Inactive Redirect virus on Firefox and Chrome

Status
Not open for further replies.
C

coga2222

Posts: 16   +0
Hi, my name is Dave. I recently was infected with a re-direct virus that re-directs virtually all google searches to Edit: Search hyperlink deleted by Bobbye, and almost all searches on Chrome, regardless of engine, to scour.com. Any help is appreciated!! I will post my logs from the 7 step process above as soon as possible. Thanks!!
 
MBAM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7043

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/7/2011 3:37:34 PM
mbam-log-2011-07-07 (15-37-34).txt

Scan type: Quick scan
Objects scanned: 255927
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\Users\administrator.dellimagelt\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> 8704 -> Unloaded process successfully.
c:\Users\administrator.dellimagelt\AppData\Roaming\dwm.exe (Backdoor.Bot) -> 8412 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\ADMINI~1.DEL\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator.dellimagelt\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\administrator.dellimagelt\AppData\Roaming\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Administrator.DELLIMAGELT\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> Delete on reboot.
 
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-07 16:02:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.01.0
Running: hmy9q3r9.exe; Driver: C:\Users\ADMINI~1.DEL\AppData\Local\Temp\kxldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VBFilter.Sys (Vexira Antivirus Filter Driver for Windows 2000/XP/2003/Central Command, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat VBFilter.Sys (Vexira Antivirus Filter Driver for Windows 2000/XP/2003/Central Command, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 mekbd.sys (WDM Filter keyboard driver/GenevaLogic AG)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 mekbd.sys (WDM Filter keyboard driver/GenevaLogic AG)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Administrator at 16:14:47 on 2011-07-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2195 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Vexira Antivirus Professional *Disabled/Updated* {23EEBC0C-807F-7CD1-F670-11B63CF63BB9}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\GenevaLogic\Vision\XL\mesuwts.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Vexira Antivirus\Professional\Bin\vbcmserv.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\GenevaLogic\Vision\XL\MeSuAx.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\GenevaLogic\Vision\Chat\MChat.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Vexira Antivirus\Professional\Bin\vbsystry.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\genevalogic\Vision\XL\MeUiHlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\mobsync.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:64404
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {03d4e038-9a50-4f3f-9817-4140e13498a0} - c:\windows\system32\AmRes_fi32.dll
BHO: txthlpBHO Class: {060235dc-6d84-47bd-95d7-a4ef5099a59d} - c:\progra~1\texthe~1\readan~1\TEXTHE~3.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SMART Board Service] c:\program files\smart technologies\smart product drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe -e
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VBSysTrayProf] "c:\program files\vexira antivirus\professional\bin\vbsystry.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MeUiHelper] c:\program files\genevalogic\vision\xl\meuihlp.exe
mRun: [MeControlDL] c:\program files\genevalogic\vision\xl\MeSuAx.exe /DetectLogin
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart product drivers\SMARTBoardTools.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{21D9E470-2EFF-4F51-A138-C83482008B38} : DhcpNameServer = 10.10.10.3 10.10.10.4
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6} : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\34F67616E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\6427565666F627D456 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\94E434C455445413 : DhcpNameServer = 10.10.10.3 10.10.10.4
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\C41677E63796465614055303 : DhcpNameServer = 172.16.32.242 172.16.32.244 172.16.32.240
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\D43544F575962756C6563737 : DhcpNameServer = 10.10.10.3 10.10.10.4
TCP: Interfaces\{9D1645E5-6AAD-4F80-8958-91CF7D29A1A6}\E6564776561627D213 : DhcpNameServer = 10.10.10.3 10.10.10.4
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator.dellimagelt\appdata\roaming\mozilla\firefox\profiles\erd168px.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-27 64288]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-10-21 17072]
R0 VBRec;VBRec;c:\windows\system32\drivers\vbrec.sys [2010-5-18 20352]
R1 MENET;MENET;c:\windows\system32\drivers\MeNet.sys [2007-8-21 50424]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-10-21 81920]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-4 114688]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-10-21 60928]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 366640]
R2 MeSuWTS;Vision WTS Helper;c:\program files\genevalogic\vision\xl\mesuwts.exe [2007-8-21 107768]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-8-27 59904]
R2 VAServProf;Vexira Antivirus Professional;c:\program files\vexira antivirus\professional\bin\vbcmserv.exe [2010-5-19 97592]
R2 VBShld;VBShld;c:\windows\system32\drivers\vbshld.sys [2010-5-18 156112]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-10-21 42672]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-8-27 274984]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-27 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-8-27 232960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22712]
R3 meddmrr;meddmrr;c:\windows\system32\drivers\meddmrr.sys [2007-8-21 10488]
R3 mekbd;mekbd;c:\windows\system32\drivers\mekbd.sys [2010-10-26 12800]
R3 memice;memice;c:\windows\system32\drivers\memice.sys [2010-10-26 11264]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2010-6-15 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2010-6-15 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2010-6-15 13440]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\vbengnt.sys [2010-5-13 237664]
R3 VBFilter;VBFilter;c:\windows\system32\drivers\vbfilter.sys [2010-5-18 27424]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DPS32;Diagnostic Policy Service ;c:\windows\system32\wdc32.exe --> c:\windows\system32\wdc32.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2151128]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-8-27 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-8-27 38912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-26 1343400]
.
=============== Created Last 30 ================
.
2011-06-27 21:18:55 1152 ----a-w- c:\windows\system32\windrv.sys
2011-06-27 21:18:45 -------- d-----w- c:\program files\SpyNoMore
2011-06-22 21:03:22 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-22 20:28:59 98816 ----a-w- c:\windows\sed.exe
2011-06-22 20:28:59 518144 ----a-w- c:\windows\SWREG.exe
2011-06-22 20:28:59 256512 ----a-w- c:\windows\PEV.exe
2011-06-22 20:28:59 208896 ----a-w- c:\windows\MBR.exe
2011-06-19 15:38:14 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-19 04:52:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 20:57:36 -------- d-----w- c:\users\administrator.dellimagelt\appdata\roaming\Malwarebytes
2011-06-18 20:56:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 20:56:47 -------- d-----w- c:\programdata\Malwarebytes
2011-06-18 20:56:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 20:56:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 11:44:44 365056 ----a-w- c:\windows\system32\AmRes_fi32.dll
.
==================== Find3M ====================
.
.
============= FINISH: 16:15:54.43 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2010 8:14:12 AM
System Uptime: 7/7/2011 4:09:05 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 911/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 127 GiB total, 96.243 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 7.359 GiB free.
G: is CDROM ()
V: is FIXED (FAT) - 0 GiB total, 0.037 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 1/7/2011 10:47:18 AM - Installed Bluetooth Stack for Windows by Toshiba.
RP25: 1/7/2011 11:14:22 AM - Removed Bluetooth Stack for Windows by Toshiba.
RP26: 1/7/2011 11:16:30 AM - Installed Bluetooth Stack for Windows by Toshiba.
RP27: 2/12/2011 5:37:52 PM - Scheduled Checkpoint
RP28: 2/21/2011 12:08:51 PM - Scheduled Checkpoint
RP29: 5/16/2011 7:17:27 AM - Installed iTunes
RP30: 6/22/2011 4:29:13 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
AccelerometerP11
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AuthenTec Fingerprint Software
BioAPI Framework
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Document Manager Lite
DW WLAN Card Utility
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Google Chrome
Google Update Helper
Inspiration 8
InspireData
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Kidspiration 3
LessonView
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NTRU TCG Software Stack
O2Micro OZ776 SCR Driver
PowerDVD DX
PowerTeacher Gradebook
Preboot Manager
Private Information Manager
QuickTime
Read And Write 8.1 Gold
Security Wizards
Sketchpad
SMART Notebook
SMART Product Drivers
SpyNoMore 2.98
TeacherEXPRESS: Grade 7 Connected Mathematics 2
TeacherEXPRESS: Grade 8 Connected Mathematics 2
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Vexira Antivirus Professional
Vision*6
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 4:11:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
7/7/2011 4:10:01 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
7/7/2011 4:09:27 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MSD due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
7/7/2011 4:09:25 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
7/7/2011 3:40:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
.
==== End Of File ===========================
 
I'll be back to review the logs. Just wanted to tell you that I am deleting the other thread you started.
 
Sorry about that... completely unintentional. For some reason it didn't show up when I looked the first time and I figured I closed the window without hitting submit correctly... my apologies and I really appreciate your help!
 
You are running 2 antivirus programs. Please remove one of them:
Norton Security Scan> to uninstall run Norton Removal Tool
Vexira Antivirus Professional>> is this through a work environment?

Please reboot the computer when finished.
============================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

I have found some of the entries we will need to remove, but I need to review the result of the 2 scans above for additional entries.
 
ComboFix 11-07-08.03 - Administrator 07/08/2011 22:51:34.3.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2123 [GMT -4:00]
Running from: c:\users\Administrator.DELLIMAGELT\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Vexira Antivirus Professional *Disabled/Updated* {23EEBC0C-807F-7CD1-F670-11B63CF63BB9}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\defaults\preferences\xulcache.js
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\install.rdf
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\defaults\preferences\xulcache.js
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\install.rdf
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\defaults\preferences\xulcache.js
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\install.rdf
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\defaults\preferences\xulcache.js
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\install.rdf
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\defaults\preferences\xulcache.js
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\install.rdf
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\defaults\preferences\xulcache.js
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\install.rdf
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\defaults\preferences\xulcache.js
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\install.rdf
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\defaults\preferences\xulcache.js
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\install.rdf
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\defaults\preferences\xulcache.js
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\install.rdf
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\defaults\preferences\xulcache.js
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\install.rdf
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\defaults\preferences\xulcache.js
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\install.rdf
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\defaults\preferences\xulcache.js
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\open\AppData\Local\temp
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\mmeyer\AppData\Local\temp
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\magnolia sc\AppData\Local\temp
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\516\AppData\Local\temp
2011-07-09 02:59 . 2011-07-09 02:59 -------- d-----w- c:\users\_sjtp_tech\AppData\Local\temp
2011-06-27 21:18 . 2011-06-27 21:18 1152 ----a-w- c:\windows\system32\windrv.sys
2011-06-27 21:18 . 2011-07-08 05:59 -------- d-----w- c:\program files\SpyNoMore
2011-06-19 15:38 . 2011-04-21 21:56 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-19 04:52 . 2011-06-19 04:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 20:57 . 2011-06-18 20:57 -------- d-----w- c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Malwarebytes
2011-06-18 20:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\programdata\Malwarebytes
2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 20:56 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 11:44 . 2011-06-13 11:44 365056 ----a-w- c:\windows\system32\AmRes_fi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 02:13 . 2010-11-06 17:50 0 ----a-w- c:\users\Administrator.DELLIMAGELT\AppData\Local\WavXMapDrive.bat
2011-07-07 20:56 . 2010-12-27 21:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-17 18:30 . 2010-10-26 18:08 0 ----a-w- c:\users\open\AppData\Local\WavXMapDrive.bat
2011-05-17 00:00 . 2011-05-17 00:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03D4E038-9A50-4F3F-9817-4140E13498A0}]
2011-06-13 11:44 365056 ----a-w- c:\windows\System32\AmRes_fi32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-01 5249024]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"VBSysTrayProf"="c:\program files\Vexira Antivirus\Professional\Bin\vbsystry.exe" [2010-05-26 385976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MeUiHelper"="c:\program files\GenevaLogic\Vision\XL\meuihlp.exe" [2007-08-21 83192]
"MeControlDL"="c:\program files\genevalogic\Vision\XL\MeSuAx.exe" [2007-08-21 328952]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1327472]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DPS32;Diagnostic Policy Service ;c:\windows\system32\wdc32.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S0 VBRec;VBRec;c:\windows\System32\Drivers\VBRec.Sys [2010-05-18 20352]
S1 MENET;MENET;c:\windows\system32\Drivers\MENET.SYS [2007-08-21 50424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-25 81920]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-11-04 114688]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 MeSuWTS;Vision WTS Helper;c:\program files\GenevaLogic\Vision\XL\mesuwts.exe [2007-08-21 107768]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S2 VAServProf;Vexira Antivirus Professional;c:\program files\Vexira Antivirus\Professional\Bin\vbcmserv.exe [2010-05-19 97592]
S2 VBShld;VBShld;c:\windows\system32\Drivers\VBShld.Sys [2010-05-18 156112]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [2007-08-21 10488]
S3 mekbd;mekbd;c:\windows\system32\Drivers\mekbd.sys [2010-10-26 12800]
S3 memice;memice;c:\windows\system32\Drivers\memice.sys [2010-10-26 11264]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]
S3 VBEngNT;VBEngNT;c:\windows\system32\Drivers\VBEngNT.Sys [2010-05-13 237664]
S3 VBFilter;VBFilter;c:\windows\system32\Drivers\VBFilter.Sys [2010-05-18 27424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - VBCoreNT.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
.
2011-07-08 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-02-18 07:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:64404
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
FF - ProfilePath - c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VBCoreNT.0]
"ImagePath"="\Device\HarddiskVolume3\Program Files\Vexira Antivirus\Professional\Temp\e6ab0uci.vbt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,b5,e7,98,e7,6f,f1,40,a6,56,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,b5,e7,98,e7,6f,f1,40,a6,56,96,\
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itls"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
"{03105F08-1C06-7704-7661-7204706F6060}"=hex:00,00,00,00,da,07,0a,00,02,00,1a,
00,12,00,04,00,1b,00,b6,03,1e,00,00,00,1f,1f,1f,1f,da,07,0a,00,02,00,1a,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-08 23:01:21
ComboFix-quarantined-files.txt 2011-07-09 03:01
ComboFix2.txt 2011-06-22 21:04
.
Pre-Run: 104,409,784,320 bytes free
Post-Run: 104,770,523,136 bytes free
.
- - End Of File - - 0D2FF8A69C006A387A7F3571FC0F478B
 
Eset Results

C:\Qoobox\Quarantine\C\ProgramData\AmRes_fi32.dll.vir a variant of Win32/Kryptik.PQF trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 a variant of Java/Exploit.CVE-2010-4452.A trojan
C:\Windows\System32\AmRes_fi32.dll a variant of Win32/Kryptik.OKQ trojan
 
Okay- everything you see in the Eset log in Qoobox has already been quarantined by Combofix and is not active in the system. For the other:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
    Code: 
    :Files  
C:\Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js 
C:\Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 
C:\Windows\System32\AmRes_fi32.dll 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
And the Java cache also need to be emptied:
  1. . Click Start > Control Panel.
  2. . Double-click the Java icon
    java.png
    in the Control Panel.
  3. . Click Settings under Temporary Internet Files.
    http://www.java.com/en/img/download/5000020303.jpg[/b]
    There are three options on this window to clear the cache.(Version dependent)
    [o]. Delete Files
    [o]. View Applications
    [o]. View Applets
    [*]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [*]. Click OK on Temporary Files Settings window. [/list]
    ========================================
    Please note: I am seeing a lot of malware in the Java cache. And every time I see it in a lot, the user has one or more outdated versions if Java. The most current version is v6u26. You have Java(TM) 6 Update 22. That is a vulnerability to the system.
    Please update: [url=https://www.techspot.com/downloads/6463-java-se.html][b][color=blue]Java Updates[/b][/color][/url] . Uninstall any earlier versions in Add/Remove Programs.

    [b]Note: Uncheck 'Install Yahoo Toolbar' on the download screen [u]before[/u] you do the update.[/b]
    =========================================
    Go ahead with the above. I'm going to check the Combofix log.

    [b]Edit: Question: Are some users unable to use the [b]Windows Media Player 11[/b]? If so, some entries may need to made for the Registry.
 
When you have finished with my Reply #10:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\wdc32.exe
FileLook::
c:\windows\system32\AmRes_fi32.dll
Folder::
c:\users\mmeyer\AppData\Local\temp
c:\users\magnolia sc\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\users\administrator\AppData\Local\temp
c:\users\516\AppData\Local\temp
c:\users\_sjtp_tech\AppData\Local\temp
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:64404
BHO: {03d4e038-9a50-4f3f-9817-4140e13498a0} - c:\windows\system32\AmRes_fi32.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03D4E038-9A50-4F3F-9817-4140E13498A0}]
RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.glcx\{656E6547-6176-6F4C-6769-63204C696331}* ]
RegLock::
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Internet Explorer\User Preferences]
Driver::
DPS32
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
 
Java Updated- I had to run OTMoveit twice... It froze the first time and I had to restart my comp without being prompted.... I do not know if this had any effect on the logs, though I cannot locate another log file. Thanks again for your help!

All processes killed
========== FILES ==========
File/Folder C:\Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js not found.
File/Folder C:\Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 not found.
File/Folder C:\Windows\System32\AmRes_fi32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 324
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: 516
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.DELLIMAGELT
->Temp folder emptied: 149424 bytes
->Temporary Internet Files folder emptied: 3513949 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6450205 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: magnolia sc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mmeyer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: open
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2103593 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 56958 bytes

User: Public
->Temp folder emptied: 0 bytes

User: _sjtp_tech
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07102011_223713
 
ComboFix 11-07-10.05 - Administrator 07/10/2011 23:06:10.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3510.2220 [GMT -4:00]
Running from: c:\users\Administrator.DELLIMAGELT\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator.DELLIMAGELT\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Vexira Antivirus Professional *Disabled/Updated* {23EEBC0C-807F-7CD1-F670-11B63CF63BB9}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\wdc32.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\_sjtp_tech\AppData\Local\temp
c:\users\516\AppData\Local\temp
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\defaults\preferences\xulcache.js
c:\users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\install.rdf
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\defaults\preferences\xulcache.js
c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\install.rdf
c:\users\administrator\AppData\Local\temp
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\defaults\preferences\xulcache.js
c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\install.rdf
c:\users\Default\AppData\Local\temp
c:\users\magnolia sc\AppData\Local\temp
c:\users\mmeyer\AppData\Local\temp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DPS32
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 03:13 . 2011-07-11 03:13 -------- d-----w- c:\users\open\AppData\Local\temp
2011-07-11 03:13 . 2011-07-11 03:13 -------- d-----w- c:\users\324\AppData\Local\temp
2011-07-11 02:49 . 2011-07-11 02:49 -------- d-----w- c:\program files\Common Files\Java
2011-07-11 02:48 . 2011-07-11 02:48 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-11 02:35 . 2011-07-11 02:35 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-11 02:35 . 2011-07-11 02:35 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-11 02:26 . 2011-07-11 02:26 -------- d-----w- C:\_OTM
2011-07-09 03:06 . 2011-07-09 03:06 -------- d-----w- c:\program files\ESET
2011-06-27 21:18 . 2011-06-27 21:18 1152 ----a-w- c:\windows\system32\windrv.sys
2011-06-27 21:18 . 2011-07-08 05:59 -------- d-----w- c:\program files\SpyNoMore
2011-06-19 15:38 . 2011-04-21 21:56 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-19 04:52 . 2011-06-19 04:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-18 20:57 . 2011-06-18 20:57 -------- d-----w- c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Malwarebytes
2011-06-18 20:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\programdata\Malwarebytes
2011-06-18 20:56 . 2011-06-18 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 20:56 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 03:15 . 2010-11-06 17:50 0 ----a-w- c:\users\Administrator.DELLIMAGELT\AppData\Local\WavXMapDrive.bat
2011-07-11 02:48 . 2010-10-26 18:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-07 20:56 . 2010-12-27 21:42 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-17 18:30 . 2010-10-26 18:08 0 ----a-w- c:\users\open\AppData\Local\WavXMapDrive.bat
2011-07-11 02:35 . 2011-05-17 00:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-25 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-01 5249024]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"VBSysTrayProf"="c:\program files\Vexira Antivirus\Professional\Bin\vbsystry.exe" [2010-05-26 385976]
"MeUiHelper"="c:\program files\GenevaLogic\Vision\XL\meuihlp.exe" [2007-08-21 83192]
"MeControlDL"="c:\program files\genevalogic\Vision\XL\MeSuAx.exe" [2007-08-21 328952]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-12 1067984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1327472]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S0 VBRec;VBRec;c:\windows\System32\Drivers\VBRec.Sys [2010-05-18 20352]
S1 MENET;MENET;c:\windows\system32\Drivers\MENET.SYS [2007-08-21 50424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-25 81920]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-11-04 114688]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 MeSuWTS;Vision WTS Helper;c:\program files\GenevaLogic\Vision\XL\mesuwts.exe [2007-08-21 107768]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S2 VAServProf;Vexira Antivirus Professional;c:\program files\Vexira Antivirus\Professional\Bin\vbcmserv.exe [2010-05-19 97592]
S2 VBShld;VBShld;c:\windows\system32\Drivers\VBShld.Sys [2010-05-18 156112]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 meddmrr;meddmrr;c:\windows\system32\DRIVERS\meddmrr.sys [2007-08-21 10488]
S3 mekbd;mekbd;c:\windows\system32\Drivers\mekbd.sys [2010-10-26 12800]
S3 memice;memice;c:\windows\system32\Drivers\memice.sys [2010-10-26 11264]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2010-06-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2010-06-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2010-06-15 13440]
S3 VBEngNT;VBEngNT;c:\windows\system32\Drivers\VBEngNT.Sys [2010-05-13 237664]
S3 VBFilter;VBFilter;c:\windows\system32\Drivers\VBFilter.Sys [2010-05-18 27424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - VBCoreNT.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 21:38]
.
2011-07-08 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-02-18 07:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
FF - ProfilePath - c:\users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VBCoreNT.0]
"ImagePath"="\Device\HarddiskVolume3\Program Files\Vexira Antivirus\Professional\Temp\lhl67ljh.vbt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itls"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5600)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\program files\GenevaLogic\Vision\Chat\MChat.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\SMART Technologies\SMART Product Drivers\Aware.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\SMART Technologies\SMART Product Drivers\Marker.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\BtAssist.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-07-10 23:20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-11 03:20
ComboFix2.txt 2011-07-09 03:01
ComboFix3.txt 2011-06-22 21:04
.
Pre-Run: 104,456,699,904 bytes free
Post-Run: 104,124,854,272 bytes free
.
- - End Of File - - B18EC54BF645408247A285B306A40F96
 
I thought I asked this, but maybe I just thought it! Are any of the accounts having a problem using Windows Media Player 11 or iTunes?

Have you noticed any change, hopefully improvement in the browser redirects?
 
No problems with Windows Media player, and I have not used Itunes on this computer yet. The redirects seem to be much better though. Can't believe how much stuff is being picked up by these scans though.
 
We are noticing some locked Registry keys such as this:
[HKEY_USERS\S-1-5-21-2644167271-439061571-2009282644-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
Click to expand...

It is not clear if the Administrator has been denied use or whether all accounts 'other that' the Administrator are denied.I currently have 2 threads with the same type of entries. The Denied:(2) would usually indicate Automatic.

There are the same type of entries for different WMP file associations. And tare 2 of same for @Denied: (2) (Administrator)"Progid"="FirefoxHTML" and a few for different file associations for iTunes: @Denied: (2) (Administrator)

I would like you to check this out please. Are you the Administrator? Are you logging on under the Administrative account. If Yes/Yes, please see if you can access the files in WMD, HTRML in Firefox or the iTunes files. Then, if there is any other user account on the system, see if they can access the same.

You can look in the Locked Registry Keys section to see the file extensions.

Let me know please.
 
I am logged in as the admin. I apologize, but I really don't know how to access these files. I tried to use my computer to find them, but was unable to do so. I also do not know where to find the registry keys on my comp. We got these computers fairly recently, and I believe they use the newest windows OS (vista?) and I have no clue where to find the "run" link that used to be on the start menu (if that is needed for any of these operations)
 
I think the simplest thing to ask for both of us is: Are you, as the Administrator and/or the rest of the users seeing "Access is Denied" on any transactions with Windows Media Player, iTunes or Firefox?
 
I cannot log on under anything other than administrator because I am not aware of any other passcodes (this is a work laptop that I am permitted to bring home). Under administrator, there are no access denied issues.
 
Dave, this computer has been badly infected. There have been large numbers of deletions by Malwarebytes, Combofix and the script I had you run in Combofix. The malware showed to be mostly the Backdoor.Bot

What is a Backdoor.bot?
This is a piece of malware that has worm, downloader, backdoor, keylogger and spy ability. It may arrive on a system after being exploited by a copy of the worm, residing on an infected machine in the network. After execution, the malware will inject a piece of code in kernel mode (by gaining access to \Device\PhysicalMemory). It will make a copy of itself inside c:\windows\fonts\unwise_.exe (hidden), execute it and continue execution there. The original file it will then be deleted. The worm will register itself as a service under the name: Windows Hosts Controller, and setting the information to "Enables Windows Host Controller Service. This service cannot be stopped." discouraging users from deleting it.
- The worm has the ability to spread via:
o USB drives; when it detects a new drive, it will make a fresh copy of itself, on the USB drive in the following directory:
Recycler\S-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxx\file-name.exe. It will also create an autorun.inf file that will point to the new copy.
Click to expand...

And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
  1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
  2. Data theft (e.g. retrieving passwords or credit card information)
  3. Installation of software, including third-party malware
  4. Downloading or uploading of files on the user's computer
  5. Modification or deletion of files
  6. Keystroke logging
  7. Watching the user's screen
  8. Wasting the computer's storage space
  9. Crashing the computer

You mention that you got this system recently, but you don't mention if it was new and clean when you go it. I see the following accounts:
User: Administrator.DELLIMAGELT> Main account with most activity.
User: _sjtp_tech> some activity
User: open> some activity

The following accounts are set up but show no activity:
User: Public
User: mmeyer
User: Default User
User: Default
User: 324
User: 516
User: administrator
===============================================
Because of the extent of the infection, because of the type of infection and because this it your work computer, I am going to refer you to the IT for the office. You are either getting infected through their servers or because the machine wasn't clean in the first place.

Your alternative is to reformat/reinstall. This is the best choice, no matter who does it, because of the characteristics of the Backdoor.bot and because there are also other Trojans and Worms on the system.

And if flash drives (USB drives) are being used between computers, they will all need to be disinfected.

By the way, the operating system is Microsoft Windows 7 Professional
 
I was given the computer to bring home from work back in November... All other user names are correct and have used it once or twice, with mmeyer and sjtp being the people who installed everything... I now only use the computer at home, and it has not been on the work server in over a month, and will not be in the future. All spyware detectors, include malwarebytes, are coming up clean now... Is there anything else I can do besides re-installing (mainly because that will not be possible for another month or two)?
 
Also, I believe that the computer was clean when I got it, and I have not visited any questionable sites in the time that I have had it
 
If you are only going to use the system as a PC and not for work, I'd wipe the system completely- including removing all the previous accounts. Then reinstall the operating system. And get some security of the kind more appropriate for a home user. I do see Norton running- I missed it before, but I would apply security more of the type in my recommendation below rather than Vexira Antivirus Professionahant. And even the Lavasoft AdAware program isn't that string anymore.

You were given the computer 6 months ago, but I don't see any security updates or hotfixes. However the system is configured now, it isn't secure. And per my description of the Backdoor.bot the system is most likely already compromised.
==============================================
Go ahead and run the following again- we'll see what's back or still on: Be sure to update and note the Mbam is for a full scan this time:
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Pad before copying the log to paste in your next reply.
=============================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
========================================
These security tips may help:
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o] [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7218

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/22/2011 1:34:25 AM
mbam-log-2011-07-22 (01-34-25).txt

Scan type: Full scan (C:\|E:\|G:\|V:\|)
Objects scanned: 351199
Time elapsed: 8 hour(s), 26 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Eset

C:\Qoobox\Quarantine\C\ProgramData\AmRes_fi32.dll.vir a variant of Win32/Kryptik.PQF trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\516\AppData\Roaming\Mozilla\Firefox\Profiles\r3o80w56.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\moahyg9w.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{1f79d4ae-f1ed-48ca-83e1-4b7665761d00}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{8cef0456-c220-4c9b-9394-a6c03fe71a99}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ac4107df-a5cd-4abe-95a0-acf933bdb6e1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{ad467c1d-1b8a-4cfc-9044-45837f10b4f1}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{d9f65a27-ddaf-413e-83bf-8e4efcb37afc}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{e4450701-dcf3-465a-88fa-f6e970d5c345}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Users\Administrator.DELLIMAGELT\AppData\Roaming\Mozilla\Firefox\Profiles\erd168px.default\extensions\{f8824da4-39c2-4bef-aa70-87f3dbbd75c7}\chrome\xulcache.jar.vir JS/Agent.NDB trojan
C:\_OTM\MovedFiles\07102011_222616\C_Users\Administrator.DELLIMAGELT\AppData\Local\Google\Chrome\User Data\Default\Default\nmfafonanfpojnioboldigmfocfgkcpj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\_OTM\MovedFiles\07102011_222616\C_Users\Administrator.DELLIMAGELT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-789cfba9 a variant of Java/Exploit.CVE-2010-4452.A trojan
C:\_OTM\MovedFiles\07102011_222616\C_Windows\System32\AmRes_fi32.dll a variant of Win32/Kryptik.OKQ trojan
 
Status
Not open for further replies.

Similar threads

D
Firefox users can now import Chrome extensions, but there's a catch
Replies
4
Views
463
Feng Lengshun
F
P
Microsoft Edge is getting price change alerts, easy password changes, and an 'efficiency...
Replies
15
Views
1K
Geralt
Geralt
P
Malwarebytes' 'Browser Guard' add-on blocks browser hijacking, pop-up scams, and other...
Replies
5
Views
1K
rrwards
R

Latest posts

Back