Redirect virus on Firefox and Chrome

Inactive
By coga2222
Jul 7, 2011
Topic Status:
Not open for further replies.
  1. Hi, my name is Dave. I recently was infected with a re-direct virus that re-directs virtually all google searches to Edit: Search hyperlink deleted by Bobbye, and almost all searches on Chrome, regardless of engine, to scour.com. Any help is appreciated!! I will post my logs from the 7 step process above as soon as possible. Thanks!!
  2. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    MBAM

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7043

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    7/7/2011 3:37:34 PM
    mbam-log-2011-07-07 (15-37-34).txt

    Scan type: Quick scan
    Objects scanned: 255927
    Time elapsed: 4 minute(s), 18 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 3
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\Users\administrator.dellimagelt\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> 8704 -> Unloaded process successfully.
    c:\Users\administrator.dellimagelt\AppData\Roaming\dwm.exe (Backdoor.Bot) -> 8412 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\ADMINI~1.DEL\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\administrator.dellimagelt\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\Users\administrator.dellimagelt\AppData\Roaming\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\Users\Administrator.DELLIMAGELT\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> Delete on reboot.
  3. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-07 16:02:20
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.01.0
    Running: hmy9q3r9.exe; Driver: C:\Users\ADMINI~1.DEL\AppData\Local\Temp\kxldapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs VBFilter.Sys (Vexira Antivirus Filter Driver for Windows 2000/XP/2003/Central Command, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat VBFilter.Sys (Vexira Antivirus Filter Driver for Windows 2000/XP/2003/Central Command, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 mekbd.sys (WDM Filter keyboard driver/GenevaLogic AG)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 mekbd.sys (WDM Filter keyboard driver/GenevaLogic AG)

    ---- EOF - GMER 1.0.15 ----
  4. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Administrator at 16:14:47 on 2011-07-07
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2195 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Vexira Antivirus Professional *Disabled/Updated* {23EEBC0C-807F-7CD1-F670-11B63CF63BB9}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\IDT\WDM\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\GenevaLogic\Vision\XL\mesuwts.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Vexira Antivirus\Professional\Bin\vbcmserv.exe
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\GenevaLogic\Vision\XL\MeSuAx.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\GenevaLogic\Vision\Chat\MChat.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Vexira Antivirus\Professional\Bin\vbsystry.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\genevalogic\Vision\XL\MeUiHlp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\SpyNoMore\SNM.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
    C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\mobsync.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:64404
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: {03d4e038-9a50-4f3f-9817-4140e13498a0} - c:\windows\system32\AmRes_fi32.dll
    BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TEXTHE~3.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
    mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [VBSysTrayProf] "c:\program files\vexira antivirus\professional\bin\vbsystry.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MeUiHelper] c:\program files\genevalogic\vision\xl\meuihlp.exe
    mRun: [MeControlDL] c:\program files\genevalogic\vision\xl\MeSuAx.exe /DetectLogin
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
    TCP: Interfaces\{21D9E470-2EFF-4F51-A138-C83482008B38} : DhcpNameServer = 10.10.10.3 10.10.10.4
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6} : DhcpNameServer = 192.168.1.1 71.250.0.12
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\34F67616E6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\6427565666F627D456 : DhcpNameServer = 68.87.64.150 68.87.75.198
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\94E434C455445413 : DhcpNameServer = 10.10.10.3 10.10.10.4
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\C41677E63796465614055303 : DhcpNameServer = 172.16.32.242 172.16.32.244 172.16.32.240
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\D43544F575962756C6563737 : DhcpNameServer = 10.10.10.3 10.10.10.4
    TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\E6564776561627D213 : DhcpNameServer = 10.10.10.3 10.10.10.4
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\administrator.dellimagelt\appdata\roaming\mozilla\firefox\profiles\erd168px.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-27 64288]
    R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-10-21 17072]
    R0 VBRec;VBRec;c:\windows\system32\drivers\vbrec.sys [2010-5-18 20352]
    R1 MENET;MENET;c:\windows\system32\drivers\MeNet.sys [2007-8-21 50424]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-10-21 81920]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-4 114688]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]
    R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-10-21 60928]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 366640]
    R2 MeSuWTS;Vision WTS Helper;c:\program files\genevalogic\vision\xl\mesuwts.exe [2007-8-21 107768]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-8-27 59904]
    R2 VAServProf;Vexira Antivirus Professional;c:\program files\vexira antivirus\professional\bin\vbcmserv.exe [2010-5-19 97592]
    R2 VBShld;VBShld;c:\windows\system32\drivers\vbshld.sys [2010-5-18 156112]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-10-21 42672]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-8-27 274984]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-27 132480]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-27 232960]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22712]
    R3 meddmrr;meddmrr;c:\windows\system32\drivers\meddmrr.sys [2007-8-21 10488]
    R3 mekbd;mekbd;c:\windows\system32\drivers\mekbd.sys [2010-10-26 12800]
    R3 memice;memice;c:\windows\system32\drivers\memice.sys [2010-10-26 11264]
    R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2010-6-15 11048]
    R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2010-6-15 14120]
    R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2010-6-15 13440]
    R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\vbengnt.sys [2010-5-13 237664]
    R3 VBFilter;VBFilter;c:\windows\system32\drivers\vbfilter.sys [2010-5-18 27424]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 DPS32;Diagnostic Policy Service ;c:\windows\system32\wdc32.exe --> c:\windows\system32\wdc32.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2151128]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
    S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-8-27 48640]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-8-27 38912]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-26 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-06-27 21:18:55 1152 ----a-w- c:\windows\system32\windrv.sys
    2011-06-27 21:18:45 -------- d-----w- c:\program files\SpyNoMore
    2011-06-22 21:03:22 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-06-22 20:28:59 98816 ----a-w- c:\windows\sed.exe
    2011-06-22 20:28:59 518144 ----a-w- c:\windows\SWREG.exe
    2011-06-22 20:28:59 256512 ----a-w- c:\windows\PEV.exe
    2011-06-22 20:28:59 208896 ----a-w- c:\windows\MBR.exe
    2011-06-19 15:38:14 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-06-19 04:52:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-18 20:57:36 -------- d-----w- c:\users\administrator.dellimagelt\appdata\roaming\Malwarebytes
    2011-06-18 20:56:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 20:56:47 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-18 20:56:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-18 20:56:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-13 11:44:44 365056 ----a-w- c:\windows\system32\AmRes_fi32.dll
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 16:15:54.43 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/26/2010 8:14:12 AM
    System Uptime: 7/7/2011 4:09:05 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 911/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 127 GiB total, 96.243 GiB free.
    E: is FIXED (NTFS) - 8 GiB total, 7.359 GiB free.
    G: is CDROM ()
    V: is FIXED (FAT) - 0 GiB total, 0.037 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP24: 1/7/2011 10:47:18 AM - Installed Bluetooth Stack for Windows by Toshiba.
    RP25: 1/7/2011 11:14:22 AM - Removed Bluetooth Stack for Windows by Toshiba.
    RP26: 1/7/2011 11:16:30 AM - Installed Bluetooth Stack for Windows by Toshiba.
    RP27: 2/12/2011 5:37:52 PM - Scheduled Checkpoint
    RP28: 2/21/2011 12:08:51 PM - Scheduled Checkpoint
    RP29: 5/16/2011 7:17:27 AM - Installed iTunes
    RP30: 6/22/2011 4:29:13 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    AccelerometerP11
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AuthenTec Fingerprint Software
    BioAPI Framework
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Dell Control Point
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell Edoc Viewer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Dell Touchpad
    Document Manager Lite
    DW WLAN Card Utility
    EMBASSY Security Center
    EMBASSY Security Setup
    ESC Home Page Plugin
    Gemalto
    Google Chrome
    Google Update Helper
    Inspiration 8
    InspireData
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Kidspiration 3
    LessonView
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Scan
    NTRU TCG Software Stack
    O2Micro OZ776 SCR Driver
    PowerDVD DX
    PowerTeacher Gradebook
    Preboot Manager
    Private Information Manager
    QuickTime
    Read And Write 8.1 Gold
    Security Wizards
    Sketchpad
    SMART Notebook
    SMART Product Drivers
    SpyNoMore 2.98
    TeacherEXPRESS: Grade 7 Connected Mathematics 2
    TeacherEXPRESS: Grade 8 Connected Mathematics 2
    Trusted Drive Manager
    UPEK TouchChip Fingerprint Reader
    Vexira Antivirus Professional
    Vision*6
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Wave Infrastructure Installer
    Wave Support Software
    Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2011 4:11:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
    7/7/2011 4:10:01 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    7/7/2011 4:09:27 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MSD due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    7/7/2011 4:09:25 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    7/7/2011 3:40:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    .
    ==== End Of File ===========================
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'll be back to review the logs. Just wanted to tell you that I am deleting the other thread you started.
  6. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    Sorry about that... completely unintentional. For some reason it didn't show up when I looked the first time and I figured I closed the window without hitting submit correctly... my apologies and I really appreciate your help!
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You are running 2 antivirus programs. Please remove one of them:
    Norton Security Scan> to uninstall run Norton Removal Tool
    Vexira Antivirus Professional>> is this through a work environment?

    Please reboot the computer when finished.
    ============================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    I have found some of the entries we will need to remove, but I need to review the result of the 2 scans above for additional entries.
  8. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    ComboFix 11-07-08.03 - Administrator 07/08/2011 22:51:34.3.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2123 [GMT -4:00]
    Running from: c:\users\Administrator.DELLIMAGELT\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Vexira Antivirus Professional *Disabled/Updated* {23EEBC0C-807F-7CD1-F670-11B63CF63BB9}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\defaults\preferences\xulcache.js
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\install.rdf
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\defaults\preferences\xulcache.js
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\install.rdf
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\defaults\preferences\xulcache.js
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\install.rdf
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\defaults\preferences\xulcache.js
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\install.rdf
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\defaults\preferences\xulcache.js
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\install.rdf
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\defaults\preferences\xulcache.js
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\install.rdf
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\defaults\preferences\xulcache.js
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\install.rdf
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\defaults\preferences\xulcache.js
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\install.rdf
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\defaults\preferences\xulcache.js
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\install.rdf
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\defaults\preferences\xulcache.js
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\install.rdf
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\defaults\preferences\xulcache.js
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\install.rdf
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\defaults\preferences\xulcache.js
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\install.rdf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\open\AppData\Local\temp
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\mmeyer\AppData\Local\temp
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\magnolia sc\AppData\Local\temp
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\516\AppData\Local\temp
    2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\_sjtp_tech\AppData\Local\temp
    2011-06-27 21:18 . 2011-06-27 21:18 1152 ----a-w- c:\windows\system32\windrv.sys
    2011-06-27 21:18 . 2011-07-08 05:59 -------- d-----w- c:\program files\SpyNoMore
    2011-06-19 15:38 . 2011-04-21 21:56 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-06-19 04:52 . 2011-06-19 04:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-18 20:57 . 2011-06-18 20:57 -------- d-----w- c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Malwarebytes
    2011-06-18 20:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-18 20:56 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-13 11:44 . 2011-06-13 11:44 365056 ----a-w- c:\windows\system32\AmRes_fi32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-09 02:13 . 2010-11-06 17:50 0 ----a-w- c:\users\Administrator.DELLIMAGELT\AppData\Local\WavXMapDrive.bat
    2011-07-07 20:56 . 2010-12-27 21:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-17 18:30 . 2010-10-26 18:08 0 ----a-w- c:\users\open\AppData\Local\WavXMapDrive.bat
    2011-05-17 00:00 . 2011-05-17 00:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03D4E038-9A50-4F3F-9817-4140E13498A0}]
    2011-06-13 11:44 365056 ----a-w- c:\windows\System32\AmRes_fi32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-01 5249024]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
    "SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "VBSysTrayProf"="c:\program files\Vexira Antivirus\Professional\Bin\vbsystry.exe" [2010-05-26 385976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "MeUiHelper"="c:\program files\GenevaLogic\Vision\XL\meuihlp.exe" [2007-08-21 83192]
    "MeControlDL"="c:\program files\genevalogic\Vision\XL\MeSuAx.exe" [2007-08-21 328952]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1327472]
    SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 DPS32;Diagnostic Policy Service ;c:\windows\system32\wdc32.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
    S0 VBRec;VBRec;c:\windows\System32\Drivers\VBRec.Sys [2010-05-18 20352]
    S1 MENET;MENET;c:\windows\system32\Drivers\MENET.SYS [2007-08-21 50424]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-25 81920]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-11-04 114688]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 MeSuWTS;Vision WTS Helper;c:\program files\GenevaLogic\Vision\XL\mesuwts.exe [2007-08-21 107768]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
    S2 VAServProf;Vexira Antivirus Professional;c:\program files\Vexira Antivirus\Professional\Bin\vbcmserv.exe [2010-05-19 97592]
    S2 VBShld;VBShld;c:\windows\system32\Drivers\VBShld.Sys [2010-05-18 156112]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
    S3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [2007-08-21 10488]
    S3 mekbd;mekbd;c:\windows\system32\Drivers\mekbd.sys [2010-10-26 12800]
    S3 memice;memice;c:\windows\system32\Drivers\memice.sys [2010-10-26 11264]
    S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]
    S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]
    S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]
    S3 VBEngNT;VBEngNT;c:\windows\system32\Drivers\VBEngNT.Sys [2010-05-13 237664]
    S3 VBFilter;VBFilter;c:\windows\system32\Drivers\VBFilter.Sys [2010-05-18 27424]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - VBCoreNT.0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
    .
    2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
    .
    2011-07-08 c:\windows\Tasks\Norton Security Scan for Administrator.job
    - c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-02-18 07:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyServer = http=127.0.0.1:64404
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
    FF - ProfilePath - c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VBCoreNT.0]
    "ImagePath"="\Device\HarddiskVolume3\Program Files\Vexira Antivirus\Professional\Temp\e6ab0uci.vbt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,b5,e7,98,e7,6f,f1,40,a6,56,96,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,b5,e7,98,e7,6f,f1,40,a6,56,96,\
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.cdda"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipa"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipg"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipsw"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itdb"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ite"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itl"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itlp"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itls"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itms"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itpc"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m3u8"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4b"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4p"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4r"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.pcast"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.pls"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.wave"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
    "{03105F08-1C06-7704-7661-7204706F6060}"=hex:00,00,00,00,da,07,0a,00,02,00,1a,
    00,12,00,04,00,1b,00,b6,03,1e,00,00,00,1f,1f,1f,1f,da,07,0a,00,02,00,1a,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-08 23:01:21
    ComboFix-quarantined-files.txt 2011-07-09 03:01
    ComboFix2.txt 2011-06-22 21:04
    .
    Pre-Run: 104,409,784,320 bytes free
    Post-Run: 104,770,523,136 bytes free
    .
    - - End Of File - - 0D2FF8A69C006A387A7F3571FC0F478B
  9. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    Eset Results

    C:\Qoobox\Quarantine\C\ProgramData\AmRes_fi32.dll.vir a variant of Win32/Kryptik.PQF trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 a variant of Java/Exploit.CVE-2010-4452.A trojan
    C:\Windows\System32\AmRes_fi32.dll a variant of Win32/Kryptik.OKQ trojan
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay- everything you see in the Eset log in Qoobox has already been quarantined by Combofix and is not active in the system. For the other:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
      Code:
      :Files  
      C:\Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js 
      C:\Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 
      C:\Windows\System32\AmRes_fi32.dll 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ========================================
    And the Java cache also need to be emptied:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ========================================
      Please note: I am seeing a lot of malware in the Java cache. And every time I see it in a lot, the user has one or more outdated versions if Java. The most current version is v6u26. You have Java(TM) 6 Update 22. That is a vulnerability to the system.
      Please update: [url=http://www.java.com/en/download/manual.jsp][b][color=blue]Java Updates[/b][/color][/url] . Uninstall any earlier versions in Add/Remove Programs.

      [b]Note: Uncheck 'Install Yahoo Toolbar' on the download screen [u]before[/u] you do the update.[/b]
      =========================================
      Go ahead with the above. I'm going to check the Combofix log.

      [b]Edit: Question: Are some users unable to use the [b]Windows Media Player 11[/b]? If so, some entries may need to made for the Registry.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    When you have finished with my Reply #10:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\wdc32.exe
    FileLook::
    c:\windows\system32\AmRes_fi32.dll
    Folder::
    c:\users\mmeyer\AppData\Local\temp
    c:\users\magnolia sc\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\administrator\AppData\Local\temp
    c:\users\516\AppData\Local\temp
    c:\users\_sjtp_tech\AppData\Local\temp
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:64404
    BHO: {03d4e038-9a50-4f3f-9817-4140e13498a0} - c:\windows\system32\AmRes_fi32.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Registry::
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03D4E038-9A50-4F3F-9817-4140E13498A0}]
    RegNull::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
    RegLock::
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Internet Explorer\User Preferences]
    Driver::
    DPS32
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
  12. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    Java Updated- I had to run OTMoveit twice... It froze the first time and I had to restart my comp without being prompted.... I do not know if this had any effect on the logs, though I cannot locate another log file. Thanks again for your help!

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js not found.
    File/Folder C:\Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 not found.
    File/Folder C:\Windows\System32\AmRes_fi32.dll not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: 324
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: 516
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Administrator.DELLIMAGELT
    ->Temp folder emptied: 149424 bytes
    ->Temporary Internet Files folder emptied: 3513949 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 6450205 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: magnolia sc
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mmeyer
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: open
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2103593 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 56958 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: _sjtp_tech
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1024 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 12.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 07102011_223713
  13. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    ComboFix 11-07-10.05 - Administrator 07/10/2011 23:06:10.4.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2220 [GMT -4:00]
    Running from: c:\users\Administrator.DELLIMAGELT\Desktop\ComboFix.exe
    Command switches used :: c:\users\Administrator.DELLIMAGELT\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Vexira Antivirus Professional *Disabled/Updated* {23EEBC0C-807F-7CD1-F670-11B63CF63BB9}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\wdc32.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\_sjtp_tech\AppData\Local\temp
    c:\users\516\AppData\Local\temp
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\defaults\preferences\xulcache.js
    c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\install.rdf
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\defaults\preferences\xulcache.js
    c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\install.rdf
    c:\users\administrator\AppData\Local\temp
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\defaults\preferences\xulcache.js
    c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\install.rdf
    c:\users\Default\AppData\Local\temp
    c:\users\magnolia sc\AppData\Local\temp
    c:\users\mmeyer\AppData\Local\temp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DPS32
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-11 03:13 . 2011-07-11 03:13 -------- d-----w- c:\users\open\AppData\Local\temp
    2011-07-11 03:13 . 2011-07-11 03:13 -------- d-----w- c:\users\324\AppData\Local\temp
    2011-07-11 02:49 . 2011-07-11 02:49 -------- d-----w- c:\program files\Common Files\Java
    2011-07-11 02:48 . 2011-07-11 02:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-07-11 02:35 . 2011-07-11 02:35 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-07-11 02:35 . 2011-07-11 02:35 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-07-11 02:26 . 2011-07-11 02:26 -------- d-----w- C:\_OTM
    2011-07-09 03:06 . 2011-07-09 03:06 -------- d-----w- c:\program files\ESET
    2011-06-27 21:18 . 2011-06-27 21:18 1152 ----a-w- c:\windows\system32\windrv.sys
    2011-06-27 21:18 . 2011-07-08 05:59 -------- d-----w- c:\program files\SpyNoMore
    2011-06-19 15:38 . 2011-04-21 21:56 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-06-19 04:52 . 2011-06-19 04:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-18 20:57 . 2011-06-18 20:57 -------- d-----w- c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Malwarebytes
    2011-06-18 20:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-18 20:56 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-11 03:15 . 2010-11-06 17:50 0 ----a-w- c:\users\Administrator.DELLIMAGELT\AppData\Local\WavXMapDrive.bat
    2011-07-11 02:48 . 2010-10-26 18:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-07 20:56 . 2010-12-27 21:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-17 18:30 . 2010-10-26 18:08 0 ----a-w- c:\users\open\AppData\Local\WavXMapDrive.bat
    2011-07-11 02:35 . 2011-05-17 00:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-01 5249024]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
    "SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "VBSysTrayProf"="c:\program files\Vexira Antivirus\Professional\Bin\vbsystry.exe" [2010-05-26 385976]
    "MeUiHelper"="c:\program files\GenevaLogic\Vision\XL\meuihlp.exe" [2007-08-21 83192]
    "MeControlDL"="c:\program files\genevalogic\Vision\XL\MeSuAx.exe" [2007-08-21 328952]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1327472]
    SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
    R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
    R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
    S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
    S0 VBRec;VBRec;c:\windows\System32\Drivers\VBRec.Sys [2010-05-18 20352]
    S1 MENET;MENET;c:\windows\system32\Drivers\MENET.SYS [2007-08-21 50424]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-25 81920]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-11-04 114688]
    S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]
    S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 MeSuWTS;Vision WTS Helper;c:\program files\GenevaLogic\Vision\XL\mesuwts.exe [2007-08-21 107768]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
    S2 VAServProf;Vexira Antivirus Professional;c:\program files\Vexira Antivirus\Professional\Bin\vbcmserv.exe [2010-05-19 97592]
    S2 VBShld;VBShld;c:\windows\system32\Drivers\VBShld.Sys [2010-05-18 156112]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
    S3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [2007-08-21 10488]
    S3 mekbd;mekbd;c:\windows\system32\Drivers\mekbd.sys [2010-10-26 12800]
    S3 memice;memice;c:\windows\system32\Drivers\memice.sys [2010-10-26 11264]
    S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]
    S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]
    S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]
    S3 VBEngNT;VBEngNT;c:\windows\system32\Drivers\VBEngNT.Sys [2010-05-13 237664]
    S3 VBFilter;VBFilter;c:\windows\system32\Drivers\VBFilter.Sys [2010-05-18 27424]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - VBCoreNT.0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
    .
    2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
    .
    2011-07-08 c:\windows\Tasks\Norton Security Scan for Administrator.job
    - c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-02-18 07:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
    FF - ProfilePath - c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VBCoreNT.0]
    "ImagePath"="\Device\HarddiskVolume3\Program Files\Vexira Antivirus\Professional\Temp\lhl67ljh.vbt"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.cdda"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipa"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipg"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ipsw"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itdb"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.ite"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itl"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itlp"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itls"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itms"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.itpc"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m3u8"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4b"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4p"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.m4r"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.pcast"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.pls"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="iTunes.wave"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5600)
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\IDT\WDM\STacSV.exe
    c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\Dell\DW WLAN Card\bcmwltry.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\windows\system32\taskhost.exe
    c:\program files\GenevaLogic\Vision\Chat\MChat.exe
    c:\windows\system32\conhost.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\SMART Technologies\SMART Product Drivers\Aware.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\program files\SMART Technologies\SMART Product Drivers\Marker.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-07-10 23:20:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-11 03:20
    ComboFix2.txt 2011-07-09 03:01
    ComboFix3.txt 2011-06-22 21:04
    .
    Pre-Run: 104,456,699,904 bytes free
    Post-Run: 104,124,854,272 bytes free
    .
    - - End Of File - - B18EC54BF645408247A285B306A40F96
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I thought I asked this, but maybe I just thought it! Are any of the accounts having a problem using Windows Media Player 11 or iTunes?

    Have you noticed any change, hopefully improvement in the browser redirects?
  15. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    No problems with Windows Media player, and I have not used Itunes on this computer yet. The redirects seem to be much better though. Can't believe how much stuff is being picked up by these scans though.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    We are noticing some locked Registry keys such as this:
    It is not clear if the Administrator has been denied use or whether all accounts 'other that' the Administrator are denied.I currently have 2 threads with the same type of entries. The Denied:(2) would usually indicate Automatic.

    There are the same type of entries for different WMP file associations. And tare 2 of same for @Denied: (2) (Administrator)"Progid"="FirefoxHTML" and a few for different file associations for iTunes: @Denied: (2) (Administrator)

    I would like you to check this out please. Are you the Administrator? Are you logging on under the Administrative account. If Yes/Yes, please see if you can access the files in WMD, HTRML in Firefox or the iTunes files. Then, if there is any other user account on the system, see if they can access the same.

    You can look in the Locked Registry Keys section to see the file extensions.

    Let me know please.
  17. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    I am logged in as the admin. I apologize, but I really don't know how to access these files. I tried to use my computer to find them, but was unable to do so. I also do not know where to find the registry keys on my comp. We got these computers fairly recently, and I believe they use the newest windows OS (vista?) and I have no clue where to find the "run" link that used to be on the start menu (if that is needed for any of these operations)
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I think the simplest thing to ask for both of us is: Are you, as the Administrator and/or the rest of the users seeing "Access is Denied" on any transactions with Windows Media Player, iTunes or Firefox?
  19. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    I cannot log on under anything other than administrator because I am not aware of any other passcodes (this is a work laptop that I am permitted to bring home). Under administrator, there are no access denied issues.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Dave, this computer has been badly infected. There have been large numbers of deletions by Malwarebytes, Combofix and the script I had you run in Combofix. The malware showed to be mostly the Backdoor.Bot

    What is a Backdoor.bot?
    And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
    1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
    2. Data theft (e.g. retrieving passwords or credit card information)
    3. Installation of software, including third-party malware
    4. Downloading or uploading of files on the user's computer
    5. Modification or deletion of files
    6. Keystroke logging
    7. Watching the user's screen
    8. Wasting the computer's storage space
    9. Crashing the computer

    You mention that you got this system recently, but you don't mention if it was new and clean when you go it. I see the following accounts:
    User: Administrator.DELLIMAGELT> Main account with most activity.
    User: _sjtp_tech> some activity
    User: open> some activity

    The following accounts are set up but show no activity:
    User: Public
    User: mmeyer
    User: Default User
    User: Default
    User: 324
    User: 516
    User: administrator
    ===============================================
    Because of the extent of the infection, because of the type of infection and because this it your work computer, I am going to refer you to the IT for the office. You are either getting infected through their servers or because the machine wasn't clean in the first place.

    Your alternative is to reformat/reinstall. This is the best choice, no matter who does it, because of the characteristics of the Backdoor.bot and because there are also other Trojans and Worms on the system.

    And if flash drives (USB drives) are being used between computers, they will all need to be disinfected.

    By the way, the operating system is Microsoft Windows 7 Professional
  21. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    I was given the computer to bring home from work back in November... All other user names are correct and have used it once or twice, with mmeyer and sjtp being the people who installed everything... I now only use the computer at home, and it has not been on the work server in over a month, and will not be in the future. All spyware detectors, include malwarebytes, are coming up clean now... Is there anything else I can do besides re-installing (mainly because that will not be possible for another month or two)?
  22. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    Also, I believe that the computer was clean when I got it, and I have not visited any questionable sites in the time that I have had it
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    If you are only going to use the system as a PC and not for work, I'd wipe the system completely- including removing all the previous accounts. Then reinstall the operating system. And get some security of the kind more appropriate for a home user. I do see Norton running- I missed it before, but I would apply security more of the type in my recommendation below rather than Vexira Antivirus Professionahant. And even the Lavasoft AdAware program isn't that string anymore.

    You were given the computer 6 months ago, but I don't see any security updates or hotfixes. However the system is configured now, it isn't secure. And per my description of the Backdoor.bot the system is most likely already compromised.
    ==============================================
    Go ahead and run the following again- we'll see what's back or still on: Be sure to update and note the Mbam is for a full scan this time:
    Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
    =============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    These security tips may help:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
  24. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7218

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    7/22/2011 1:34:25 AM
    mbam-log-2011-07-22 (01-34-25).txt

    Scan type: Full scan (C:\|E:\|G:\|V:\|)
    Objects scanned: 351199
    Time elapsed: 8 hour(s), 26 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  25. coga2222

    coga2222 Newcomer, in training Topic Starter Posts: 16

    Eset

    C:\Qoobox\Quarantine\C\ProgramData\AmRes_fi32.dll.vir a variant of Win32/Kryptik.PQF trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
    C:\_OTM\MovedFiles\07102011_222616\C_Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
    C:\_OTM\MovedFiles\07102011_222616\C_Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 a variant of Java/Exploit.CVE-2010-4452.A trojan
    C:\_OTM\MovedFiles\07102011_222616\C_Windows\System32\AmRes_fi32.dll a variant of Win32/Kryptik.OKQ trojan
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.