Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Backdoor.TidServ!.inf Removal
Message
<blockquote data-quote="kapil.pundit" data-source="post: 133565" data-attributes="member: 12174"><p>Hi everyone,</p><p>Please help me in removing the "Backdoor.TidServ!.inf" Virus infection. I googled for removal tips but could not successfully remove the infection. Please guide me on how I can remove this infection.</p><p></p><p>Thanks in advance.</p><p></p><p></p><p>Here is the OTL Log:</p><p></p><p>OTL logfile created on: 8/28/2013 5:27:51 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Terri\Desktop\Removal Tools</p><p>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</p><p>Internet Explorer (Version = 8.0.6001.18702)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>1.96 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.62% Memory free</p><p>4.74 Gb Paging File | 3.45 Gb Available in Paging File | 72.71% Paging File free</p><p>Paging file location(s): C:\pagefile.sys 3006 4092 [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 232.76 Gb Total Space | 145.45 Gb Free Space | 62.49% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: TWHITESEL | User Name: Terri | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Documents and Settings\Terri\Desktop\Removal Tools\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Documents and Settings\Terri\Desktop\Removal Tools\HitmanPro.exe (SurfRight B.V.)</p><p>PRC - C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe ()</p><p>PRC - C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe ()</p><p>PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)</p><p>PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)</p><p>PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)</p><p>PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)</p><p>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</p><p>PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)</p><p>PRC - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)</p><p>PRC - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation)</p><p>PRC - C:\Program Files\iYogi Support Dock\pccare\iysoDefragSrv.exe (iYogi., (www.iyogi.net))</p><p>PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)</p><p>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)</p><p>PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel)</p><p>PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)</p><p>PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)</p><p>PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)</p><p>PRC - C:\WINDOWS\system32\PSIService.exe ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pysqlite2._sqlite.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32com.shell.shell.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_elementtree.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32api.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_socket.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_multiprocessing.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32ts.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._gdi_.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\windows._cacheinvalidation.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._html2.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32crypt.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._misc_.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pythoncom27.dll ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\PyWinTypes27.dll ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32security.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_ctypes.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32profile.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._core_.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_ssl.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._windows_.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_hashlib.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._wizard.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32file.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32process.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32pdh.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32inet.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._controls_.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\unicodedata.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pyexpat.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32event.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\select.pyd ()</p><p>MOD - C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe ()</p><p>MOD - C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe ()</p><p>MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll ()</p><p>MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll ()</p><p>MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll ()</p><p>MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()</p><p>MOD - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\libcef.dll ()</p><p>MOD - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()</p><p>MOD - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\wincfi39.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()</p><p>MOD - C:\WINDOWS\system32\msdmo.dll ()</p><p>MOD - C:\WINDOWS\system32\devenum.dll ()</p><p>MOD - C:\WINDOWS\system32\PSIService.exe ()</p><p>MOD - C:\WINDOWS\system32\DLAAPI_W.DLL ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe File not found</p><p>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</p><p>SRV - (AmmyyAdmin) -- C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe ()</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</p><p>SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (IYSODiskOptimizer) -- C:\Program Files\iYogi Support Dock\pccare\iysoDefragSrv.exe (iYogi., (www.iyogi.net))</p><p>SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)</p><p>SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)</p><p>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)</p><p>SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)</p><p>SRV - (UNS) -- C:\Program Files\Intel\AMT\UNS.exe (Intel)</p><p>SRV - (atchksrv) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)</p><p>SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)</p><p>SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)</p><p>SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (WDICA) -- File not found</p><p>DRV - (PDRFRAME) -- File not found</p><p>DRV - (PDRELI) -- File not found</p><p>DRV - (PDFRAME) -- File not found</p><p>DRV - (PDCOMP) -- File not found</p><p>DRV - (PCIDump) -- File not found</p><p>DRV - (lbrtfdc) -- File not found</p><p>DRV - (Changer) -- File not found</p><p>DRV - (catchme) -- C:\ComboFix\catchme.sys File not found</p><p>DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()</p><p>DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()</p><p>DRV - (SMR322) -- C:\WINDOWS\system32\drivers\SMR322.SYS (Symantec Corporation)</p><p>DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)</p><p>DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130827.018\NAVEX15.SYS (Symantec Corporation)</p><p>DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)</p><p>DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)</p><p>DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130827.018\NAVENG.SYS (Symantec Corporation)</p><p>DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130826.001\IDSXpx86.sys (Symantec Corporation)</p><p>DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx86.sys (Symantec Corporation)</p><p>DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation)</p><p>DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation)</p><p>DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation)</p><p>DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symtdi.sys (Symantec Corporation)</p><p>DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation)</p><p>DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation)</p><p>DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation)</p><p>DRV - (ccSet_NST) -- C:\WINDOWS\system32\drivers\NST\7DD03000.01A\ccSetx86.sys (Symantec Corporation)</p><p>DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)</p><p>DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)</p><p>DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)</p><p>DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()</p><p>DRV - (EuDisk) -- C:\WINDOWS\system32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)</p><p>DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)</p><p>DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)</p><p>DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)</p><p>DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)</p><p>DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation)</p><p>DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)</p><p>DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)</p><p>DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)</p><p>DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)</p><p>DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)</p><p>DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)</p><p>DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)</p><p>DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)</p><p>DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)</p><p>DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</p><p>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.4.0.40</p><p>IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {976167E1-BCF8-40F6-A819-6528BD0C2E22}</p><p>IE - HKCU\..\SearchScopes\{976167E1-BCF8-40F6-A819-6528BD0C2E22}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_enUS435</p><p>IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2013&locale=en_US&gct=sb&qsrc=2869</p><p>IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cdfeeb8&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local></p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultengine: "Ask.com"</p><p>FF - prefs.js..browser.startup.homepage: "traveling to bodrum safety for us citizens"</p><p>FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0</p><p>FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1</p><p>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</p><p>FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0</p><p>FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1</p><p>FF - prefs.js..extensions.enabledItems: avg@igeared:7.004.022.004</p><p>FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374</p><p>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</p><p> </p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Terri\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)</p><p>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/08/27 20:33:09 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\ [2013/08/27 17:27:14 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 07:44:54 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 07:44:57 | 000,000,000 | ---D | M]</p><p> </p><p>[2008/12/28 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri\Application Data\Mozilla\Extensions</p><p>[2013/07/31 18:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\extensions</p><p>[2013/07/11 09:31:19 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\searchplugins\babylon.xml</p><p>[2013/07/11 09:31:40 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\searchplugins\delta.xml</p><p>[2013/08/27 18:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2013/08/27 18:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions</p><p>[2013/08/17 07:45:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p>[2013/08/27 17:27:14 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPLGN</p><p>[2009/07/19 09:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION</p><p>[2008/05/01 13:01:17 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll</p><p>[2008/05/01 13:01:17 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll</p><p>[2012/02/10 20:30:22 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll</p><p>[2012/02/10 20:30:08 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />mniboxStartMarginParameter}ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},</p><p>CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=5823001E4FA5AEDD&affID=119351&tsp=4940</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll</p><p>CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll</p><p>CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll</p><p>CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll</p><p>CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll</p><p>CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll</p><p>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll</p><p>CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</p><p>CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</p><p>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</p><p>CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll</p><p>CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll</p><p>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</p><p>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</p><p>CHR - Extension: Google Drive = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\</p><p>CHR - Extension: YouTube = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\</p><p>CHR - Extension: Google Search = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\</p><p>CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\</p><p>CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.3.0.26_0\</p><p>CHR - Extension: Gmail = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2011/01/20 11:09:10 | 000,000,738 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</p><p>O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)</p><p>O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)</p><p>O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)</p><p>O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)</p><p>O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)</p><p>O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)</p><p>O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)</p><p>O4 - HKLM..\RunOnce: [1] C:\Documents and Settings\Terri\Desktop\Removal Tools\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe ()</p><p>O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)</p><p>O4 - Startup: C:\Documents and Settings\Terri\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Terri\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O15 - HKCU\..Trusted Domains: drhs.org ([vpn01] https in Trusted sites)</p><p>O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)</p><p>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</p><p>O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)</p><p>O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)</p><p>O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn01.drhs.org/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)</p><p>O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mozysupport.webex.com/client/T27L10NSP32CP1/support/ieatgpc.cab (GpcContainer Class)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF98A62C-B45A-403D-A7B2-DF66D2FBA7A1}: DhcpNameServer = 192.168.1.1</p><p>O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</p><p>O24 - Desktop Components:0 () - </p><p>O24 - Desktop WallPaper: C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</p><p>O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell\AutoRun - "" = Auto&Play</p><p>O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a</p><p>O33 - MountPoints2\{6aab98fa-5ddf-11df-bc6b-001e4fa5aedd}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{6aab98fa-5ddf-11df-bc6b-001e4fa5aedd}\Shell\AutoRun - "" = Auto&Play</p><p>O33 - MountPoints2\F\Shell - "" = AutoRun</p><p>O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play</p><p>O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/08/28 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>[2013/08/28 16:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/08/28 16:56:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys</p><p>[2013/08/27 20:26:14 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR322.SYS</p><p>[2013/08/27 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Desktop\Removal Tools</p><p>[2013/08/27 20:18:47 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Terri\Desktop\tdsskiller.exe</p><p>[2013/08/27 17:30:25 | 000,352,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symtdiv.sys</p><p>[2013/08/27 17:30:24 | 000,396,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symtdi.sys</p><p>[2013/08/27 17:30:24 | 000,339,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnets.sys</p><p>[2013/08/27 17:30:23 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.sys</p><p>[2013/08/27 17:30:22 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.sys</p><p>[2013/08/27 17:30:22 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.sys</p><p>[2013/08/27 17:30:21 | 000,603,224 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.sys</p><p>[2013/08/27 17:30:21 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.sys</p><p>[2013/08/27 17:30:20 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ironx86.sys</p><p>[2013/08/27 17:30:20 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.sys</p><p>[2013/08/27 17:29:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1404000.028</p><p>[2013/08/27 17:26:44 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS</p><p>[2013/08/27 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared</p><p>[2013/08/27 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec</p><p>[2013/08/27 17:25:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV</p><p>[2013/08/27 17:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus</p><p>[2013/08/27 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus</p><p>[2013/08/25 11:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Application Data\ParetoLogic</p><p>[2013/08/25 11:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Application Data\DriverCure</p><p>[2013/08/25 11:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic</p><p>[2013/08/17 07:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox</p><p>[2013/08/15 03:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT</p><p>[2013/08/14 18:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8</p><p>[2013/08/05 17:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Local Settings\Application Data\NPE</p><p>[2013/08/04 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java</p><p>[2013/08/04 17:04:25 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</p><p>[2013/08/04 17:04:24 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</p><p>[2013/08/04 17:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</p><p>[2013/08/04 17:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</p><p>[2013/08/04 17:04:21 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</p><p>[2013/08/01 03:09:07 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.sys</p><p>[2013/08/01 03:09:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A</p><p>[2013/07/31 23:08:01 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.sys</p><p>[2013/07/31 23:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03030.013</p><p>[2013/07/31 19:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\My Documents\Symantec</p><p>[2013/07/31 19:06:56 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.sys</p><p>[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST</p><p>[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe</p><p>[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe</p><p>[2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A</p><p>[2013/07/31 19:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton</p><p>[2013/07/31 19:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller</p><p>[2013/07/31 19:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller</p><p>[2013/07/31 18:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY</p><p>[2013/07/31 17:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer</p><p>[2012/03/29 19:06:10 | 012,271,944 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-4d208aac92bfd705178bb55cc02619e1.exe</p><p>[2012/02/16 11:47:11 | 012,205,440 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-9c25a149f148f17fec6c964210abc0b0.exe</p><p>[2012/01/26 23:24:17 | 009,618,872 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe</p><p>[2011/10/07 03:34:55 | 009,608,392 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe</p><p>[2011/08/10 19:33:49 | 009,396,840 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe</p><p>[2011/08/02 19:33:02 | 009,506,240 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe</p><p>[2011/02/22 22:43:20 | 011,447,056 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-c0261ff8012aad585d55140a9b6ddcb9.exe</p><p>[2011/02/10 18:44:25 | 011,444,496 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe</p><p>[2010/11/18 15:04:10 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe</p><p>[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p>[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/08/28 17:16:54 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys</p><p>[2013/08/28 17:13:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/08/28 17:08:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job</p><p>[2013/08/28 16:56:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/08/28 16:56:29 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys</p><p>[2013/08/28 15:11:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1831545843-3941989892-3574903139-1009UA.job</p><p>[2013/08/28 14:13:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/08/28 07:59:15 | 000,003,964 | ---- | M] () -- C:\WINDOWS\mozy.blk</p><p>[2013/08/28 07:59:14 | 000,006,184 | ---- | M] () -- C:\WINDOWS\mozy.flt</p><p>[2013/08/28 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TWHITESEL-Terri.job</p><p>[2013/08/27 20:44:25 | 000,000,210 | RHS- | M] () -- C:\boot.ini</p><p>[2013/08/27 20:33:43 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK</p><p>[2013/08/27 20:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</p><p>[2013/08/27 20:32:32 | 2101,981,184 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/08/27 20:32:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs</p><p>[2013/08/27 20:32:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad</p><p>[2013/08/27 20:32:23 | 000,733,837 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\Cat.DB</p><p>[2013/08/27 20:26:14 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR322.SYS</p><p>[2013/08/27 20:18:48 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Terri\Desktop\tdsskiller.exe</p><p>[2013/08/27 18:11:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1831545843-3941989892-3574903139-1009Core.job</p><p>[2013/08/27 17:31:13 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS</p><p>[2013/08/27 17:31:13 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT</p><p>[2013/08/27 17:31:13 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF</p><p>[2013/08/27 17:21:19 | 000,667,344 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe</p><p>[2013/08/27 17:19:21 | 000,739,608 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\AA_v3.exe</p><p>[2013/08/25 18:40:40 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys</p><p>[2013/08/24 21:55:42 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\Continue Skype Free Download Installation.lnk</p><p>[2013/08/24 20:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job</p><p>[2013/08/23 16:14:01 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\Ven innovations - Dr. Caudel</p><p>[2013/08/22 01:16:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk</p><p>[2013/08/21 12:08:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe</p><p>[2013/08/21 12:08:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl</p><p>[2013/08/20 21:39:28 | 003,569,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2013/08/19 15:03:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk</p><p>[2013/08/15 22:27:17 | 000,003,062 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\empty nesters party .ics</p><p>[2013/08/15 03:28:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK</p><p>[2013/08/15 03:05:07 | 000,446,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</p><p>[2013/08/15 03:05:07 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</p><p>[2013/08/14 18:27:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk</p><p>[2013/08/04 17:04:05 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</p><p>[2013/08/04 17:04:04 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</p><p>[2013/08/04 17:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</p><p>[2013/08/04 17:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</p><p>[2013/08/04 17:04:04 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</p><p>[2013/08/04 17:04:03 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</p><p>[2013/08/04 17:04:03 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</p><p>[2013/08/04 09:22:56 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk</p><p>[2013/08/03 17:21:03 | 000,033,529 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\Guru.rtf</p><p>[2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll</p><p>[2013/07/31 17:41:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</p><p>[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]</p><p>[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/08/28 17:16:54 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys</p><p>[2013/08/28 16:56:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/08/28 16:56:29 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys</p><p>[2013/08/27 20:31:48 | 000,733,837 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\Cat.DB</p><p>[2013/08/27 17:59:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\OPDIRDEL.exe</p><p>[2013/08/27 17:31:52 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\VT20130115.021</p><p>[2013/08/27 17:30:24 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnetv.cat</p><p>[2013/08/27 17:30:24 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnetv.inf</p><p>[2013/08/27 17:30:23 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.cat</p><p>[2013/08/27 17:30:23 | 000,008,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnet.cat</p><p>[2013/08/27 17:30:23 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnet.inf</p><p>[2013/08/27 17:30:23 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.inf</p><p>[2013/08/27 17:30:22 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.cat</p><p>[2013/08/27 17:30:22 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.inf</p><p>[2013/08/27 17:30:21 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.cat</p><p>[2013/08/27 17:30:21 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.inf</p><p>[2013/08/27 17:30:21 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.inf</p><p>[2013/08/27 17:30:21 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.inf</p><p>[2013/08/27 17:30:20 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.cat</p><p>[2013/08/27 17:30:20 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\iron.cat</p><p>[2013/08/27 17:30:20 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.inf</p><p>[2013/08/27 17:30:20 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\iron.inf</p><p>[2013/08/27 17:29:17 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.cat</p><p>[2013/08/27 17:29:17 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.cat</p><p>[2013/08/27 17:29:17 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\isolate.ini</p><p>[2013/08/27 17:26:44 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT</p><p>[2013/08/27 17:26:44 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF</p><p>[2013/08/27 17:26:41 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK</p><p>[2013/08/27 17:21:22 | 000,667,344 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe</p><p>[2013/08/27 17:19:28 | 000,739,608 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\AA_v3.exe</p><p>[2013/08/24 21:55:42 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\Continue Skype Free Download Installation.lnk</p><p>[2013/08/23 16:14:01 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\Ven innovations - Dr. Caudel</p><p>[2013/08/15 22:27:11 | 000,003,062 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\empty nesters party .ics</p><p>[2013/08/03 17:21:03 | 000,033,529 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\Guru.rtf</p><p>[2013/08/01 03:09:02 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.cat</p><p>[2013/08/01 03:09:02 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.inf</p><p>[2013/08/01 03:09:02 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\isolate.ini</p><p>[2013/07/31 23:07:56 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.cat</p><p>[2013/07/31 23:07:56 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.inf</p><p>[2013/07/31 23:07:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\isolate.ini</p><p>[2013/07/31 19:06:51 | 000,007,611 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccsetx86.cat</p><p>[2013/07/31 19:06:51 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.inf</p><p>[2013/07/31 19:06:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\isolate.ini</p><p>[2013/07/31 17:22:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk</p><p>[2013/07/24 14:45:09 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Terri\Local Settings\Application Data\poetsch.bat</p><p>[2012/08/07 19:32:00 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Terri\g2mdlhlpx.exe</p><p>[2012/02/15 02:03:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</p><p>[2009/09/06 09:25:42 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Terri\Application Data\setup_ldm.iss</p><p>[2008/03/18 12:15:47 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Terri\Application Data\Microsoft Excel 97-2003.ADR</p><p>[2008/03/11 23:35:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Terri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2008/03/11 15:38:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat</p><p>[2008/03/11 13:03:06 | 000,263,996 | ---- | C] () -- C:\Documents and Settings\Terri\REBOOT=ReallySuppress</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2004/08/10 15:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/02/03 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1</p><p>[2013/08/27 16:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY</p><p>[2012/11/04 10:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask</p><p>[2013/01/07 10:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar</p><p>[2013/07/31 18:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013</p><p>[2010/11/14 10:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9</p><p>[2013/07/11 09:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon</p><p>[2012/06/11 02:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess</p><p>[2010/11/14 10:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files</p><p>[2013/08/28 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>[2013/07/31 18:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData</p><p>[2008/03/11 15:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir</p><p>[2013/08/27 16:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic</p><p>[2012/02/01 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe</p><p>[2008/03/11 15:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir</p><p>[2011/06/08 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP</p><p>[2011/06/03 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}</p><p>[2009/08/01 20:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}</p><p>[2013/07/11 09:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\1O1L1I1PtF1F1C1N</p><p>[2012/11/24 13:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1</p><p>[2011/03/19 16:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\CVS</p><p>[2013/08/25 11:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\DriverCure</p><p>[2013/08/27 20:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Dropbox</p><p>[2012/01/18 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\iYogi</p><p>[2010/08/21 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Leadertech</p><p>[2009/11/29 14:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Memeo</p><p>[2012/08/17 14:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Oracle</p><p>[2013/08/25 11:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\ParetoLogic</p><p>[2012/03/06 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Sony Online Entertainment</p><p>[2013/05/22 16:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\TuneUp Software</p><p>[2012/02/14 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Unity</p><p>[2008/06/19 13:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\WebEx</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="kapil.pundit, post: 133565, member: 12174"] Hi everyone, Please help me in removing the "Backdoor.TidServ!.inf" Virus infection. I googled for removal tips but could not successfully remove the infection. Please guide me on how I can remove this infection. Thanks in advance. Here is the OTL Log: OTL logfile created on: 8/28/2013 5:27:51 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Terri\Desktop\Removal Tools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.62% Memory free 4.74 Gb Paging File | 3.45 Gb Available in Paging File | 72.71% Paging File free Paging file location(s): C:\pagefile.sys 3006 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.76 Gb Total Space | 145.45 Gb Free Space | 62.49% Space Free | Partition Type: NTFS Computer Name: TWHITESEL | User Name: Terri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Terri\Desktop\Removal Tools\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\Terri\Desktop\Removal Tools\HitmanPro.exe (SurfRight B.V.) PRC - C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe () PRC - C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe () PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google) PRC - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\iYogi Support Dock\pccare\iysoDefragSrv.exe (iYogi., (www.iyogi.net)) PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel) PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel) PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) PRC - C:\WINDOWS\system32\PSIService.exe () [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pysqlite2._sqlite.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32com.shell.shell.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_elementtree.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32api.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_socket.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_multiprocessing.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32ts.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._gdi_.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\windows._cacheinvalidation.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._html2.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32crypt.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._misc_.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pythoncom27.dll () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\PyWinTypes27.dll () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32security.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_ctypes.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32profile.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._core_.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_ssl.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._windows_.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\_hashlib.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._wizard.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32file.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32process.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32pdh.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32inet.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\wx._controls_.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\unicodedata.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\pyexpat.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\win32event.pyd () MOD - C:\Documents and Settings\Terri\Local Settings\temp\_MEI39202\select.pyd () MOD - C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe () MOD - C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe () MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll () MOD - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\libcef.dll () MOD - C:\Documents and Settings\Terri\Application Data\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\wincfi39.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\PSIService.exe () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AmmyyAdmin) -- C:\Documents and Settings\Terri\Local Settings\Temporary Internet Files\Content.IE5\NBJKP840\AA_v3[1].exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (IYSODiskOptimizer) -- C:\Program Files\iYogi Support Dock\pccare\iysoDefragSrv.exe (iYogi., (www.iyogi.net)) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files\Intel\AMT\UNS.exe (Intel) SRV - (atchksrv) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe () [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys () DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (SMR322) -- C:\WINDOWS\system32\drivers\SMR322.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130827.018\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\VirusDefs\20130827.018\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\IPSDefs\20130826.001\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symds.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtsp.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\symtdi.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ccsetx86.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\ironx86.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NAV\1404000.028\srtspx.sys (Symantec Corporation) DRV - (ccSet_NST) -- C:\WINDOWS\system32\drivers\NST\7DD03000.01A\ccSetx86.sys (Symantec Corporation) DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.) DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (EuDisk) -- C:\WINDOWS\system32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.4.0.40 IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {976167E1-BCF8-40F6-A819-6528BD0C2E22} IE - HKCU\..\SearchScopes\{976167E1-BCF8-40F6-A819-6528BD0C2E22}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7PRFA_enUS435 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2013&locale=en_US&gct=sb&qsrc=2869 IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cdfeeb8&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.startup.homepage: "traveling to bodrum safety for us citizens" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - prefs.js..extensions.enabledItems: avg@igeared:7.004.022.004 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Terri\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/08/27 20:33:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPlgn\ [2013/08/27 17:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 07:44:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/17 07:44:57 | 000,000,000 | ---D | M] [2008/12/28 21:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri\Application Data\Mozilla\Extensions [2013/07/31 18:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\extensions [2013/07/11 09:31:19 | 000,006,507 | ---- | M] () -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\searchplugins\babylon.xml [2013/07/11 09:31:40 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\4t79nksu.default\searchplugins\delta.xml [2013/08/27 18:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/08/27 18:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/08/17 07:45:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/08/27 17:27:14 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.0.36\IPSFFPLGN [2009/07/19 09:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2008/05/01 13:01:17 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll [2008/05/01 13:01:17 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll [2012/02/10 20:30:22 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll [2012/02/10 20:30:08 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=5823001E4FA5AEDD&affID=119351&tsp=4940 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Terri\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\ CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.3.0.26_0\ CHR - Extension: Gmail = C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2011/01/20 11:09:10 | 000,000,738 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Terri\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKLM..\RunOnce: [1] C:\Documents and Settings\Terri\Desktop\Removal Tools\mbam-chameleon-1.62.1.1000\mbam-chameleon.exe () O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) O4 - Startup: C:\Documents and Settings\Terri\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Terri\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKCU\..Trusted Domains: drhs.org ([vpn01] https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn01.drhs.org/+CSCOL+/cscopf.cab (CISCO Portforwarder Control) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mozysupport.webex.com/client/T27L10NSP32CP1/support/ieatgpc.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF98A62C-B45A-403D-A7B2-DF66D2FBA7A1}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - O24 - Desktop WallPaper: C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terri\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell - "" = AutoRun O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3cb757b0-42a8-11e0-bc90-001e4fa5aedd}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{6aab98fa-5ddf-11df-bc6b-001e4fa5aedd}\Shell - "" = AutoRun O33 - MountPoints2\{6aab98fa-5ddf-11df-bc6b-001e4fa5aedd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/28 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/08/28 16:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/08/28 16:56:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/08/27 20:26:14 | 000,098,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR322.SYS [2013/08/27 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Desktop\Removal Tools [2013/08/27 20:18:47 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Terri\Desktop\tdsskiller.exe [2013/08/27 17:30:25 | 000,352,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symtdiv.sys [2013/08/27 17:30:24 | 000,396,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symtdi.sys [2013/08/27 17:30:24 | 000,339,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnets.sys [2013/08/27 17:30:23 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.sys [2013/08/27 17:30:22 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.sys [2013/08/27 17:30:22 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.sys [2013/08/27 17:30:21 | 000,603,224 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.sys [2013/08/27 17:30:21 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.sys [2013/08/27 17:30:20 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ironx86.sys [2013/08/27 17:30:20 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.sys [2013/08/27 17:29:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1404000.028 [2013/08/27 17:26:44 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2013/08/27 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/08/27 17:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013/08/27 17:25:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV [2013/08/27 17:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus [2013/08/27 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus [2013/08/25 11:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Application Data\ParetoLogic [2013/08/25 11:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Application Data\DriverCure [2013/08/25 11:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2013/08/17 07:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/08/15 03:20:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT [2013/08/14 18:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8 [2013/08/05 17:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\Local Settings\Application Data\NPE [2013/08/04 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/08/04 17:04:25 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/08/04 17:04:24 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/08/04 17:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/08/04 17:04:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/08/04 17:04:21 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/08/01 03:09:07 | 000,134,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.sys [2013/08/01 03:09:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A [2013/07/31 23:08:01 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.sys [2013/07/31 23:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03030.013 [2013/07/31 19:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terri\My Documents\Symantec [2013/07/31 19:06:56 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.sys [2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST [2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe [2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe [2013/07/31 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A [2013/07/31 19:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton [2013/07/31 19:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2013/07/31 19:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2013/07/31 18:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY [2013/07/31 17:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012/03/29 19:06:10 | 012,271,944 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-4d208aac92bfd705178bb55cc02619e1.exe [2012/02/16 11:47:11 | 012,205,440 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-9c25a149f148f17fec6c964210abc0b0.exe [2012/01/26 23:24:17 | 009,618,872 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe [2011/10/07 03:34:55 | 009,608,392 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe [2011/08/10 19:33:49 | 009,396,840 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe [2011/08/02 19:33:02 | 009,506,240 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-autoupdate-9168e69c9b17c74056d68fc0f28ff63a.exe [2011/02/22 22:43:20 | 011,447,056 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-manualupdate-c0261ff8012aad585d55140a9b6ddcb9.exe [2011/02/10 18:44:25 | 011,444,496 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe [2010/11/18 15:04:10 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/08/28 17:16:54 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [2013/08/28 17:13:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/08/28 17:08:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/08/28 16:56:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/08/28 16:56:29 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/08/28 15:11:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1831545843-3941989892-3574903139-1009UA.job [2013/08/28 14:13:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/08/28 07:59:15 | 000,003,964 | ---- | M] () -- C:\WINDOWS\mozy.blk [2013/08/28 07:59:14 | 000,006,184 | ---- | M] () -- C:\WINDOWS\mozy.flt [2013/08/28 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TWHITESEL-Terri.job [2013/08/27 20:44:25 | 000,000,210 | RHS- | M] () -- C:\boot.ini [2013/08/27 20:33:43 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK [2013/08/27 20:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/08/27 20:32:32 | 2101,981,184 | -HS- | M] () -- C:\hiberfil.sys [2013/08/27 20:32:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2013/08/27 20:32:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2013/08/27 20:32:23 | 000,733,837 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\Cat.DB [2013/08/27 20:26:14 | 000,098,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR322.SYS [2013/08/27 20:18:48 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Terri\Desktop\tdsskiller.exe [2013/08/27 18:11:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1831545843-3941989892-3574903139-1009Core.job [2013/08/27 17:31:13 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2013/08/27 17:31:13 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2013/08/27 17:31:13 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2013/08/27 17:21:19 | 000,667,344 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe [2013/08/27 17:19:21 | 000,739,608 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\AA_v3.exe [2013/08/25 18:40:40 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2013/08/24 21:55:42 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Terri\Desktop\Continue Skype Free Download Installation.lnk [2013/08/24 20:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/08/23 16:14:01 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\Ven innovations - Dr. Caudel [2013/08/22 01:16:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/08/21 12:08:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/08/21 12:08:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/08/20 21:39:28 | 003,569,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/08/19 15:03:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk [2013/08/15 22:27:17 | 000,003,062 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\empty nesters party .ics [2013/08/15 03:28:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/08/15 03:05:07 | 000,446,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/08/15 03:05:07 | 000,073,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/08/14 18:27:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk [2013/08/04 17:04:05 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/08/04 17:04:04 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/08/04 17:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/08/04 17:04:04 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/08/04 17:04:04 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/08/04 17:04:03 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013/08/04 17:04:03 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013/08/04 09:22:56 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/08/03 17:21:03 | 000,033,529 | ---- | M] () -- C:\Documents and Settings\Terri\My Documents\Guru.rtf [2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll [2013/07/31 17:41:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/08/28 17:16:54 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys [2013/08/28 16:56:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/08/28 16:56:29 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/08/27 20:31:48 | 000,733,837 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\Cat.DB [2013/08/27 17:59:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\OPDIRDEL.exe [2013/08/27 17:31:52 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\VT20130115.021 [2013/08/27 17:30:24 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnetv.cat [2013/08/27 17:30:24 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnetv.inf [2013/08/27 17:30:23 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.cat [2013/08/27 17:30:23 | 000,008,067 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnet.cat [2013/08/27 17:30:23 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symnet.inf [2013/08/27 17:30:23 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symelam.inf [2013/08/27 17:30:22 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.cat [2013/08/27 17:30:22 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symefa.inf [2013/08/27 17:30:21 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.cat [2013/08/27 17:30:21 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.inf [2013/08/27 17:30:21 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtspx.inf [2013/08/27 17:30:21 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.inf [2013/08/27 17:30:20 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.cat [2013/08/27 17:30:20 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\iron.cat [2013/08/27 17:30:20 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\ccsetx86.inf [2013/08/27 17:30:20 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\iron.inf [2013/08/27 17:29:17 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\symds.cat [2013/08/27 17:29:17 | 000,008,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\srtsp.cat [2013/08/27 17:29:17 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1404000.028\isolate.ini [2013/08/27 17:26:44 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2013/08/27 17:26:44 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2013/08/27 17:26:41 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK [2013/08/27 17:21:22 | 000,667,344 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\AA_v2 (1).exe [2013/08/27 17:19:28 | 000,739,608 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\AA_v3.exe [2013/08/24 21:55:42 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Terri\Desktop\Continue Skype Free Download Installation.lnk [2013/08/23 16:14:01 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\Ven innovations - Dr. Caudel [2013/08/15 22:27:11 | 000,003,062 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\empty nesters party .ics [2013/08/03 17:21:03 | 000,033,529 | ---- | C] () -- C:\Documents and Settings\Terri\My Documents\Guru.rtf [2013/08/01 03:09:02 | 000,007,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.cat [2013/08/01 03:09:02 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\ccsetx86.inf [2013/08/01 03:09:02 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD04000.00A\isolate.ini [2013/07/31 23:07:56 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.cat [2013/07/31 23:07:56 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\ccsetx86.inf [2013/07/31 23:07:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03030.013\isolate.ini [2013/07/31 19:06:51 | 000,007,611 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccsetx86.cat [2013/07/31 19:06:51 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\ccSetx86.inf [2013/07/31 19:06:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NST\7DD03000.01A\isolate.ini [2013/07/31 17:22:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk [2013/07/24 14:45:09 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Terri\Local Settings\Application Data\poetsch.bat [2012/08/07 19:32:00 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Terri\g2mdlhlpx.exe [2012/02/15 02:03:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009/09/06 09:25:42 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Terri\Application Data\setup_ldm.iss [2008/03/18 12:15:47 | 000,038,491 | ---- | C] () -- C:\Documents and Settings\Terri\Application Data\Microsoft Excel 97-2003.ADR [2008/03/11 23:35:18 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Terri\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/03/11 15:38:20 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2008/03/11 13:03:06 | 000,263,996 | ---- | C] () -- C:\Documents and Settings\Terri\REBOOT=ReallySuppress [color=#E56717]========== ZeroAccess Check ==========[/color] [2004/08/10 15:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/02/03 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/08/27 16:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY [2012/11/04 10:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2013/01/07 10:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2013/07/31 18:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013 [2010/11/14 10:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2013/07/11 09:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012/06/11 02:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2010/11/14 10:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2013/08/28 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/07/31 18:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2008/03/11 15:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2013/08/27 16:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2012/02/01 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2008/03/11 15:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2011/06/08 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/06/03 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/08/01 20:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013/07/11 09:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\1O1L1I1PtF1F1C1N [2012/11/24 13:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/03/19 16:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\CVS [2013/08/25 11:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\DriverCure [2013/08/27 20:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Dropbox [2012/01/18 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\iYogi [2010/08/21 08:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Leadertech [2009/11/29 14:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Memeo [2012/08/17 14:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Oracle [2013/08/25 11:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\ParetoLogic [2012/03/06 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Sony Online Entertainment [2013/05/22 16:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\TuneUp Software [2012/02/14 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\Unity [2008/06/19 13:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terri\Application Data\WebEx [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
