\trzF9AF.tmp
c:\programdata\trzF9B0.tmp
c:\programdata\trzF9B4.tmp
c:\programdata\trzF9B6.tmp
c:\programdata\trzF9BC.tmp
c:\programdata\trzF9C5.tmp
c:\programdata\trzF9C8.tmp
c:\programdata\trzF9E1.tmp
c:\programdata\trzF9EC.tmp
c:\programdata\trzF9F3.tmp
c:\programdata\trzF9F9.tmp
c:\programdata\trzF9FE.tmp
c:\programdata\trzFA06.tmp
c:\programdata\trzFA09.tmp
c:\programdata\trzFA0F.tmp
c:\programdata\trzFA12.tmp
c:\programdata\trzFA17.tmp
c:\programdata\trzFA28.tmp
c:\programdata\trzFA2A.tmp
c:\programdata\trzFA39.tmp
c:\programdata\trzFA3C.tmp
c:\programdata\trzFA48.tmp
c:\programdata\trzFA49.tmp
c:\programdata\trzFA51.tmp
c:\programdata\trzFA53.tmp
c:\programdata\trzFA5B.tmp
c:\programdata\trzFA5E.tmp
c:\programdata\trzFA60.tmp
c:\programdata\trzFA62.tmp
c:\programdata\trzFA6B.tmp
c:\programdata\trzFA72.tmp
c:\programdata\trzFA78.tmp
c:\programdata\trzFA7C.tmp
c:\programdata\trzFA80.tmp
c:\programdata\trzFA86.tmp
c:\programdata\trzFA88.tmp
c:\programdata\trzFA92.tmp
c:\programdata\trzFA96.tmp
c:\programdata\trzFAB.tmp
c:\programdata\trzFAC5.tmp
c:\programdata\trzFAC9.tmp
c:\programdata\trzFAD.tmp
c:\programdata\trzFAD5.tmp
c:\programdata\trzFAD7.tmp
c:\programdata\trzFADB.tmp
c:\programdata\trzFADC.tmp
c:\programdata\trzFADE.tmp
c:\programdata\trzFAE2.tmp
c:\programdata\trzFAE5.tmp
c:\programdata\trzFAE6.tmp
c:\programdata\trzFAF.tmp
c:\programdata\trzFAF2.tmp
c:\programdata\trzFB06.tmp
c:\programdata\trzFB08.tmp
c:\programdata\trzFB15.tmp
c:\programdata\trzFB1F.tmp
c:\programdata\trzFB24.tmp
c:\programdata\trzFB27.tmp
c:\programdata\trzFB3C.tmp
c:\programdata\trzFB42.tmp
c:\programdata\trzFB44.tmp
c:\programdata\trzFB46.tmp
c:\programdata\trzFB4C.tmp
c:\programdata\trzFB4F.tmp
c:\programdata\trzFB5D.tmp
c:\programdata\trzFB63.tmp
c:\programdata\trzFB67.tmp
c:\programdata\trzFB6B.tmp
c:\programdata\trzFB78.tmp
c:\programdata\trzFB8B.tmp
c:\programdata\trzFBA1.tmp
c:\programdata\trzFBB0.tmp
c:\programdata\trzFBB3.tmp
c:\programdata\trzFBB7.tmp
c:\programdata\trzFBBD.tmp
c:\programdata\trzFBC8.tmp
c:\programdata\trzFBD.tmp
c:\programdata\trzFBD1.tmp
c:\programdata\trzFBE.tmp
c:\programdata\trzFBE3.tmp
c:\programdata\trzFBEB.tmp
c:\programdata\trzFBED.tmp
c:\programdata\trzFBEF.tmp
c:\programdata\trzFBF3.tmp
c:\programdata\trzFC0.tmp
c:\programdata\trzFC00.tmp
c:\programdata\trzFC0A.tmp
c:\programdata\trzFC0F.tmp
c:\programdata\trzFC2.tmp
c:\programdata\trzFC20.tmp
c:\programdata\trzFC29.tmp
c:\programdata\trzFC2B.tmp
c:\programdata\trzFC3.tmp
c:\programdata\trzFC37.tmp
c:\programdata\trzFC44.tmp
c:\programdata\trzFC46.tmp
c:\programdata\trzFC67.tmp
c:\programdata\trzFC85.tmp
c:\programdata\trzFC8C.tmp
c:\programdata\trzFC8D.tmp
c:\programdata\trzFC8E.tmp
c:\programdata\trzFC9.tmp
c:\programdata\trzFCAA.tmp
c:\programdata\trzFCB2.tmp
c:\programdata\trzFCB3.tmp
c:\programdata\trzFCB7.tmp
c:\programdata\trzFCBF.tmp
c:\programdata\trzFCC8.tmp
c:\programdata\trzFCD6.tmp
c:\programdata\trzFCD7.tmp
c:\programdata\trzFCDA.tmp
c:\programdata\trzFCE7.tmp
c:\programdata\trzFCEA.tmp
c:\programdata\trzFCF.tmp
c:\programdata\trzFCFA.tmp
c:\programdata\trzFCFD.tmp
c:\programdata\trzFD0.tmp
c:\programdata\trzFD03.tmp
c:\programdata\trzFD04.tmp
c:\programdata\trzFD10.tmp
c:\programdata\trzFD20.tmp
c:\programdata\trzFD21.tmp
c:\programdata\trzFD25.tmp
c:\programdata\trzFD29.tmp
c:\programdata\trzFD2A.tmp
c:\programdata\trzFD2B.tmp
c:\programdata\trzFD31.tmp
c:\programdata\trzFD33.tmp
c:\programdata\trzFD3A.tmp
c:\programdata\trzFD3B.tmp
c:\programdata\trzFD48.tmp
c:\programdata\trzFD69.tmp
c:\programdata\trzFD75.tmp
c:\programdata\trzFD77.tmp
c:\programdata\trzFD94.tmp
c:\programdata\trzFD9D.tmp
c:\programdata\trzFD9E.tmp
c:\programdata\trzFDA3.tmp
c:\programdata\trzFDAA.tmp
c:\programdata\trzFDAD.tmp
c:\programdata\trzFDAE.tmp
c:\programdata\trzFDB1.tmp
c:\programdata\trzFDB6.tmp
c:\programdata\trzFDC0.tmp
c:\programdata\trzFDC1.tmp
c:\programdata\trzFDC3.tmp
c:\programdata\trzFDC4.tmp
c:\programdata\trzFDC6.tmp
c:\programdata\trzFDC9.tmp
c:\programdata\trzFDD.tmp
c:\programdata\trzFDD6.tmp
c:\programdata\trzFDD8.tmp
c:\programdata\trzFDDA.tmp
c:\programdata\trzFDEF.tmp
c:\programdata\trzFDF4.tmp
c:\programdata\trzFDF5.tmp
c:\programdata\trzFDF6.tmp
c:\programdata\trzFDF7.tmp
c:\programdata\trzFE04.tmp
c:\programdata\trzFE0C.tmp
c:\programdata\trzFE17.tmp
c:\programdata\trzFE2.tmp
c:\programdata\trzFE31.tmp
c:\programdata\trzFE3C.tmp
c:\programdata\trzFE3D.tmp
c:\programdata\trzFE4.tmp
c:\programdata\trzFE43.tmp
c:\programdata\trzFE47.tmp
c:\programdata\trzFE4A.tmp
c:\programdata\trzFE60.tmp
c:\programdata\trzFE65.tmp
c:\programdata\trzFE6A.tmp
c:\programdata\trzFE73.tmp
c:\programdata\trzFE7D.tmp
c:\programdata\trzFE80.tmp
c:\programdata\trzFE83.tmp
c:\programdata\trzFE88.tmp
c:\programdata\trzFE8E.tmp
c:\programdata\trzFE91.tmp
c:\programdata\trzFE92.tmp
c:\programdata\trzFE95.tmp
c:\programdata\trzFE97.tmp
c:\programdata\trzFE9E.tmp
c:\programdata\trzFEA.tmp
c:\programdata\trzFEA1.tmp
c:\programdata\trzFEA8.tmp
c:\programdata\trzFEAB.tmp
c:\programdata\trzFEAC.tmp
c:\programdata\trzFEB.tmp
c:\programdata\trzFEB3.tmp
c:\programdata\trzFEBA.tmp
c:\programdata\trzFEEC.tmp
c:\programdata\trzFEED.tmp
c:\programdata\trzFEEE.tmp
c:\programdata\trzFEEF.tmp
c:\programdata\trzFEF0.tmp
c:\programdata\trzFEF1.tmp
c:\programdata\trzFEF2.tmp
c:\programdata\trzFEF3.tmp
c:\programdata\trzFEF7.tmp
c:\programdata\trzFF14.tmp
c:\programdata\trzFF16.tmp
c:\programdata\trzFF17.tmp
c:\programdata\trzFF38.tmp
c:\programdata\trzFF3C.tmp
c:\programdata\trzFF49.tmp
c:\programdata\trzFF5E.tmp
c:\programdata\trzFF6.tmp
c:\programdata\trzFF63.tmp
c:\programdata\trzFF68.tmp
c:\programdata\trzFF6D.tmp
c:\programdata\trzFF77.tmp
c:\programdata\trzFF79.tmp
c:\programdata\trzFF7A.tmp
c:\programdata\trzFF7C.tmp
c:\programdata\trzFF7D.tmp
c:\programdata\trzFF80.tmp
c:\programdata\trzFF87.tmp
c:\programdata\trzFF8C.tmp
c:\programdata\trzFF8E.tmp
c:\programdata\trzFF98.tmp
c:\programdata\trzFF9C.tmp
c:\programdata\trzFFB3.tmp
c:\programdata\trzFFB5.tmp
c:\programdata\trzFFB7.tmp
c:\programdata\trzFFBB.tmp
c:\programdata\trzFFCD.tmp
c:\programdata\trzFFCE.tmp
c:\programdata\trzFFD8.tmp
c:\programdata\trzFFE9.tmp
c:\programdata\trzFFF2.tmp
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dzr28fbp.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dzr28fbp.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dzr28fbp.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dzr28fbp.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dzr28fbp.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\install.rdf
c:\users\Reggie\AppData\Roaming\Local
c:\users\Reggie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Reggie\AppData\Roaming\Local\Temp\DDM\Settings\470626975010_9042.mp4.ddr
c:\users\Reggie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Reggie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\470626975010_9042.mp4
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\5ze7lbum.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\5ze7lbum.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\chrome.manifest
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\5ze7lbum.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\chrome\xulcache.jar
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\5ze7lbum.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\defaults\preferences\xulcache.js
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\5ze7lbum.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\install.rdf
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\y71zimrv.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\y71zimrv.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\chrome.manifest
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\y71zimrv.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\chrome\xulcache.jar
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\y71zimrv.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\defaults\preferences\xulcache.js
c:\users\Reggie\AppData\Roaming\Mozilla\Firefox\Profiles\y71zimrv.default\extensions\{7f94c847-4803-42dd-aebc-3400297ef5c7}\install.rdf
c:\users\Reggie\AppData\Roaming\NGH150_AllWin_EnglishTryBuy30.exe
c:\users\Reggie\AppData\Roaming\Reggie3SQLite3.dll
c:\users\Reggie\AppData\Roaming\Reggielog.dat
c:\users\Reggie\Documents\~WRL0001.tmp
c:\users\Reggie\Documents\~WRL0783.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Netman32
-------\Service_PolicyAgent32
-------\Service_RpcSs32
-------\Service_wmiApSrv32
.
.
((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-15 02:04 . 2011-10-15 02:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-10-15 02:04 . 2011-10-15 02:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-10-15 02:04 . 2011-10-15 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-15 02:04 . 2011-10-15 02:04 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2011-10-15 02:04 . 2011-10-15 02:04 -------- d-----w- c:\users\Acronis Agent User.Reggie-PC\AppData\Local\temp
2011-10-15 00:33 . 2011-10-15 02:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B6ABA5D-2536-406A-B052-BE3789A88F93}\offreg.dll
2011-10-14 09:59 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B6ABA5D-2536-406A-B052-BE3789A88F93}\mpengine.dll
2011-10-06 01:35 . 2011-10-06 01:35 -------- d-----w- c:\users\Reggie\AppData\Local\Deluxe_Digital_Studios
2011-09-24 22:30 . 2011-09-24 22:34 -------- d-----w- c:\windows\system32\config\systemprofile\.frostwire5
2011-09-24 17:10 . 2011-09-24 17:10 -------- d-----w- c:\windows\system32\config\systemprofile\.swt
2011-09-24 03:11 . 2011-09-24 03:11 -------- d-----w- c:\programdata\RoboForm
2011-09-24 03:11 . 2011-09-24 22:40 -------- d-----w- c:\program files\Siber Systems
2011-09-24 03:05 . 2011-09-24 03:06 -------- d-----w- c:\program files\somototoolbar
2011-09-24 03:04 . 2011-09-24 03:06 -------- d-----w- c:\program files\Vuze Trial FileBulldog Toolbar
2011-09-22 20:59 . 2011-09-22 20:59 -------- d-----w- c:\users\Reggie\AppData\Roaming\MyPublisher
2011-09-22 20:59 . 2011-09-22 20:59 -------- d-----w- c:\program files\MyPublisher
2011-09-16 22:41 . 2011-10-15 00:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Azureus
2011-09-16 00:57 . 2011-09-24 22:31 -------- d-----w- c:\windows\system32\config\systemprofile\FrostWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2011-07-02 04:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-02 04:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-02 04:36 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-07-02 04:36 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-02 04:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-02 04:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-02 04:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-07-02 04:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 00:00 . 2010-01-23 03:19 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 23:32 . 2011-08-15 23:32 715776 ----a-w- c:\programdata\wshirda32.exe
2011-08-13 21:37 . 2011-06-16 23:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:31 . 2011-08-12 02:31 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-08-12 02:31 . 2011-08-12 02:31 77624 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-08-01 12:27 . 2011-08-01 12:27 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-08-01 12:27 . 2011-08-01 12:27 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-07-22 02:54 . 2011-08-10 10:14 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 10:14 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 10:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-07 01:50 . 2011-03-24 04:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 20:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 20:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 20:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-08-04 185800]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-04-16 3817080]
"MusicManager"="c:\users\Reggie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-08-08 1407848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-29 150552]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-11 417792]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-01 9210400]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-08 1282048]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Hanvon Shell.lnk - c:\hanvon_soft\hwshell.exe [2010-3-13 917504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 20:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Reggie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
path=c:\users\Reggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Reggie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Reggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Reggie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Reggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-09 00:31 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWTablet KeyPlus]
2008-06-04 00:16 53248 ----a-w- c:\windows\System32\HWKeyPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWTablet Service]
2008-06-04 00:17 299008 ----a-w- c:\windows\System32\HWTabTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 02:07]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 02:07]
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179481618-1648163425-1458700690-1001Core.job
- c:\users\Reggie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 01:31]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179481618-1648163425-1458700690-1001UA.job
- c:\users\Reggie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,a0,12,91,48,8b,f9,4a,87,41,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,a0,12,91,48,8b,f9,4a,87,41,86,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(5660)
c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\conhost.exe
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\BDT\BDTUpdateService.exe
c:\windows\system32\FsUsbExService.Exe
c:\windows\jwpen.exe
c:\windows\Jwpen.exe
c:\idrive\IDriveE Service.exe
c:\idrive\IDriveWebM.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Live\Mesh\wlcrasvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Eraser\Eraser.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\users\Reggie\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\idrive\IDriveETray.exe
c:\idrive\IDriveEBackground.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2011-10-14 19:30:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-15 02:30
.
Pre-Run: 55,500,263,424 bytes free
Post-Run: 55,179,726,848 bytes free
.
- - End Of File - - 68EA1DFA7CDA24686F45782669CCF4CD
__________________
Baldie559 is offline  
Old 10-14-2011, 08:13 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Baldie559. Have the redirects stopped?

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts and Family Safety > User Accounts > Change User Account settings and set it back to Default.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( FrostWire and Vuze ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here and here.

I would strongly recommend that you uninstall them. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

I see you already have MBAM on your machine.
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date.

Java(TM) 6 Update 22 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel > Programs and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-14-2011, 09:01 PM   #7
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



Here is the MBAM log. Will post the ESET scan log once its completed. It is currently running.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7950

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/14/2011 8:55:31 PM
mbam-log-2011-10-14 (20-55-31).txt

Scan type: Quick scan
Objects scanned: 231759
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________
Baldie559 is offline  
Old 10-15-2011, 10:06 AM   #8
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



Attached is the ESET scan log. It was too long so I had to attach it. As far as system behavior, I did some searches and haven't had any redirections so far.
Attached Files
File Type: txt ESET.txt (770.9 KB, 7 views)
__________________
Baldie559 is offline  
Old 10-15-2011, 12:02 PM   #9
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



I also want to add....I'm now having some issues.

1) Windows security update keeps failing to load. During restart if fails to load a windows security update
2) Google Music Music Manager can no longer login successfully. It states can't verify pc.
3) Vuze no longer opens

Items 2 and 3 were working fine this morning....then noticed after the ESET scan...was having issue with all 3 items. Not sure if the ESET scan caused it though. Just wanted to let you know.
__________________
Baldie559 is offline  
Old 10-15-2011, 12:26 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Baldie559. Do you use AskToolbar? It isn't showing in your installed programs list.

Please go to: VirusTotal
  • Click the Browse button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\ProgramData\wshirda32.exe

  • Click Open then click the Send File button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already submitted: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-15-2011, 02:48 PM   #11
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



No I do not use AskToolbar.

Here is the URL for the result of the analysis:
VirusTotal - Free Online Virus, Malware and URL Scanner
__________________
Baldie559 is offline  
Old 10-15-2011, 05:10 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Baldie559. Qoobox is ComboFix's quarantine folder. It will get deleted when we uninstall ComboFix.

------------------------------------------------------

Quote:
C:\Users\Reggie\Downloads\Symantec Norton Ghost v15.0 Incl. Keymaker-CORE\NGH150_AllWin_EnglishTryBuy30.exe
Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
http://www.techsupportforum.com/forums/f50/firefox-keeps-redirecting-606003.html#post3474765

Collect::
C:\ProgramData\wshirda32.exe

File::
C:\Users\All Users\wshirda32.exe
C:\Users\Reggie\AppData\Local\Google\Chrome\User Data\Default\Default\eblcajpppdooadgobjbnpmdeandcjcok\contentscript.js
C:\Users\Reggie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe
C:\Users\Reggie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe
C:\Users\Reggie\Downloads\downloader-youtube-203-setup.exe
C:\Users\Reggie\Downloads\frostwire-4.18.6.windows.exe
C:\Users\Reggie\Downloads\frostwire-4.20.9.windows.exe
C:\Users\Reggie\Downloads\frostwire-4.21.3.windows.exe
C:\Users\Reggie\Downloads\Symantec Norton Ghost v15.0 Incl. Keymaker-CORE\NGH150_AllWin_EnglishTryBuy30.exe

ClearJavaCache::

Folder::
c:\program files\AskBarDis

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

NetSvc::
UxTuneUp
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-15-2011, 06:13 PM   #13
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



ComboFix 11-10-15.04 - Reggie 10/15/2011 17:24:35.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1594 [GMT -7:00]
Running from: c:\users\Reggie\Desktop\ComboFix.exe
Command switches used :: c:\users\Reggie\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\All Users\wshirda32.exe"
"c:\users\Reggie\AppData\Local\Google\Chrome\User Data\Default\Default\eblcajpppdooadgobjbnpmdeandcjcok\contentscript.js"
"c:\users\Reggie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe"
"c:\users\Reggie\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.5.windows.exe"
"c:\users\Reggie\Downloads\downloader-youtube-203-setup.exe"
"c:\users\Reggie\Downloads\frostwire-4.18.6.windows.exe"
"c:\users\Reggie\Downloads\frostwire-4.20.9.windows.exe"
"c:\users\Reggie\Downloads\frostwire-4.21.3.windows.exe"
"c:\users\Reggie\Downloads\Symantec Norton Ghost v15.0 Incl. Keymaker-CORE\NGH150_AllWin_EnglishTryBuy30.exe"
.
file zipped: c:\programdata\wshirda32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\programdata\wshirda32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ASKService
-------\Service_ASKUpgrade
-------\Service_ASKService
-------\Service_ASKUpgrade
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-16 00:46 . 2011-10-16 00:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-10-16 00:46 . 2011-10-16 00:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-10-16 00:46 . 2011-10-16 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 00:46 . 2011-10-16 00:46 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2011-10-16 00:46 . 2011-10-16 00:46 -------- d-----w- c:\users\Acronis Agent User.Reggie-PC\AppData\Local\temp
2011-10-15 19:12 . 2011-10-16 00:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B6ABA5D-2536-406A-B052-BE3789A88F93}\offreg.dll
2011-10-15 03:56 . 2011-10-15 03:56 -------- d-----w- c:\program files\ESET
2011-10-15 03:46 . 2011-10-15 03:46 -------- d-----w- c:\program files\Common Files\Java
2011-10-14 09:59 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B6ABA5D-2536-406A-B052-BE3789A88F93}\mpengine.dll
2011-10-06 01:35 . 2011-10-06 01:35 -------- d-----w- c:\users\Reggie\AppData\Local\Deluxe_Digital_Studios
2011-09-24 22:30 . 2011-09-24 22:34 -------- d-----w- c:\windows\system32\config\systemprofile\.frostwire5
2011-09-24 17:10 . 2011-09-24 17:10 -------- d-----w- c:\windows\system32\config\systemprofile\.swt
2011-09-24 03:11 . 2011-09-24 03:11 -------- d-----w- c:\programdata\RoboForm
2011-09-24 03:11 . 2011-09-24 22:40 -------- d-----w- c:\program files\Siber Systems
2011-09-24 03:05 . 2011-09-24 03:06 -------- d-----w- c:\program files\somototoolbar
2011-09-24 03:04 . 2011-09-24 03:06 -------- d-----w- c:\program files\Vuze Trial FileBulldog Toolbar
2011-09-22 20:59 . 2011-09-22 20:59 -------- d-----w- c:\users\Reggie\AppData\Roaming\MyPublisher
2011-09-22 20:59 . 2011-09-22 20:59 -------- d-----w- c:\program files\MyPublisher
2011-09-16 22:41 . 2011-10-16 00:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Azureus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2011-07-02 04:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-02 04:34 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-02 04:36 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-07-02 04:36 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-02 04:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-02 04:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-02 04:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-07-02 04:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 00:00 . 2010-01-23 03:19 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 21:37 . 2011-06-16 23:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:31 . 2011-08-12 02:31 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2011-08-12 02:31 . 2011-08-12 02:31 77624 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-08-01 12:27 . 2011-08-01 12:27 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-08-01 12:27 . 2011-08-01 12:27 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-07-22 02:54 . 2011-08-10 10:14 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 10:14 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 10:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-07 01:50 . 2011-03-24 04:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}]
2011-07-21 16:40 81920 ----a-w- c:\program files\somototoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{652853ad-5592-4231-88c6-706613a52e61}"= "c:\program files\somototoolbar\vmntemplateX.dll" [2011-07-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{652853ad-5592-4231-88c6-706613a52e61}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 20:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 20:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDriveE Startup"="c:\idrive\IDrvieEStartup.exe" [2010-08-04 185800]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-04-16 3817080]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-08-08 1407848]
"MusicManager"="c:\users\Reggie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-09-14 13128704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-29 150552]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-11 417792]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-05-01 9210400]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-08-08 1282048]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Hanvon Shell.lnk - c:\hanvon_soft\hwshell.exe [2010-3-13 917504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 20:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Reggie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
path=c:\users\Reggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Reggie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Reggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Reggie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Reggie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-09 00:31 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWTablet KeyPlus]
2008-06-04 00:16 53248 ----a-w- c:\windows\System32\HWKeyPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWTablet Service]
2008-06-04 00:17 299008 ----a-w- c:\windows\System32\HWTabTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-09-01 00:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 02:07]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 02:07]
.
2011-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179481618-1648163425-1458700690-1001Core.job
- c:\users\Reggie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 01:31]
.
2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179481618-1648163425-1458700690-1001UA.job
- c:\users\Reggie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///D:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - file:///D:/activeX/aplugLiteDL.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,a0,12,91,48,8b,f9,4a,87,41,86,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,a0,12,91,48,8b,f9,4a,87,41,86,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(3848)
c:\users\Reggie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\BDT\BDTUpdateService.exe
c:\windows\system32\FsUsbExService.Exe
c:\windows\jwpen.exe
c:\windows\Jwpen.exe
c:\idrive\IDriveE Service.exe
c:\idrive\IDriveWebM.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Live\Mesh\wlcrasvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Eraser\Eraser.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\users\Reggie\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\idrive\IDriveETray.exe
c:\idrive\IDriveEBackground.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Vuze\Azureus.exe
.
**************************************************************************
.
Completion time: 2011-10-15 18:09:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-16 01:08
ComboFix2.txt 2011-10-15 02:30
.
Pre-Run: 55,851,892,736 bytes free
Post-Run: 56,186,900,480 bytes free
.
- - End Of File - - 635C71CDC2E2A12A794BEA143DCB2C6C
Upload was successful
__________________
Baldie559 is offline  
Old 10-15-2011, 06:42 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Baldie559. Thanks for submitting the file. Any improvement in your remaining problems since removing those last files?

I see you still have UAC disabled. You will be more susceptible to infection with it disabled.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-15-2011, 09:29 PM   #15
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



Quote:
Originally Posted by chemist View Post
Hello again, Baldie559. Thanks for submitting the file. Any improvement in your remaining problems since removing those last files?

I see you still have UAC disabled. You will be more susceptible to infection with it disabled.

------------------------------------------------------
So far so good. I haven't had any redirecting with Firefox as of yet.

I am still having an issue with logging into Google Music, however that might be an issue with the software.

Aside from Avast, do you recommend having anything else installed? I currently also have Spybot search & destroy and spywareblaster.
__________________
Baldie559 is offline  
Old 10-15-2011, 09:37 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Hello again, Baldie559. Not sure about Google Music. Doesn't seem to be malware related.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the ESET report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-16-2011, 07:10 AM   #17
TSF Enthusiast
 
Join Date: Nov 2006
Location: California
Posts: 773
OS: XP and Win 7 - Bye Bye Vista!



Thank you for your help. Aside from the google issue, I am having an issue with microsoft updates.

Windows security updates keep failing. This started 10/13/11. Everytime I restart it tries to update but fails.
__________________
Baldie559 is offline  
Old 10-16-2011, 08:44 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Are you getting any error codes? Are they all failing, or only certain ones?

Please list the updates that are failing, unless it is a large number.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-19-2011, 07:15 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Still with us, Baldie559?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 10-24-2011, 09:57 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,411
OS: XP SP3; Win7 32/64-bit



Still with us, Baldie559? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox Paypal Sign In
Hi, This happened last year and I can't remember how I was able to fix it. Now It's Back When I sign on to my paypal account, I type in my password and hit Log In. The page "blinks" or "flickers" as if it loaded the page. The status bar on the lower left says "DONE" But no matter...
glass Mozilla/Firefox Browsers 1 08-04-2011 04:35 AM
Browser automatically redirecting to unknown URL
Hi, Before I begin, I would like to thank everyone in this forum for showing great interest to help distressed users like me. Also, I would like to point out that a problem similar to mine has already been discussed here:...
asp_ts Resolved HJT Threads 10 04-13-2011 05:36 AM
[SOLVED] firefox running too slow
hi from a few days ago now i have been having issues with firefox running to slow. every time i go away from the computer the screen save comes on. when i move the mouse or touch a key the screen save would go away straight away but now firefox just freezes and starts runnig too slow so i...
pezzer Mozilla/Firefox Browsers 11 02-23-2011 02:00 AM
How To change the Firefox Bookmark Menu Timing
Firefox Bookmark Menu Timing I ran a program to "speedup" Firefox and it changed the Firefox Bookmark Menu Timing it such a way that I had trouble using a mouse to select Firefox Bookmarks. It took a lot of research to come up with a solution, so, I wanted to post this on "the web" in...
Terry.Harris Mozilla/Firefox Browsers 0 01-17-2011 06:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 10:38 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts