Backdoor.TidServ!.inf Removal

K

kapil.pundit

New Member
Thread author
Aug 28, 2013
1
Hi everyone,
Please help me in removing the "Backdoor.TidServ!.inf" Virus infection. I googled for removal tips but could not successfully remove the infection. Please guide me on how I can remove this infection.

Thanks in advance.


Here is the OTL Log:

OTL logfile created on: 8/28/2013 5:27:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Terri\Desktop\Removal Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.62% Memory free
4.74 Gb Paging File | 3.45 Gb Available in Paging File | 72.71% Paging File free
Paging file location(s): C:\pagefile.sys 3006 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.76 Gb Total Space | 145.45 Gb Free Space | 62.49% Space Free | Partition Type: NTFS

Computer Name: TWHITESEL | User Name: Terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Terri\Desktop\Removal Tools\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Terri\Desktop\Removal Tools\HitmanPro.exe (SurfRight B.V.)
PRC - C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe ()
PRC - C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe ()
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\iYogi Support Dock\pccare\iysoDefragSrv.exe (iYogi., (www.iyogi.net))
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)
PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_elementtree.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32api.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_socket.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_multiprocessing.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32ts.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._html2.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32crypt.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._misc_.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pythoncom27.dll ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32security.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_ctypes.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32profile.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._core_.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_ssl.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._windows_.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_hashlib.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._wizard.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32file.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32process.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32pdh.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32inet.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._controls_.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\unicodedata.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pyexpat.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32event.pyd ()
MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\select.pyd ()
MOD - C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe ()
MOD - C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\wincfi39.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\PSIService.exe ()
MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()


========== Services (SafeList) ==========

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AmmyyAdmin) -- C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IYSODiskOptimizer) -- C:\Program Files\iYogi Support Dock\pccare\iysoDefragSrv.exe (iYogi., (www.iyogi.net))
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files\Intel\AMT\UNS.exe (Intel)
SRV - (atchksrv) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)
SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (SMR322) -- C:\WINDOWS\system32\drivers\SMR322.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130827.018\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130827.018\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130826.001\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symtdi.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\WINDOWS\system32\drivers\NST\7DD03000.01A\ccSetx86.sys (Symantec Corporation)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (EuDisk) -- C:\WINDOWS\system32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.4.0.40
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {976167E1-BCF8-40F6-A819-6528BD0C2E22}
IE - HKCU\..\SearchScopes\{976167E1-BCF8-40F6-A819-6528BD0C2E22}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_enUS435
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2013&locale=en_US&gct=sb&qsrc=2869
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cdfeeb8&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "traveling to bodrum safety for us citizens"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: avg@igeared:7.004.022.004
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Terri\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/08/27 20:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\ [2013/08/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 07:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 07:44:57 | 000,000,000 | ---D | M]

[2008/12/28 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri\Application Data\Mozilla\Extensions
[2013/07/31 18:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\extensions
[2013/07/11 09:31:19 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\searchplugins\babylon.xml
[2013/07/11 09:31:40 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\searchplugins\delta.xml
[2013/08/27 18:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/27 18:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 07:45:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/27 17:27:14 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPLGN
[2009/07/19 09:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2008/05/01 13:01:17 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2008/05/01 13:01:17 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2012/02/10 20:30:22 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/02/10 20:30:08 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=5823001E4FA5AEDD&affID=119351&tsp=4940
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.3.0.26_0\
CHR - Extension: Gmail = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/01/20 11:09:10 | 000,000,738 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKLM..\RunOnce: [1] C:\Documents and Settings\Terri\Desktop\Removal Tools\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Terri\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Terri\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: drhs.org ([vpn01] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn01.drhs.org/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mozysupport.webex.com/client/T27L10NSP32CP1/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF98A62C-B45A-403D-A7B2-DF66D2FBA7A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{6aab98fa-5ddf-11df-bc6b-001e4fa5aedd}\Shell - "" = AutoRun
O33 - MountPoints2\{6aab98fa-5ddf-11df-bc6b-001e4fa5aedd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/28 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/08/28 16:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/28 16:56:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/27 20:26:14 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR322.SYS
[2013/08/27 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Desktop\Removal Tools
[2013/08/27 20:18:47 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Terri\Desktop\tdsskiller.exe
[2013/08/27 17:30:25 | 000,352,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symtdiv.sys
[2013/08/27 17:30:24 | 000,396,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symtdi.sys
[2013/08/27 17:30:24 | 000,339,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnets.sys
[2013/08/27 17:30:23 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.sys
[2013/08/27 17:30:22 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.sys
[2013/08/27 17:30:22 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.sys
[2013/08/27 17:30:21 | 000,603,224 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.sys
[2013/08/27 17:30:21 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.sys
[2013/08/27 17:30:20 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ironx86.sys
[2013/08/27 17:30:20 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.sys
[2013/08/27 17:29:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1404000.028
[2013/08/27 17:26:44 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/08/27 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/08/27 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/08/27 17:25:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2013/08/27 17:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2013/08/27 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2013/08/25 11:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Application Data\ParetoLogic
[2013/08/25 11:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Application Data\DriverCure
[2013/08/25 11:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/08/17 07:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/15 03:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/14 18:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
[2013/08/05 17:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Local Settings\Application Data\NPE
[2013/08/04 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/08/04 17:04:25 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/04 17:04:24 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/04 17:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/04 17:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/04 17:04:21 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/01 03:09:07 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.sys
[2013/08/01 03:09:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A
[2013/07/31 23:08:01 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.sys
[2013/07/31 23:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03030.013
[2013/07/31 19:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\My Documents\Symantec
[2013/07/31 19:06:56 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.sys
[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST
[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A
[2013/07/31 19:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/07/31 19:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/07/31 19:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2013/07/31 18:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2013/07/31 17:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/03/29 19:06:10 | 012,271,944 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-4d208aac92bfd705178bb55cc02619e1.exe
[2012/02/16 11:47:11 | 012,205,440 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-9c25a149f148f17fec6c964210abc0b0.exe
[2012/01/26 23:24:17 | 009,618,872 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe
[2011/10/07 03:34:55 | 009,608,392 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
[2011/08/10 19:33:49 | 009,396,840 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
[2011/08/02 19:33:02 | 009,506,240 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe
[2011/02/22 22:43:20 | 011,447,056 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
[2011/02/10 18:44:25 | 011,444,496 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
[2010/11/18 15:04:10 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/28 17:16:54 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/08/28 17:13:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/28 17:08:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/28 16:56:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/28 16:56:29 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/28 15:11:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1831545843-3941989892-3574903139-1009UA.job
[2013/08/28 14:13:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/28 07:59:15 | 000,003,964 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2013/08/28 07:59:14 | 000,006,184 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2013/08/28 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TWHITESEL-Terri.job
[2013/08/27 20:44:25 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2013/08/27 20:33:43 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2013/08/27 20:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/27 20:32:32 | 2101,981,184 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 20:32:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/08/27 20:32:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/08/27 20:32:23 | 000,733,837 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\Cat.DB
[2013/08/27 20:26:14 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR322.SYS
[2013/08/27 20:18:48 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Terri\Desktop\tdsskiller.exe
[2013/08/27 18:11:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1831545843-3941989892-3574903139-1009Core.job
[2013/08/27 17:31:13 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/08/27 17:31:13 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/08/27 17:31:13 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/08/27 17:21:19 | 000,667,344 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe
[2013/08/27 17:19:21 | 000,739,608 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\AA_v3.exe
[2013/08/25 18:40:40 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2013/08/24 21:55:42 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\Continue Skype Free Download Installation.lnk
[2013/08/24 20:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/23 16:14:01 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\Ven innovations - Dr. Caudel
[2013/08/22 01:16:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/21 12:08:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/21 12:08:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/20 21:39:28 | 003,569,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/19 15:03:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
[2013/08/15 22:27:17 | 000,003,062 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\empty nesters party .ics
[2013/08/15 03:28:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 03:05:07 | 000,446,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 03:05:07 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/14 18:27:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/08/04 17:04:05 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/04 17:04:04 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/04 17:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/04 17:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/04 17:04:04 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/04 17:04:03 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/08/04 17:04:03 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/08/04 09:22:56 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/08/03 17:21:03 | 000,033,529 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\Guru.rtf
[2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll
[2013/07/31 17:41:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/28 17:16:54 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/08/28 16:56:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/28 16:56:29 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/27 20:31:48 | 000,733,837 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\Cat.DB
[2013/08/27 17:59:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\OPDIRDEL.exe
[2013/08/27 17:31:52 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\VT20130115.021
[2013/08/27 17:30:24 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnetv.cat
[2013/08/27 17:30:24 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnetv.inf
[2013/08/27 17:30:23 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.cat
[2013/08/27 17:30:23 | 000,008,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnet.cat
[2013/08/27 17:30:23 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnet.inf
[2013/08/27 17:30:23 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.inf
[2013/08/27 17:30:22 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.cat
[2013/08/27 17:30:22 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.inf
[2013/08/27 17:30:21 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.cat
[2013/08/27 17:30:21 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.inf
[2013/08/27 17:30:21 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.inf
[2013/08/27 17:30:21 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.inf
[2013/08/27 17:30:20 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.cat
[2013/08/27 17:30:20 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\iron.cat
[2013/08/27 17:30:20 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.inf
[2013/08/27 17:30:20 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\iron.inf
[2013/08/27 17:29:17 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.cat
[2013/08/27 17:29:17 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.cat
[2013/08/27 17:29:17 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\isolate.ini
[2013/08/27 17:26:44 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/08/27 17:26:44 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/08/27 17:26:41 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2013/08/27 17:21:22 | 000,667,344 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe
[2013/08/27 17:19:28 | 000,739,608 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\AA_v3.exe
[2013/08/24 21:55:42 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\Continue Skype Free Download Installation.lnk
[2013/08/23 16:14:01 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\Ven innovations - Dr. Caudel
[2013/08/15 22:27:11 | 000,003,062 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\empty nesters party .ics
[2013/08/03 17:21:03 | 000,033,529 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\Guru.rtf
[2013/08/01 03:09:02 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.cat
[2013/08/01 03:09:02 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.inf
[2013/08/01 03:09:02 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\isolate.ini
[2013/07/31 23:07:56 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.cat
[2013/07/31 23:07:56 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.inf
[2013/07/31 23:07:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\isolate.ini
[2013/07/31 19:06:51 | 000,007,611 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccsetx86.cat
[2013/07/31 19:06:51 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.inf
[2013/07/31 19:06:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\isolate.ini
[2013/07/31 17:22:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/07/24 14:45:09 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Terri\Local Settings\Application Data\poetsch.bat
[2012/08/07 19:32:00 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Terri\g2mdlhlpx.exe
[2012/02/15 02:03:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/09/06 09:25:42 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Terri\Application Data\setup_ldm.iss
[2008/03/18 12:15:47 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Terri\Application Data\Microsoft Excel 97-2003.ADR
[2008/03/11 23:35:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Terri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/11 15:38:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/11 13:03:06 | 000,263,996 | ---- | C] () -- C:\Documents and Settings\Terri\REBOOT=ReallySuppress

========== ZeroAccess Check ==========

[2004/08/10 15:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/03 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/27 16:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2012/11/04 10:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/01/07 10:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2013/07/31 18:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2010/11/14 10:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2013/07/11 09:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/06/11 02:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/11/14 10:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/08/28 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/07/31 18:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/03/11 15:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2013/08/27 16:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/02/01 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/03/11 15:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/06/08 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/03 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/01 20:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/07/11 09:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\1O1L1I1PtF1F1C1N
[2012/11/24 13:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/19 16:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\CVS
[2013/08/25 11:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\DriverCure
[2013/08/27 20:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Dropbox
[2012/01/18 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\iYogi
[2010/08/21 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Leadertech
[2009/11/29 14:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Memeo
[2012/08/17 14:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Oracle
[2013/08/25 11:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\ParetoLogic
[2012/03/06 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Sony Online Entertainment
[2013/05/22 16:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\TuneUp Software
[2012/02/14 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Unity
[2008/06/19 13:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\WebEx

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,503
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,356
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,283
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top