Author Topic: [Resolved K] Google Redirects (Read 2129 times)

ooguyx · « **Reply #15 on:** March 31, 2012, 02:17:55 PM »

ComboFix 12-03-31.03 - Roy 03/31/2012 12:25:52.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16375.13752 [GMT -7:00]
Running from: c:\users\Roy\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\Stephanie\AppData\Local\temp
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\SS Bookkeeping\AppData\Local\temp
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\R Roy\AppData\Local\temp
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\Investments\AppData\Local\temp
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\Forex\AppData\Local\temp
2012-03-31 19:38 . 2012-03-31 19:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-03-28 06:16 . 2012-03-28 06:16   --------   d-----w-   c:\users\Roy\AppData\Roaming\Malwarebytes
2012-03-22 01:22 . 2012-03-22 01:22   --------   d-----w-   c:\users\Investments\AppData\Roaming\Intuit
2012-03-19 21:58 . 2012-03-19 21:58   5120   ----a-w-   c:\programdata\Microsoft\Windows\DRM\101D.tmp
2012-03-19 21:58 . 2012-03-19 21:58   5120   ----a-w-   c:\programdata\Microsoft\Windows\DRM\101C.tmp
2012-03-19 03:30 . 2012-03-30 03:36   --------   d-----w-   c:\users\Stephanie\AppData\Local\assembly
2012-03-14 07:13 . 2011-11-19 18:30   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-14 07:13 . 2011-11-19 14:25   3957616   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:13 . 2011-11-19 14:25   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 03:14 . 2012-02-15 06:27   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-14 03:14 . 2012-02-15 05:44   826368   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-14 03:14 . 2012-02-15 04:47   204800   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:14 . 2012-02-15 04:46   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-11 02:09 . 2012-03-11 02:09   --------   d-----w-   c:\users\Roy\AppData\Roaming\Intuit
2012-03-07 04:45 . 2012-03-07 04:45   --------   d-----w-   c:\users\Roy\AppData\Local\Microsoft Help
2012-03-05 04:36 . 2012-03-30 03:36   --------   d-----w-   c:\users\Investments\AppData\Local\assembly
2012-03-05 00:09 . 2012-03-05 00:09   --------   d-----w-   c:\users\Investments\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 07:10 . 2010-04-23 08:30   2378112   ----a-w-   c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-04 09:58 . 2012-02-15 14:06   509952   ----a-w-   c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 14:06   442880   ----a-w-   c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 14:06   515584   ----a-w-   c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 14:06   478208   ----a-w-   c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_03.47.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-30 23:29 . 2012-03-30 23:10   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012033020120331\index.dat
- 2012-03-30 03:48 . 2012-03-30 03:44   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032920120330\index.dat
+ 2012-03-30 03:48 . 2012-03-30 03:49   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012032920120330\index.dat
- 2012-03-30 03:48 . 2012-03-30 03:44   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-30 03:48 . 2012-03-30 23:10   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-02-03 18:03 . 2012-03-31 19:46   79264 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-31 19:46   37068 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-03 19:33 . 2012-03-31 19:44   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-03 19:33 . 2012-03-30 03:43   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-10 06:17 . 2012-03-22 06:27   3458 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-02-10 06:17 . 2012-03-31 04:14   3458 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-04 04:51 . 2012-03-31 19:46   9530 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1602122284-1893905979-354898507-1011_UserData.bin
- 2012-03-30 03:43 . 2012-03-30 03:43   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-31 19:40 . 2012-03-31 19:40   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-30 03:43 . 2012-03-30 03:43   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-31 19:40 . 2012-03-31 19:40   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-21 19:33 . 2012-03-30 03:05   262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-21 19:33 . 2012-03-30 23:10   262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-03-30 23:10   163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-03-31 19:38   642480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-30 03:40   642480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-03-30 23:10   3145728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 23:10   2834432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-13 07:07 . 2012-03-30 03:40   8082896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-13 07:07 . 2012-03-31 19:38   8082896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-29 07:28 . 2012-03-31 19:38   5592684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1602122284-1893905979-354898507-1011-8192.dat
+ 2010-09-23 04:00 . 2012-03-31 02:06   1998396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 02:34 . 2012-03-30 02:52   10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-03-31 19:27   10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-02-25 2387968]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2011-07-16 282512]
"PeachtreePrefetcher.exe"="c:\program files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe" [2011-12-27 30024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [N/A]
.
c:\users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-30 5828952]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE [2011-7-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-17 1038088]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files (x86)\Sage\Peachtree\SmartPostingService2012.exe [2011-12-27 43848]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-07-16 27584]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-07 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2011-12-29 435528]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-07-16 24992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 19:12 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1602122284-1893905979-354898507-1000Core.job
- c:\users\R Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-17 05:11]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1602122284-1893905979-354898507-1000UA.job
- c:\users\R Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-17 05:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\sjmr92k7.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-03-31 13:02:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 20:02
ComboFix2.txt 2012-03-30 03:57
.
Pre-Run: 673,168,998,400 bytes free
Post-Run: 672,989,413,376 bytes free
.
- - End Of File - - 291F342179F7DDDE9B973BB38B4A11C8

ooguyx · « **Reply #16 on:** March 31, 2012, 02:19:46 PM »

Also I do have a usb drive that I can use if need be.

ooguyx · « **Reply #17 on:** March 31, 2012, 02:23:03 PM »

Also, after doing your last step I've run MB and it came back clean. Do you believe that it is truly clean from the logs?

kevinf80 · « **Reply #18 on:** March 31, 2012, 02:35:43 PM »

Lets do a bit more, then i`ll tell you what I think....

Step 1

Download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]

:Files
ipconfig /flushdns /c
c:\programdata\Microsoft\Windows\DRM\101D.tmp
c:\programdata\Microsoft\Windows\DRM\101C.tmp
:Commands
[ResetHosts]
[EmptyTemp]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Run this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, Hover your cursor over "view report" and it will open, copy and paste to next reply....

Post those two logs, also give update on current issues...

Kevin

ooguyx · « **Reply #19 on:** March 31, 2012, 03:17:09 PM »

Here are the logs. What do you think:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Roy\Desktop\cmd.bat deleted successfully.
C:\Users\Roy\Desktop\cmd.txt deleted successfully.
File/Folder c:\programdata\Microsoft\Windows\DRM\101D.tmp not found.
File/Folder c:\programdata\Microsoft\Windows\DRM\101C.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Forex
->Temp folder emptied: 0 bytes

User: Investments
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: R Roy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 267561509 bytes
->Google Chrome cache emptied: 10990562 bytes
->Apple Safari cache emptied: 3903488 bytes
->Flash cache emptied: 15473953 bytes

User: Roy
->Temp folder emptied: 553643 bytes
->Temporary Internet Files folder emptied: 55313739 bytes
->Java cache emptied: 1506171 bytes
->FireFox cache emptied: 164770639 bytes
->Flash cache emptied: 177986 bytes

User: SS Bookkeeping
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 155943708 bytes
->Java cache emptied: 611843 bytes
->FireFox cache emptied: 56388097 bytes
->Flash cache emptied: 52010 bytes

User: Stephanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 83130234 bytes
->Java cache emptied: 968250 bytes
->FireFox cache emptied: 74301676 bytes
->Flash cache emptied: 48485 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3612 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 850.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 03312012_135301

Files moved on Reboot...
C:\Users\Roy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ooguyx · « **Reply #20 on:** March 31, 2012, 03:19:21 PM »

QuickScan 32-bit v0.9.9.113
---------------------------
Scan date: Sat Mar 31 14:08:18 2012
Machine ID: A6C2E360

No infection found.
-------------------

Processes
---------
AcroTray - Adobe Acrobat Distiller help 5340 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Adobe Acrobat 5304 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
Adobe Reader and Acrobat Manager 5268 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Citrix ICA Client 5696 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
Citrix ICA Client 5812 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
Data Protect 4748 C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
iTunes 5612 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 5540 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LightScribe 3668 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Malwarebytes Anti-Malware 5752 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft Office 2010 4756 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
Microsoft OneNote 5140 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
Pure Networks Platform 3416 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
Samsung AllShare 5444 C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
Windows® Internet Explorer 1924 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4380 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4580 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 6996 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 7048 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 7104 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 7152 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Adobe Acrobat 5036 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

Network activity
----------------
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 184.51.159.198
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 184.51.159.198
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.54.95.179
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 209.107.213.26
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.54.95.6
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 184.51.159.198
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.54.95.33
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 63.215.202.48
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 63.215.202.48
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.54.95.52
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 204.9.163.204
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 204.9.163.204
Process iexplore.exe (4380) connected on port 80 (HTTP) --> 65.54.95.86
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 206.204.54.94
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 206.204.54.94
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 209.107.213.26
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 206.204.54.94
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 206.204.54.94
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.54.95.140
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 206.204.54.94
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 184.51.159.188
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 184.51.159.188
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 63.215.202.48
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 63.215.202.48
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.54.95.6
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 173.194.33.30
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 173.194.33.30
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 206.204.54.94
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 69.171.234.96
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 69.171.234.96
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.54.95.220
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 65.54.95.86
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 204.9.163.204
Process iexplore.exe (6996) connected on port 80 (HTTP) --> 204.9.163.204
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 23.49.34.110
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 23.49.34.110
Process iexplore.exe (6996) connected on port 443 (HTTP over SSL) --> 23.49.34.110
Process iexplore.exe (7048) connected on port 80 (HTTP) --> 23.49.47.139
Process iexplore.exe (7048) connected on port 80 (HTTP) --> 184.51.159.148
Process iexplore.exe (7048) connected on port 80 (HTTP) --> 184.51.159.148
Process iexplore.exe (7048) connected on port 80 (HTTP) --> 173.194.33.34
Process iexplore.exe (7048) connected on port 80 (HTTP) --> 173.194.33.34
Process iexplore.exe (7048) connected on port 80 (HTTP) --> 66.235.142.3

Process AllShareAgent.exe (5444) listens on ports: 52010

Autoruns and critical files
---------------------------
Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
AcroTray - Adobe Acrobat Distiller help C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
Adobe CS4 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Adobe CS5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Citrix ICA Client C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
Data Protect C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
IntuitSyncManager C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LightScribe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
Microsoft OneNote C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
Peachtree Accounting by Sage C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe
Pure Networks Platform C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
QuickBooks C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE
QuickBooks Automatic Update C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Samsung AllShare C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
TaskTray Application C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
Wacom Dynamic Link Library C:\Program Files (x86)\TabletPlugins\npwacom.dll
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
ActiveTouch General Plugin Container C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
Adobe Contribute CS5 C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
Adobe Contribute CS5 C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\CCMSDK.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\cgpcfg.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\ctxlogging.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\ctxmui.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\icafile.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\icalogon.dll
Citrix ICA Client C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll
Citrix SSL SDK C:\Program Files (x86)\Mozilla Firefox\plugins\sslsdk_b.dll
Facebook Photo Uploader 5 C:\Windows\Downloaded Program Files\PhotoUploader55.ocx
Java Deployment Toolkit 6.0.260.3 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
Microsoft® Windows Live ID c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows Live ID c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Live ID c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Norton Confidential C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
npicaN.dll C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
Symantec Intrusion Detection C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
System Requirements Lab C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll
WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan
----
MD5: 243d02af4004d601979db31c9cfd8c56 C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
MD5: 3f8f82ca00987d43013ed8490ce9d307 C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\en_US\Resources\iepluginres.dll
MD5: ff6f0f6a2d72065ae4300426fa414693 C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
MD5: d5864ea9de2e9c2ea8777a564e3e4408 C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MD5: 31c5ff1c9f4fde299c9075cd0c4aef9b C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 2014e3dec495e3ab377d5d25c0754570 C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll
MD5: 263c417cd34a65e61fb3d2739984c352 C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll
MD5: c5cb6b9ccd8efe1a57474d92f66ef961 C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll
MD5: 20ffd9ca4af20000665b73f4e56235b4 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
MD5: 8cf42ee9ab3606936918fd6aa96f5963 C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll
MD5: 9e0367be87b1aa3e90faaf3f3ab1d8ae C:\Program Files (x86)\Citrix\ICA Client\CST.dll
MD5: e5d8a38db34713eee3c895d504cafd41 C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll
MD5: bc068d663903d1fa569eb02b0a8ef692 C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll
MD5: cc35547ebce92465eea02e99a6488f2a C:\Program Files (x86)\Citrix\ICA Client\icafile.dll
MD5: 07fb00a922bc26af0a8fe4a83d36cab2 C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll
MD5: d4f600d30300e8239c4855b6cbf1fa53 C:\Program Files (x86)\Citrix\ICA Client\resource\en\concenUI.DLL
MD5: 46f8b71289a5cdb0f4c67b7aad01873f C:\Program Files (x86)\Citrix\ICA Client\resource\en\CSTUI.DLL
MD5: 7a52255be72df0b61ac6a8d88888c645 C:\Program Files (x86)\Citrix\ICA Client\resource\en\ctxmuiUI.DLL
MD5: 0ba3e881e50c6cc5efe00205f8c54be5 C:\Program Files (x86)\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
MD5: 985365fcce96d0d15387f568125ce2dd C:\Program Files (x86)\Citrix\ICA Client\resource\en\statuiUI.DLL
MD5: 204aa6d6f4e0ede48ce9f5ae0bea5e79 C:\Program Files (x86)\Citrix\ICA Client\resource\en\wfcrunUI.DLL
MD5: 8e54458d6c275342e90f73ac30ae523b C:\Program Files (x86)\Citrix\ICA Client\statuin.dll
MD5: 1676c663914864973703a8d6e26da96e C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
MD5: eb9be9f8f9037f557d351d5d2cf153a0 C:\Program Files (x86)\Citrix\ICA Client\WFCWINN.dll
MD5: e43a851f7b12de589424d6c656155cfc C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MD5: 27cffb1e41a2be2a25957a679bd84e10 C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: f7dd2d785280db73dc9060f80361befb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: d8e18021f91ad79ca8491cb5a5da22d4 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: f7950e8fbb9b26e1a347f00e11ea42b5 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: c7f2279a2f9a7df3063c12bc81b9155d C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
MD5: 45c9df566da459d2f816bcc5bffd25a8 C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MD5: 78afb70dbe365bd6140e6740792ac3ea C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
MD5: 6bee1814470dc12fa20c53dfc3c97ebb c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
MD5: c6df3ff18d6acb913c78c865dded17d3 c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
MD5: 98ef79fce8996b7e6345073c6fd5278d C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
MD5: 8300b7fad5096715bb32a9cd4b2a9208 C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 6875e85d17c14852481f5cf8ef5ae871 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
MD5: 9dbafd6106ee59d548aa1b0c144799ef C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: b6fad59c92d1381d986cd7368a5291f4 C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MD5: 0a6bcb31307a1385cc8432b80d23e377 C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MD5: 1ca1f99d167bb19f785f2d8582579cfb C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MD5: f2f22c0c217e953497b443389b457aaa C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll
MD5: a1cfdef143b1b4047e0fd3510f85de97 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\MSPTLS.DLL
MD5: 4c0da2b69f8de16e97fcec0e19312923 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\riched20.dll
MD5: cb992ae1506985d9167e85883b4c3240 C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
MD5: 1b8f14b0ccfbff666612f7cb0eacb459 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\11.1.9044.0.nmcorePS.dll
MD5: 5a137c9fae4bcc855539ba10e85000a8 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\11.1.9044.0.nmctxtPS.dll
MD5: 181c1c01ade014d1fc07e7059b561cf4 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MD5: cabd1f061fcc85b7fe9c41b770267ee3 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
MD5: 388fe6c65680c738d1a778334a81c162 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxt.dll
MD5: d6633a7a634e6803cb13543808b4c935 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MD5: 83fa33f2fbc1b3e16e3bec24475298c4 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxthl.dll
MD5: 0c9f2bf8c8e69c0f4536d06492c6fa70 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
MD5: 0c3f9eff8ddd9f9eb56d754b4620155f C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
MD5: 8c0f9b877bc0b7ffd327ef55f9efb642 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: 267c914667c94e5f47d342311c1c577f C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
MD5: 17719a7f571d4cd08223f0b30f71b8b8 C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
MD5: 7f57926169c1b8aba9274ea7d4b70f18 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: a8468843fe230bb4a4dfef9d8da82670 C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE
MD5: 7001ed498afe9921db7231878de1ce12 C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: d743372a621ed03a274539a88eeb3450 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: 3af147edc68cb34cb91b606db6304f11 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 9c94183a22256c35b025a900af4b5372 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: ef900ef15f71bb7ac415bd5cef90b56d C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 82f9764ebe2ef590cd2b3beb234e5671 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: a2c2ec01306a666c4372bb7a06659b5d C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: fc19f3d46e21ef65eea990b8af2076f6 C:\Program Files (x86)\Microsoft Office\Office14\1033\ONINTL.DLL
MD5: 4664abade37f75551cab943ea6077946 C:\Program Files (x86)\Microsoft Office\Office14\1033\ospintl.dll
MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL
MD5: da0a59faa480ee4b7d4bd5cfdb703962 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
MD5: 043fe3c9088beadc6a9ffc033c84f20f C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
MD5: 3178dfacbe9303bea96de6751bb1807c c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\agcore.dll
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: c5cb6b9ccd8efe1a57474d92f66ef961 C:\Program Files (x86)\Mozilla Firefox\plugins\CCMSDK.dll
MD5: d3ccf7cd5573190551dab160b1bd51e3 C:\Program Files (x86)\Mozilla Firefox\plugins\cgpcfg.dll
MD5: 26ced20df5a762244338479722276ca3 C:\Program Files (x86)\Mozilla Firefox\plugins\CgpCore.dll
MD5: 8cf42ee9ab3606936918fd6aa96f5963 C:\Program Files (x86)\Mozilla Firefox\plugins\confmgr.dll
MD5: e5d8a38db34713eee3c895d504cafd41 C:\Program Files (x86)\Mozilla Firefox\plugins\ctxlogging.dll
MD5: bc068d663903d1fa569eb02b0a8ef692 C:\Program Files (x86)\Mozilla Firefox\plugins\ctxmui.dll
MD5: cc35547ebce92465eea02e99a6488f2a C:\Program Files (x86)\Mozilla Firefox\plugins\icafile.dll
MD5: 2df55865f16bdd581eab9e076ee0af6d C:\Program Files (x86)\Mozilla Firefox\plugins\icalogon.dll
MD5: 8f09c28cf5cb6a174bbcfbd181f05dbb C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
MD5: 77bfb74e3edd5b240044ec0ac52ead50 C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 783f2c4232ced8829f1bbe9434cf5546 C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
MD5: eb15cb18a8f86d6b818b5f37e945a446 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: fdd51e5162e76281d0a1801897c47db9 C:\Program Files (x86)\Mozilla Firefox\plugins\sslsdk_b.dll
MD5: 2ff5a77507f6473f339eb97fbf112427 C:\Program Files (x86)\Mozilla Firefox\plugins\TcpPServ.dll
MD5: db7951146ca1e218e1d3bcff115848a3 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccIPC.dll
MD5: 7a03683fdec05543a5cf7aa968129a1f C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccL100U.dll
MD5: 6fee15b53d624e06d86759258e1f6a9c C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSet.dll
MD5: e78a365cc3e0fbfc018a33dce01909f8 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
MD5: abff5f1e970dbc68e2cae682378dc717 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccVrTrst.dll
MD5: aa07969b151f809f75258cf97f1262fb C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
MD5: 379be5ea9826c5590dff1c29a8bc65af C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coUICtlr.dll
MD5: e23a309b26dd826b0c0378907973a57c C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coWPPlg.dll
MD5: 177364f26f682529220af4906131dc2a C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\EFACli.dll
MD5: 21215b293e3af3126d313b2be33723ca C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
MD5: 14b709ce90cc067811cc33282155dfcf C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\isDataPr.dll
MD5: 0cc00b06e784dc24bf506f3a7993be37 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IVPlugin.dll
MD5: 58e4954bf382e2cf03b9a2aea2df0914 C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\SYMHTML.DLL
MD5: 05631c86fc87b23ee8f0c07a834057c2 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 9d6de9a470eeb47207f413c58980f5fa C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: e7818cd4fb51284c948d68a7a85a69b8 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: 1ff50da96e12e243a70b5023cfe22d42 C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
MD5: 3df9aff63c0598e09e0927e698aae476 C:\Program Files (x86)\QuickTime\QTPlugin.ocx
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 78efed0fd1b45d40fa2569be4d1b8e61 C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe
MD5: d87c58dd652df387c4e9a0f9ce595d69 C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe
MD5: 79752d8e6f12cf5501c60f19bc5f1c7d C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
MD5: 812e8f893e010dc871478d9cc8aa28ee C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
MD5: 32c81a9157143da8ffafaf214084ae11 C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
MD5: 48328ff817c249647f60f233845834ec C:\Program Files (x86)\TabletPlugins\npwacom.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 0a888754c63c3a5d8cd8f7492c62b40d c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 3c0d4b3e80fc4854ca325dd123cc4ded C:\Program Files\iPod\bin\iPodService.exe
MD5: 7a2a8c975356858eb38466a6b1592e8d c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
MD5: 6d65985945b03ca59b67d0b73702fc7b c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: 12e6d95cde974b131defaa44bab8b056 c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
MD5: a2cc9a9bc30c6141ff99d85a4e26d7a7 C:\Program Files\WTouch\WTouchService.exe
MD5: 6c64fa457c200874faa87d74152e0d84 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
MD5: 18c40c3f368323b203ace403cb430db1 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120330.002\IDSvia64.sys
MD5: bd5a82b5f6e88b9d987485229808e268 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120330.002\Scxpx86.dll
MD5: 2dbe90210de76be6e1653bb20ec70ec2 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120330.036\ENG64.SYS
MD5: 346da70e203b8e2c850277713de8f71b C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120330.036\EX64.SYS
MD5: 87deeeb4a04306c3464c409027a47306 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MD5: 38ef721ebbb08b03a017911d854e1bf7 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MD5: 229b4d74d4b0252f330dbb34d945b09e C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MD5: 6d070b55c42a755f24862368a6f9a8b0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MD5: a3095a87a2bd98a8da5e9ce98cbe140f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MD5: b54279e1fb4a4f901a3e1a107ae49e2d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3623247db0c19cd14589e6f4d6cfb290\System.ServiceModel.ni.dll
MD5: b2031d35ab0c24885ebdae3052fb6347 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll
MD5: 7ac8a068501152ea3dd89925949038c8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MD5: 51e30cdab30d7ef61a8507c07d68d446 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MD5: 90cc658956b6f4b0be28ef321bbe9e32 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MD5: 8f9bb18fd145851952e6b4fa4787038a C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MD5: f9a16e4f8bb1542f93d23506b9e867fd C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MD5: b72761c1504f634c9e681da09a5a4187 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
MD5: 252b2a8212be315d8e39f29a439c2678 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MD5: 90c55674a7fa8387fe9bb41b72860d0c C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MD5: 3ef3cf1e699d27f8cf524dea3a3ca66b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MD5: b6a4d7fc6392dde073feee8406598c4c C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
MD5: f8c825d50e7718087b3dc9dd53ee99d4 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MD5: 2cd98c8367653750b9e84b3cdfc1cec8 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MD5: 3a9c70a5b5a1b9302e4a1029582242ca C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MD5: 865d7b2d6b834d5b225ae3e86e519ba1 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MD5: 9ff379449daf2dd095ec1af48636bd89 C:\Windows\Downloaded Program Files\ieatgpc.dll
MD5: ebc89d1526dc72917d4421551656c54e C:\Windows\Downloaded Program Files\qsax.dll
MD5: 47c071994c3f649f23d9cd075ac9304a C:\Windows\ehome\ehRecvr.exe
MD5: 0862495e0c825893db75ef44faea8e93 C:\Windows\Explorer.exe
MD5: af2d82d297609df60469bfae48645762 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 44a38da547fbfeb2f2b3d480728805de C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: cdaf3e1a99f938153701bbe7375af1d7 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: ea8332a740b8737c4c473c889c86dcb2 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: ca96db062b430825262b189684e871d8 C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: d892c77afa8afaba6f474a7da401bd7c C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 5f3bdb02d64443efca7dd9248619c962 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 225e83f591113adec764afba0ab12593 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 0a58da99321d95944e796541a716cbf5 C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: ea93d50a341350321c96208f651408d0 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 267aff1ea665dbe422276601989efff3 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3927fdfe073338428a24160e427e87a3 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 56b798396b5ad9fb064528b638a6008f C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 88955bce0a301ca342562be24415d9cc C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: a5750894aefe1d57cf8c460ea4065748 C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: b3758364d42bbdba18383f010fb7cfcd C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 20f76c488929b6288733888bffe62f65 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: daef44b6ff4aec4533bab3761310d4a5 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: c13d2932297d3597fea7b6902efc117d C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 69ac43aae61eec7625726b377ccaaa13 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: a2903ece1d115fea38bb07e01c122b5e C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 21a7966a1fc4b9b7263388e9981551e3 C:\Windows\system32\d2d1.dll
MD5: 00c62d4d138f99c75715f71a10b96a53 C:\Windows\system32\d3d10_1.dll
MD5: eaf0687c670f9cd5d6d93fc4fedcaa19 C:\Windows\system32\d3d10_1core.dll
MD5: 11cdf138552bfec115b60ed6dc3aceb6 C:\Windows\system32\DEVRTL.dll
MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\Windows\system32\dnsapi.DLL
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 6e948c8e2cdc8551170e4cc261e5d853 C:\Windows\system32\DWrite.dll
MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\Windows\system32\Explorer.exe
MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\explorerframe.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll
MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 5f856156f709df40b42d36ae8a0f0695 C:\Windows\System32\msxml6.dll
MD5: 6e58693ccb1c92109b099cbe4ad7696f C:\Windows\system32\nvd3dum.dll
MD5: aabe6452dfff3baa664a33795b2166fc C:\Windows\system32\nvwgf2um.dll
MD5: 4d59a5b6ef0af6f9fdf3d157534380af C:\Windows\system32\OLEACC.dll
MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\Windows\system32\SearchIndexer.exe
MD5: b4c246937bdb3e50b24698ee811074bf C:\Windows\system32\Secur32.dll
MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\Windows\System32\wcncsvc.dll
MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\Windows\System32\webclnt.dll
MD5: a86a1c5df1c662d1c75815bf4794f16d C:\Windows\system32\webio.dll
MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\Windows\system32\WINHTTP.dll
MD5: 3f234838abe55fd9164105ee5b572cd1 C:\Windows\system32\wintab32.DLL
MD5: 9967bce6cf289223adc2fbf311c6a78f C:\Windows\system32\wmp.dll
MD5: fa05241c7bc7ebcc36af78299d0d37fe C:\Windows\system32\wmploc.dll
MD5: 0c2ae180d8c35f723ba13a16aa9ac453 C:\Windows\system32\xmllite.dll
MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\Windows\syswow64\CFGMGR32.dll
MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll
MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll
MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\Windows\syswow64\kernel32.dll
MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\Windows\syswow64\KERNELBASE.dll
MD5: e9f427ef46965d33e878a507a2f5ccb6 C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx
MD5: 0873c7b403ef57c94c06ebe013229427 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: f8a61b2e713309b4616d107919bdab6e C:\Windows\syswow64\msvcrt.dll
MD5: db6dd54a93522ca3572d04b56c5db890 C:\Windows\SysWOW64\ntdll.dll
MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\syswow64\ole32.dll
MD5: 705c210efc5564be49eb026bd7aff27a C:\Windows\syswow64\OLEAUT32.dll
MD5: 83041697ae93aa4b783ae8746904edd2 C:\Windows\SysWOW64\schannel.dll
MD5: 11535b22cfcc1f4d16c8d11289682ba3 C:\Windows\syswow64\SHELL32.dll
MD5: 44a6fbe9877ca69bd8b3b16c0a20fe1e C:\Windows\syswow64\SspiCli.dll
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4928ab3a304ddf05c354de3807a4a66b C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.95 KB recvd
Scanned 477 files and modules - 32 seconds

==============================================================================

kevinf80 · « **Reply #21 on:** March 31, 2012, 03:28:55 PM »

Everything looks good, run the following for an overview of security and status of Java, Adobe etc...

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post that log, let me know if you have any remaining issues or concerns...

Kevin

ooguyx · « **Reply #22 on:** March 31, 2012, 03:32:29 PM »

Here's the log you've requested.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 26
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

kevinf80 · « **Reply #23 on:** March 31, 2012, 03:49:31 PM »

OK, do the following:

Step 1

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

Download OTC by OldTimer and save it to your desktop. Alternative mirror
Double click icon to start the program.
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.
This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

Delete or drag to the recycle bin the following if on desktop:

Security Checks plus any associated log

Step 3

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

Adobe Reader Untick the Free McAfee® Security Scan Plus (optional)

Step 4

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.

Go to Sun Java
Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
Reboot your computer

Step 5

Download

TFC to your desktop, from either of the following links
Link 1
Link 2

Save any open work. TFC will close all open application windows.
Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, also if any remaining issues or concerns...

Kevin

ooguyx · « **Reply #24 on:** March 31, 2012, 04:41:19 PM »

Everything went well and is updated. Now I think I will uninstall Norton for MB.
Do you think that any of my data was stolen from this root kit?

Also, thanks for your help and patience.

kevinf80 · « **Reply #25 on:** March 31, 2012, 04:48:27 PM »

What do you mean by "Now I think I will uninstall Norton for MB" do you mean Malwarbytes?

If that is what you mean, please be aware that Malwarebytes has no Anti-Virus component, it should not be used as full protection on its own, even if you pay for the Pro version, you would still need a Firewall and Anti-virus protection...

Kevin

ooguyx · « **Reply #26 on:** March 31, 2012, 06:08:56 PM »

Ok, well I'm pretty upset with Norton at this point. This isn't the first virus that they've missed. Can you recommend a better program?

kevinf80 · « **Reply #27 on:** March 31, 2012, 06:21:51 PM »

To keep safe when online you need a good Antivirus/Antspyware/Antimalware/Anti-Rootkit combination application. Microsoft Security Essentials covers all of those bases, but better still it is free. Go Here and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

Go Here for information that will show you how to install and use MSE.

You also need a software Firewall, Online Armour Free Firewall is one of the best available, also go Here for an excellent tutorial that will show you how to use it.

I`d also keep Malwarebytes free version for twice weekly quick scans and once four weekly full scans, or as required scans. Always remember to update first. If you have a spare £20 upgrade to the professional version, you get realtime protection and auto updates. It also works well with MSE and Online Armor and is a lifetime license, that is my own set up.

If you are going to change Norton will have to be removed, use the UNinstall tool available here:

Download and install the Norton removal tool from Here

Alternative link

Install and run the tool, follow any prompts that are given.

Kevin

ooguyx · « **Reply #28 on:** March 31, 2012, 07:16:56 PM »

Ok, I'll take that setup. The link explaining how to use the firewall doesn't work

kevinf80 · « **Reply #29 on:** April 01, 2012, 01:20:55 AM »

I`m not sure why that link is down, maybe Emisoft have removed it. After you install the firewall it is still a very easy to use and understand application.
Once installed right click on the OA Shield that will be next to your clock, select "Help" from the list of functions, that will take you to the help facility that will show you how to use this FW...

Or try this link direct from your browser if you have not installed the FW... http://www.emsisoft.com/en/info/oa/

If no remaining issues here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....

...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

Firefox,

Opera, and

Chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Let me know when you are OK to close out your thread,

Take care,

Kevin

News:

Author Topic: [Resolved K] Google Redirects (Read 2129 times)

ooguyx

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

kevinf80

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

kevinf80

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

kevinf80

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

kevinf80

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

kevinf80

Re: [Resolved K] Google Redirects

ooguyx

Re: [Resolved K] Google Redirects

kevinf80

Re: [Resolved K] Google Redirects