Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent not removed on reboot, BackDoor, http web pages not displaying


  • This topic is locked This topic is locked
11 replies to this topic

#1 tangomoon

tangomoon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 27 February 2012 - 03:57 PM

Original posting

Hello! I previously posted the following description of the problems that this Windows 7 machine is having. I am unable to access any web page beginning with http: from the machine, however it does allow addresses beginning with https: . I am unable to update to the most recent version of Malwarebytes as well.

After multiple Malwarebytes scans & attempts to remove by rebooting, it keeps finding two objects:

Trojan.Agent File C:\\Windows\svchost.exe
Trojan.Agent Memory Process C:\\Windows\svchost.exe 3276

McAfee also keeps detecting and quarantining a trojan:

McAfee detected and automatically removed a Trojan from your PC. No further action required.

About This Trojan
Detected: Generic BackDoor!gf (Trojan)
Quarantined From: C:\USERS\LANDONLAPTOP\APPDATA\ROAMING\838A6\lwm.exe

McAfee detected and automatically removed a Trojan from your PC. No further action required.

About This Trojan
Detected: Generic BackDoor!gf (Trojan)
Quarantined From: C:\USERS\LANDONLAPTOP\APPDATA\ROAMING\D4B83\5ADEE.exe

I have run the programs listed in the preparation guide with the exception of the GMER logs, since it is a 64-bit version. (I am transferring files on a flash drive, since I'm unable to access the site directly from the infected computer.)

Thank you so much for any help in getting rid of these!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Run by LandonLaptop at 14:19:24 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2701 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\SMART Board Software\SMARTBoardService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
C:\Users\LandonLaptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Aware.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Marker.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0368z125t58n1w54r
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0368z125t58n1w54r
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0368z125t58n1w54r
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:60485
mURLSearchHooks: Quizulous_v2b Toolbar: {ec173f7c-6744-441f-be93-c7cc43103ba5} - C:\Program Files (x86)\Quizulous_v2b\prxtbQuiz.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll
BHO: DownloadFile Class: {30da8584-e4b3-45f7-a164-db8f869fcf77} - C:\Program Files (x86)\SMART Board Software\NotebookPlugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222053425.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Quizulous_v2b Toolbar: {ec173f7c-6744-441f-be93-c7cc43103ba5} - C:\Program Files (x86)\Quizulous_v2b\prxtbQuiz.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Quizulous_v2b Toolbar: {ec173f7c-6744-441f-be93-c7cc43103ba5} - C:\Program Files (x86)\Quizulous_v2b\prxtbQuiz.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\LandonLaptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\LANDON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\LandonLaptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~2.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTB~1.LNK - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir703.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\2375942554033313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\2454C4B494E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\26375726163756D656E647 : DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\5405E4 : DhcpNameServer = 207.192.234.7 8.8.8.8
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\86561647F6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\8686F6E6F62737 : DhcpNameServer = 12.127.17.71 12.127.16.67
TCP: Interfaces\{4CAEB3D7-9AB2-4A15-9A12-2A32E017ADAA}\C696E6B6379737 : DhcpNameServer = 216.229.72.9 216.229.73.9 216.229.74.9
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: DownloadFile Class: {30DA8584-E4B3-45f7-A164-DB8F869FCF77} - C:\Program Files (x86)\SMART Board Software\NotebookPlugin.dll
BHO-X64: SMART Notebook Download Plugin - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111222053425.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Quizulous_v2b Toolbar: {ec173f7c-6744-441f-be93-c7cc43103ba5} - C:\Program Files (x86)\Quizulous_v2b\prxtbQuiz.dll
BHO-X64: Quizulous_v2b - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll
TB-X64: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Quizulous_v2b Toolbar: {ec173f7c-6744-441f-be93-c7cc43103ba5} - C:\Program Files (x86)\Quizulous_v2b\prxtbQuiz.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
mRun-x64: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110817&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60485
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\LandonLaptop\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\LandonLaptop\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\LandonLaptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\LandonLaptop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys --> C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [?]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys --> C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [?]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys --> C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-27 20:01:44 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{ED092425-9D43-4A77-90CC-887D8957E13C}
2012-02-27 00:09:04 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{D1271B1C-790E-409F-A8FA-09CD998C0989}
2012-02-26 23:58:36 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{4EF411C5-CE61-41AA-B994-1B379BD3E9CC}
2012-02-26 20:43:20 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{18AD3F55-771D-458A-B52E-2D66DBA57B75}
2012-02-26 00:27:01 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 02:27:32 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{086662FD-4E56-46B0-B3A3-E6F06E820918}
2012-02-23 02:26:40 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{0CB433D3-6DB2-4D67-945A-1011D1EB5009}
2012-02-21 20:18:42 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{EAEECAE6-EEC3-4874-9FD4-09A9FDB6E241}
2012-02-20 21:41:28 20480 ----a-w- C:\Windows\svchost.exe
2012-02-20 19:45:13 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{D8950D66-063E-4A32-A6D2-0D0E95091047}
2012-02-20 04:04:23 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{869B93F2-56A4-4CDC-802A-CFAAD612EA7B}
2012-02-20 03:34:03 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{8BC1C936-7662-4D09-80F8-036183D011B0}
2012-02-20 01:05:43 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{A6C8D003-19EC-495F-9DE0-E3D14F11A418}
2012-02-20 01:05:30 183808 ----a-w- C:\Users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\8008.exe
2012-02-20 01:05:06 281600 ----a-w- C:\Users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\22AC.exe
2012-02-19 23:13:24 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{B48E3C7E-0D46-4948-B545-EEF559EFEB32}
2012-02-19 23:12:50 167936 ----a-w- C:\Users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\7A7C.exe
2012-02-19 23:03:20 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{72699404-3E77-454B-83F4-AAA90AC7B748}
2012-02-17 12:08:48 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{5698DDB2-6997-489B-A70B-5D4F560224A9}
2012-02-15 02:10:22 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 02:10:20 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 02:10:15 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 02:10:14 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 02:10:12 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 02:10:09 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-11 16:42:42 -------- d-----w- C:\Users\LandonLaptop\AppData\Roaming\838A6
2012-02-11 16:40:19 99328 ----a-w- C:\Users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\15A2.tmp
2012-02-11 16:39:57 -------- d-----w- C:\Users\LandonLaptop\AppData\Roaming\D4B83
2012-02-11 16:39:53 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{2670347C-DB0C-422E-A787-320B0ECDE7F8}
2012-02-11 15:59:50 -------- d--h--w- C:\Program Files (x86)\838A6
2012-02-11 15:59:08 -------- d--h--w- C:\Program Files (x86)\LP
2012-02-10 01:30:25 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{9953F07E-9BBC-4760-980F-4F4E30CFB96A}
2012-02-09 23:09:40 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{FD266AD3-CA30-49BA-A510-D95AE7382CE0}
2012-02-09 04:06:47 -------- d-----w- C:\Users\LandonLaptop\AppData\Local\{3DEEAACF-6689-4BA2-A7CC-697C4339C2B7}
2012-02-09 04:01:36 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FE1D.tmp
2012-02-09 04:01:36 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FDCE.tmp
.
==================== Find3M ====================
.
2011-12-31 04:15:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 14:23:17.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:25 PM

Posted 01 March 2012 - 11:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:60485 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 tangomoon

tangomoon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 01 March 2012 - 12:19 PM

Thank you so much for your help. Here are the requested logs after following the steps above:


10:45:22.0568 3600 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
10:45:24.0580 3600 ============================================================
10:45:24.0580 3600 Current date / time: 2012/03/01 10:45:24.0580
10:45:24.0580 3600 SystemInfo:
10:45:24.0580 3600
10:45:24.0580 3600 OS Version: 6.1.7601 ServicePack: 1.0
10:45:24.0580 3600 Product type: Workstation
10:45:24.0580 3600 ComputerName: LANDONLAPTOP-PC
10:45:24.0580 3600 UserName: LandonLaptop
10:45:24.0580 3600 Windows directory: C:\Windows
10:45:24.0580 3600 System windows directory: C:\Windows
10:45:24.0580 3600 Running under WOW64
10:45:24.0580 3600 Processor architecture: Intel x64
10:45:24.0580 3600 Number of processors: 2
10:45:24.0580 3600 Page size: 0x1000
10:45:24.0580 3600 Boot type: Normal boot
10:45:24.0580 3600 ============================================================
10:45:30.0461 3600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:45:30.0493 3600 Drive \Device\Harddisk1\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:45:30.0508 3600 \Device\Harddisk0\DR0:
10:45:30.0695 3600 MBR used
10:45:30.0695 3600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
10:45:30.0695 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
10:45:30.0695 3600 \Device\Harddisk1\DR2:
10:45:30.0695 3600 MBR used
10:45:30.0695 3600 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x12A18A82
10:45:31.0585 3600 Initialize success
10:45:31.0585 3600 ============================================================
10:45:35.0453 2892 ============================================================
10:45:35.0453 2892 Scan started
10:45:35.0453 2892 Mode: Manual;
10:45:35.0453 2892 ============================================================
10:45:40.0617 2892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:45:40.0664 2892 1394ohci - ok
10:45:40.0913 2892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:45:40.0913 2892 ACPI - ok
10:45:41.0319 2892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:45:41.0366 2892 AcpiPmi - ok
10:45:41.0803 2892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:45:41.0803 2892 adp94xx - ok
10:45:42.0224 2892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:45:42.0224 2892 adpahci - ok
10:45:43.0862 2892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:45:43.0877 2892 adpu320 - ok
10:45:44.0158 2892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:45:44.0158 2892 AFD - ok
10:45:44.0813 2892 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
10:45:44.0876 2892 AgereSoftModem - ok
10:45:46.0561 2892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:45:46.0561 2892 agp440 - ok
10:45:47.0122 2892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:45:47.0122 2892 aliide - ok
10:45:47.0699 2892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:45:47.0699 2892 amdide - ok
10:45:48.0011 2892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:45:48.0011 2892 AmdK8 - ok
10:45:48.0355 2892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:45:48.0355 2892 AmdPPM - ok
10:45:49.0868 2892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:45:49.0915 2892 amdsata - ok
10:45:50.0617 2892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:45:50.0632 2892 amdsbs - ok
10:45:50.0913 2892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:45:50.0960 2892 amdxata - ok
10:45:51.0194 2892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:45:51.0241 2892 AppID - ok
10:45:52.0816 2892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:45:52.0816 2892 arc - ok
10:45:53.0269 2892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:45:53.0284 2892 arcsas - ok
10:45:53.0393 2892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:53.0393 2892 AsyncMac - ok
10:45:53.0565 2892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:45:53.0565 2892 atapi - ok
10:45:54.0064 2892 athr (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
10:45:54.0127 2892 athr - ok
10:45:54.0485 2892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:45:54.0501 2892 b06bdrv - ok
10:45:56.0045 2892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:45:56.0061 2892 b57nd60a - ok
10:45:56.0841 2892 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:45:56.0872 2892 BCM43XX - ok
10:45:57.0106 2892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:45:57.0106 2892 Beep - ok
10:45:57.0605 2892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:45:57.0621 2892 blbdrive - ok
10:45:59.0524 2892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:45:59.0571 2892 bowser - ok
10:46:00.0273 2892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:46:00.0273 2892 BrFiltLo - ok
10:46:00.0460 2892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:46:00.0460 2892 BrFiltUp - ok
10:46:00.0585 2892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:46:00.0601 2892 Brserid - ok
10:46:00.0632 2892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:46:00.0632 2892 BrSerWdm - ok
10:46:00.0819 2892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:46:00.0835 2892 BrUsbMdm - ok
10:46:02.0114 2892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:46:02.0114 2892 BrUsbSer - ok
10:46:02.0519 2892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:46:02.0535 2892 BTHMODEM - ok
10:46:03.0065 2892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:46:03.0081 2892 cdfs - ok
10:46:03.0455 2892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:46:03.0502 2892 cdrom - ok
10:46:03.0955 2892 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
10:46:04.0017 2892 cfwids - ok
10:46:05.0437 2892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:46:05.0437 2892 circlass - ok
10:46:05.0702 2892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:46:05.0702 2892 CLFS - ok
10:46:06.0451 2892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:46:06.0451 2892 CmBatt - ok
10:46:06.0981 2892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:46:06.0981 2892 cmdide - ok
10:46:08.0385 2892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:46:08.0447 2892 CNG - ok
10:46:08.0744 2892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:46:08.0759 2892 Compbatt - ok
10:46:09.0103 2892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:46:09.0149 2892 CompositeBus - ok
10:46:09.0383 2892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:46:09.0383 2892 crcdisk - ok
10:46:11.0240 2892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:46:11.0287 2892 DfsC - ok
10:46:11.0489 2892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:46:11.0489 2892 discache - ok
10:46:11.0708 2892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:46:11.0723 2892 Disk - ok
10:46:11.0739 2892 DKbFltr - ok
10:46:11.0957 2892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:46:11.0973 2892 drmkaud - ok
10:46:12.0207 2892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:46:12.0223 2892 DXGKrnl - ok
10:46:12.0581 2892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:46:12.0628 2892 ebdrv - ok
10:46:12.0925 2892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:46:12.0940 2892 elxstor - ok
10:46:14.0375 2892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:46:14.0375 2892 ErrDev - ok
10:46:14.0703 2892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:46:14.0703 2892 exfat - ok
10:46:14.0859 2892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:46:14.0859 2892 fastfat - ok
10:46:15.0311 2892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:46:15.0311 2892 fdc - ok
10:46:15.0467 2892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:46:15.0467 2892 FileInfo - ok
10:46:15.0592 2892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:46:15.0592 2892 Filetrace - ok
10:46:15.0764 2892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:46:15.0764 2892 flpydisk - ok
10:46:17.0059 2892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:46:17.0121 2892 FltMgr - ok
10:46:17.0433 2892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:46:17.0433 2892 FsDepends - ok
10:46:17.0885 2892 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:46:17.0932 2892 fssfltr - ok
10:46:18.0307 2892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:46:18.0307 2892 Fs_Rec - ok
10:46:18.0556 2892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:46:18.0556 2892 fvevol - ok
10:46:18.0931 2892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:46:18.0931 2892 gagp30kx - ok
10:46:20.0506 2892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:46:20.0553 2892 GEARAspiWDM - ok
10:46:21.0099 2892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:46:21.0099 2892 hcw85cir - ok
10:46:21.0489 2892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:46:21.0551 2892 HdAudAddService - ok
10:46:22.0051 2892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:46:22.0051 2892 HDAudBus - ok
10:46:23.0299 2892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:46:23.0299 2892 HidBatt - ok
10:46:23.0533 2892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:46:23.0533 2892 HidBth - ok
10:46:23.0611 2892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:46:23.0611 2892 HidIr - ok
10:46:24.0250 2892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:46:24.0297 2892 HidUsb - ok
10:46:24.0625 2892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:46:24.0687 2892 HpSAMD - ok
10:46:25.0015 2892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:46:25.0030 2892 HTTP - ok
10:46:26.0387 2892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:46:26.0387 2892 hwpolicy - ok
10:46:27.0230 2892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:46:27.0230 2892 i8042prt - ok
10:46:27.0979 2892 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:46:27.0994 2892 iaStor - ok
10:46:28.0181 2892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:46:28.0228 2892 iaStorV - ok
10:46:29.0930 2892 igfx (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:46:30.0008 2892 igfx - ok
10:46:30.0304 2892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:46:30.0304 2892 iirsp - ok
10:46:30.0788 2892 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
10:46:30.0834 2892 IntcAzAudAddService - ok
10:46:32.0550 2892 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
10:46:32.0613 2892 IntcHdmiAddService - ok
10:46:32.0940 2892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:46:32.0940 2892 intelide - ok
10:46:33.0908 2892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:46:33.0908 2892 intelppm - ok
10:46:36.0201 2892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:36.0263 2892 IpFilterDriver - ok
10:46:36.0934 2892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:46:36.0981 2892 IPMIDRV - ok
10:46:37.0215 2892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:46:37.0230 2892 IPNAT - ok
10:46:38.0946 2892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:46:38.0946 2892 IRENUM - ok
10:46:39.0414 2892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:46:39.0414 2892 isapnp - ok
10:46:39.0836 2892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:46:39.0898 2892 iScsiPrt - ok
10:46:40.0366 2892 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:46:40.0444 2892 k57nd60a - ok
10:46:41.0879 2892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:46:41.0895 2892 kbdclass - ok
10:46:42.0378 2892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:46:42.0425 2892 kbdhid - ok
10:46:43.0486 2892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:46:43.0533 2892 KSecDD - ok
10:46:44.0843 2892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:46:44.0906 2892 KSecPkg - ok
10:46:45.0358 2892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:46:45.0358 2892 ksthunk - ok
10:46:46.0372 2892 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
10:46:46.0372 2892 L1E - ok
10:46:47.0948 2892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:46:47.0963 2892 lltdio - ok
10:46:48.0369 2892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:46:48.0384 2892 LSI_FC - ok
10:46:48.0462 2892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:46:48.0462 2892 LSI_SAS - ok
10:46:48.0478 2892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:46:48.0478 2892 LSI_SAS2 - ok
10:46:48.0618 2892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:46:48.0618 2892 LSI_SCSI - ok
10:46:49.0164 2892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:46:49.0164 2892 luafv - ok
10:46:52.0019 2892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:46:52.0035 2892 megasas - ok
10:46:52.0378 2892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:46:52.0394 2892 MegaSR - ok
10:46:54.0297 2892 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
10:46:54.0344 2892 mfeapfk - ok
10:46:55.0155 2892 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
10:46:55.0233 2892 mfeavfk - ok
10:46:55.0592 2892 mfeavfk01 - ok
10:46:56.0731 2892 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
10:46:56.0794 2892 mfefirek - ok
10:46:57.0277 2892 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
10:46:57.0355 2892 mfehidk - ok
10:46:57.0667 2892 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
10:46:57.0714 2892 mfenlfk - ok
10:46:57.0917 2892 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
10:46:57.0917 2892 mferkdet - ok
10:46:58.0104 2892 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
10:46:58.0167 2892 mfewfpk - ok
10:46:58.0525 2892 MOBKFilter (3800c23d0d90c59aafcdefdc82b5c4af) C:\Windows\system32\DRIVERS\MOBK.sys
10:46:58.0572 2892 MOBKFilter - ok
10:47:00.0054 2892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:47:00.0054 2892 Modem - ok
10:47:00.0304 2892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:47:00.0320 2892 monitor - ok
10:47:00.0491 2892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:47:00.0491 2892 mouclass - ok
10:47:00.0788 2892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:47:00.0788 2892 mouhid - ok
10:47:01.0146 2892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:47:01.0146 2892 mountmgr - ok
10:47:02.0753 2892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:47:02.0831 2892 mpio - ok
10:47:03.0268 2892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:47:03.0268 2892 mpsdrv - ok
10:47:04.0079 2892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:47:04.0142 2892 MRxDAV - ok
10:47:04.0828 2892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:47:04.0875 2892 mrxsmb - ok
10:47:06.0684 2892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:47:06.0747 2892 mrxsmb10 - ok
10:47:07.0901 2892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:47:07.0964 2892 mrxsmb20 - ok
10:47:10.0132 2892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:47:10.0210 2892 msahci - ok
10:47:12.0971 2892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:47:13.0049 2892 msdsm - ok
10:47:15.0140 2892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:47:15.0140 2892 Msfs - ok
10:47:16.0138 2892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:47:16.0138 2892 mshidkmdf - ok
10:47:16.0606 2892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:47:16.0606 2892 msisadrv - ok
10:47:19.0289 2892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:47:19.0289 2892 MSKSSRV - ok
10:47:21.0738 2892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:47:21.0754 2892 MSPCLOCK - ok
10:47:23.0018 2892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:47:23.0018 2892 MSPQM - ok
10:47:24.0390 2892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:47:24.0437 2892 MsRPC - ok
10:47:24.0812 2892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:47:24.0812 2892 mssmbios - ok
10:47:25.0139 2892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:47:25.0139 2892 MSTEE - ok
10:47:25.0295 2892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:47:25.0295 2892 MTConfig - ok
10:47:25.0420 2892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:47:25.0436 2892 Mup - ok
10:47:25.0560 2892 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:47:25.0607 2892 mwlPSDFilter - ok
10:47:25.0685 2892 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:47:25.0748 2892 mwlPSDNServ - ok
10:47:25.0935 2892 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:47:26.0013 2892 mwlPSDVDisk - ok
10:47:27.0308 2892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:47:27.0323 2892 NativeWifiP - ok
10:47:27.0900 2892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:47:27.0916 2892 NDIS - ok
10:47:28.0571 2892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:47:28.0571 2892 NdisCap - ok
10:47:28.0805 2892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:47:28.0805 2892 NdisTapi - ok
10:47:28.0946 2892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:47:28.0992 2892 Ndisuio - ok
10:47:29.0102 2892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:47:29.0148 2892 NdisWan - ok
10:47:31.0254 2892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:47:31.0301 2892 NDProxy - ok
10:47:31.0800 2892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:47:31.0800 2892 NetBIOS - ok
10:47:32.0050 2892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:47:32.0050 2892 NetBT - ok
10:47:32.0393 2892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:47:32.0393 2892 nfrd960 - ok
10:47:33.0797 2892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:47:33.0813 2892 Npfs - ok
10:47:34.0187 2892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:47:34.0187 2892 nsiproxy - ok
10:47:34.0608 2892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:47:34.0624 2892 Ntfs - ok
10:47:34.0967 2892 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
10:47:35.0014 2892 NTIDrvr - ok
10:47:35.0326 2892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:47:35.0342 2892 Null - ok
10:47:36.0699 2892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:47:36.0761 2892 nvraid - ok
10:47:37.0479 2892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:47:37.0541 2892 nvstor - ok
10:47:38.0430 2892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:47:38.0446 2892 nv_agp - ok
10:47:39.0959 2892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:47:39.0975 2892 ohci1394 - ok
10:47:40.0240 2892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:47:40.0256 2892 Parport - ok
10:47:41.0410 2892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:47:41.0457 2892 partmgr - ok
10:47:42.0970 2892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:47:43.0032 2892 pci - ok
10:47:43.0672 2892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:47:43.0672 2892 pciide - ok
10:47:44.0499 2892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:47:44.0499 2892 pcmcia - ok
10:47:46.0074 2892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:47:46.0090 2892 pcw - ok
10:47:47.0026 2892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:47:47.0042 2892 PEAUTH - ok
10:47:47.0525 2892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:47:47.0572 2892 PptpMiniport - ok
10:47:47.0790 2892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:47:47.0806 2892 Processor - ok
10:47:49.0382 2892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:47:49.0382 2892 Psched - ok
10:47:50.0224 2892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:47:50.0240 2892 ql2300 - ok
10:47:50.0583 2892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:47:50.0583 2892 ql40xx - ok
10:47:52.0221 2892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:47:52.0221 2892 QWAVEdrv - ok
10:47:52.0720 2892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:47:52.0720 2892 RasAcd - ok
10:47:52.0938 2892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:47:52.0954 2892 RasAgileVpn - ok
10:47:53.0500 2892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:47:53.0562 2892 Rasl2tp - ok
10:47:55.0310 2892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:47:55.0310 2892 RasPppoe - ok
10:47:55.0403 2892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:47:55.0403 2892 RasSstp - ok
10:47:55.0840 2892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:47:55.0887 2892 rdbss - ok
10:47:56.0339 2892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:47:56.0355 2892 rdpbus - ok
10:47:56.0604 2892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:47:56.0604 2892 RDPCDD - ok
10:47:56.0776 2892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:47:56.0776 2892 RDPENCDD - ok
10:47:56.0792 2892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:47:56.0792 2892 RDPREFMP - ok
10:47:56.0963 2892 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:47:57.0026 2892 RDPWD - ok
10:47:58.0960 2892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:47:59.0007 2892 rdyboost - ok
10:47:59.0459 2892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:47:59.0459 2892 rspndr - ok
10:47:59.0818 2892 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
10:47:59.0880 2892 RSUSBSTOR - ok
10:48:01.0175 2892 RtsUIR - ok
10:48:01.0347 2892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:48:01.0394 2892 sbp2port - ok
10:48:01.0534 2892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:48:01.0581 2892 scfilter - ok
10:48:01.0799 2892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:48:01.0799 2892 secdrv - ok
10:48:01.0908 2892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:48:01.0924 2892 Serenum - ok
10:48:02.0174 2892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:48:02.0174 2892 Serial - ok
10:48:02.0688 2892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:48:02.0688 2892 sermouse - ok
10:48:02.0954 2892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:48:02.0954 2892 sffdisk - ok
10:48:04.0420 2892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:48:04.0436 2892 sffp_mmc - ok
10:48:04.0638 2892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:48:04.0701 2892 sffp_sd - ok
10:48:04.0966 2892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:48:04.0966 2892 sfloppy - ok
10:48:05.0028 2892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:48:05.0044 2892 SiSRaid2 - ok
10:48:05.0060 2892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:48:05.0060 2892 SiSRaid4 - ok
10:48:05.0980 2892 SMARTMouseFilterx64 (323ddcd15db2a7fed09df1f835cafcfb) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
10:48:06.0042 2892 SMARTMouseFilterx64 - ok
10:48:07.0790 2892 SMARTVHidMiniVistaAmd64 (6c691320c71ca8e8c38f52b2ce652c64) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
10:48:07.0836 2892 SMARTVHidMiniVistaAmd64 - ok
10:48:08.0445 2892 SMARTVTabletPCx64 (20563f6830badd675407af0f5bca76ba) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
10:48:08.0507 2892 SMARTVTabletPCx64 - ok
10:48:09.0256 2892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:48:09.0256 2892 Smb - ok
10:48:10.0660 2892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:48:10.0676 2892 spldr - ok
10:48:11.0190 2892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:48:11.0237 2892 srv - ok
10:48:11.0908 2892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:48:11.0970 2892 srv2 - ok
10:48:13.0733 2892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:48:13.0780 2892 srvnet - ok
10:48:14.0388 2892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:48:14.0388 2892 stexstor - ok
10:48:14.0966 2892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:48:14.0966 2892 swenum - ok
10:48:15.0340 2892 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
10:48:15.0402 2892 SynTP - ok
10:48:16.0931 2892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:48:16.0947 2892 Tcpip - ok
10:48:17.0415 2892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:48:17.0430 2892 TCPIP6 - ok
10:48:17.0914 2892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:48:17.0976 2892 tcpipreg - ok
10:48:18.0351 2892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:48:18.0351 2892 TDPIPE - ok
10:48:18.0741 2892 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:48:18.0756 2892 TDTCP - ok
10:48:19.0926 2892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:48:19.0973 2892 tdx - ok
10:48:20.0348 2892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:48:20.0379 2892 TermDD - ok
10:48:20.0831 2892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:48:20.0894 2892 tssecsrv - ok
10:48:21.0268 2892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:48:21.0315 2892 TsUsbFlt - ok
10:48:23.0156 2892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:48:23.0202 2892 tunnel - ok
10:48:23.0811 2892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:48:23.0826 2892 uagp35 - ok
10:48:24.0170 2892 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
10:48:24.0216 2892 UBHelper - ok
10:48:24.0778 2892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:48:24.0840 2892 udfs - ok
10:48:27.0196 2892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:48:27.0212 2892 uliagpkx - ok
10:48:27.0804 2892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:48:27.0851 2892 umbus - ok
10:48:29.0130 2892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:48:29.0130 2892 UmPass - ok
10:48:29.0973 2892 USBAAPL64 (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
10:48:30.0020 2892 USBAAPL64 - ok
10:48:31.0018 2892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:48:31.0065 2892 usbccgp - ok
10:48:32.0734 2892 USBCCID - ok
10:48:33.0264 2892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:48:33.0280 2892 usbcir - ok
10:48:33.0748 2892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:48:33.0810 2892 usbehci - ok
10:48:35.0558 2892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:48:35.0604 2892 usbhub - ok
10:48:36.0197 2892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:48:36.0260 2892 usbohci - ok
10:48:38.0288 2892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:48:38.0288 2892 usbprint - ok
10:48:38.0849 2892 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:48:38.0849 2892 usbscan - ok
10:48:39.0551 2892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:48:39.0614 2892 USBSTOR - ok
10:48:41.0579 2892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:48:41.0642 2892 usbuhci - ok
10:48:42.0827 2892 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:48:42.0905 2892 usbvideo - ok
10:48:44.0418 2892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:48:44.0434 2892 vdrvroot - ok
10:48:44.0902 2892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:48:44.0902 2892 vga - ok
10:48:45.0058 2892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:48:45.0074 2892 VgaSave - ok
10:48:45.0292 2892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:48:45.0370 2892 vhdmp - ok
10:48:45.0542 2892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:48:45.0557 2892 viaide - ok
10:48:45.0620 2892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:48:45.0666 2892 volmgr - ok
10:48:46.0088 2892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:48:46.0088 2892 volmgrx - ok
10:48:47.0928 2892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:48:47.0991 2892 volsnap - ok
10:48:48.0864 2892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:48:48.0880 2892 vsmraid - ok
10:48:50.0549 2892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:48:50.0549 2892 vwifibus - ok
10:48:50.0830 2892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:48:50.0830 2892 vwififlt - ok
10:48:51.0438 2892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:48:51.0454 2892 WacomPen - ok
10:48:51.0953 2892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:48:52.0000 2892 WANARP - ok
10:48:52.0109 2892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:48:52.0109 2892 Wanarpv6 - ok
10:48:53.0810 2892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:48:53.0825 2892 Wd - ok
10:48:54.0371 2892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:48:54.0387 2892 Wdf01000 - ok
10:48:54.0808 2892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:48:54.0808 2892 WfpLwf - ok
10:48:54.0995 2892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:48:54.0995 2892 WIMMount - ok
10:48:56.0821 2892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:48:56.0821 2892 WmiAcpi - ok
10:48:57.0148 2892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:48:57.0148 2892 ws2ifsl - ok
10:48:57.0585 2892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:48:57.0647 2892 WudfPf - ok
10:48:58.0131 2892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:48:58.0178 2892 WUDFRd - ok
10:48:59.0582 2892 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
10:49:00.0643 2892 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:49:00.0643 2892 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:49:00.0658 2892 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR2
10:49:00.0658 2892 \Device\Harddisk1\DR2 - ok
10:49:00.0689 2892 Boot (0x1200) (8b0d31aa39380af8334bdbb7e1ece41a) \Device\Harddisk0\DR0\Partition0
10:49:00.0689 2892 \Device\Harddisk0\DR0\Partition0 - ok
10:49:00.0752 2892 Boot (0x1200) (ad396329c018717e2e053c29fa3c6545) \Device\Harddisk0\DR0\Partition1
10:49:00.0752 2892 \Device\Harddisk0\DR0\Partition1 - ok
10:49:00.0752 2892 Boot (0x1200) (b0e629b398c320fa84eed223ed59e6e3) \Device\Harddisk1\DR2\Partition0
10:49:00.0752 2892 \Device\Harddisk1\DR2\Partition0 - ok
10:49:00.0767 2892 ============================================================
10:49:00.0767 2892 Scan finished
10:49:00.0767 2892 ============================================================
10:49:00.0783 6672 Detected object count: 1
10:49:00.0783 6672 Actual detected object count: 1
10:54:38.0707 6672 \Device\Harddisk0\DR0\# - copied to quarantine
10:54:38.0723 6672 \Device\Harddisk0\DR0 - copied to quarantine
10:54:38.0801 6672 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:54:47.0974 6672 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:54:53.0948 6672 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
10:55:00.0828 6672 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:55:07.0193 6672 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:55:13.0417 6672 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:55:13.0604 6672 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:55:13.0932 6672 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:55:13.0932 6672 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:55:19.0969 6672 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:55:27.0301 6672 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:55:28.0331 6672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:55:28.0346 6672 \Device\Harddisk0\DR0 - ok
10:55:28.0970 6672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:56:49.0468 0560 Deinitialize success


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-01 11:05:48
-----------------------------
11:05:48.405 OS Version: Windows x64 6.1.7601 Service Pack 1
11:05:48.405 Number of processors: 2 586 0x170A
11:05:48.405 ComputerName: LANDONLAPTOP-PC UserName: LandonLaptop
11:05:51.417 Initialize success
11:06:08.365 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:06:08.365 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
11:06:08.381 Disk 0 MBR read successfully
11:06:08.396 Disk 0 MBR scan
11:06:08.396 Disk 0 Windows VISTA default MBR code
11:06:08.427 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
11:06:08.443 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
11:06:08.459 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292143 MB offset 26830848
11:06:08.474 Disk 0 scanning C:\Windows\system32\drivers
11:06:32.015 Service scanning
11:07:33.229 Modules scanning
11:07:33.229 Disk 0 trace - called modules:
11:07:33.744 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
11:07:33.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057da060]
11:07:34.290 3 CLASSPNP.SYS[fffff88001dbc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046bf050]
11:07:34.290 Scan finished successfully
11:09:10.839 Disk 0 MBR has been saved successfully to "E:\Computer ER\MBR.dat"
11:09:10.854 The log file has been saved successfully to "E:\Computer ER\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   564bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:25 PM

Posted 01 March 2012 - 02:29 PM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===


Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 tangomoon

tangomoon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 01 March 2012 - 04:29 PM

I have McAfee Total Protection and have disabled the real time scanning & firewall, however it still showed enabled. Now I am getting an error message when attempted to run the Security Check (or Internet Explorer):

Illegal operation attempted on a registry key that has been marked for deletion.

Here is the log from ComboFix:


ComboFix 12-03-01.01 - LandonLaptop 03/01/2012 14:26:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4025.2548 [GMT -6:00]
Running from: c:\users\LandonLaptop\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\EEBD\6116.tmp
c:\program files (x86)\LP\EEBD\71D5.tmp
c:\program files (x86)\LP\EEBD\A7D.tmp
c:\program files (x86)\LP\EEBD\A979.tmp
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\LandonLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\LandonLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\LandonLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\Web.config
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\searchplugins\bing-zugo.xml
c:\windows\svchost.exe
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-03-01 20:44 . 2012-03-01 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-01 16:54 . 2012-03-01 16:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-26 00:27 . 2012-02-26 00:27 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-20 01:05 . 2012-02-20 01:05 183808 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\8008.exe
2012-02-20 01:05 . 2012-02-20 01:05 281600 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\22AC.exe
2012-02-19 23:12 . 2012-02-19 23:12 167936 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\7A7C.exe
2012-02-15 02:10 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 02:10 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 02:10 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 02:10 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 02:10 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 02:10 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-11 16:42 . 2012-02-27 20:37 -------- d-----w- c:\users\LandonLaptop\AppData\Roaming\838A6
2012-02-11 16:40 . 2012-02-11 16:40 99328 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Microsoft\EEBD\15A2.tmp
2012-02-11 16:39 . 2012-02-27 20:37 -------- d-----w- c:\users\LandonLaptop\AppData\Roaming\D4B83
2012-02-11 15:59 . 2012-02-18 03:18 -------- d--h--w- c:\program files (x86)\838A6
2012-02-09 04:01 . 2012-02-09 04:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\FE1D.tmp
2012-02-09 04:01 . 2012-02-09 04:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\FDCE.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-31 04:15 . 2011-11-07 11:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2012-01-02 00:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ---ha-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-07-02 23:30 1550336 ---ha-w- c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ---ha-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ec173f7c-6744-441f-be93-c7cc43103ba5}]
2011-03-28 16:22 176936 ---ha-w- c:\program files (x86)\Quizulous_v2b\prxtbQuiz.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
"{ec173f7c-6744-441f-be93-c7cc43103ba5}"= "c:\program files (x86)\Quizulous_v2b\prxtbQuiz.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files (x86)\Dogpile Bundle Toolbar\Toolbar.dll" [2011-07-02 1550336]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ec173f7c-6744-441f-be93-c7cc43103ba5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2010-07-15 5350288]
"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2010-07-15 1662352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2010-08-10 3824056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\LandonLaptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBKstat.exe [2010-4-13 4178744]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SMART Board Tools.lnk - c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2010-7-15 12375952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 01:45]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 01:45]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926181963-2344862289-3389625590-1000Core.job
- c:\users\LandonLaptop\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-26 06:14]
.
2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926181963-2344862289-3389625590-1000UA.job
- c:\users\LandonLaptop\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-26 06:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\LandonLaptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 3816248 ---ha-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 3816248 ---ha-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 3816248 ---ha-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"combofix"="c:\combofix\CF22024.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5738&r=27361209j126l0368z125t58n1w54r
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\LandonLaptop\AppData\Roaming\Mozilla\Firefox\Profiles\zce2zie9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3001725&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110817&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EC173F7C-6744-441F-BE93-C7CC43103BA5} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\SMART Board Software\SMARTBoardService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-03-01 14:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-01 20:56
.
Pre-Run: 146,505,138,176 bytes free
Post-Run: 147,583,455,232 bytes free
.
- - End Of File - - C59EE64B87E5E9418B194A8E89C49AE0

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:25 PM

Posted 02 March 2012 - 08:24 AM

Looking good.

I have one question. Do you use this Babylon toolbar/ service or was it installed without your concent?

BabylonToolbar
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what issues remains with this computer.

#7 tangomoon

tangomoon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 March 2012 - 04:16 PM

Since the Babylon Toolbar wasn't something that I'm using, I uninstalled it.

Things are working MUCH better now, thank you!!!



Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Total Protection
McAfee Security Scan Plus
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 24
Java version out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee Online Backup MOBKbackup.exe
McAfee Online Backup MOBKstat.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:25 PM

Posted 03 March 2012 - 04:51 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 24


===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know of any remaining issues.

#9 tangomoon

tangomoon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 04 March 2012 - 06:42 PM

Excellent, things seem to be running smoothly, and I've done these updates. Thank you SO MUCH for your help!

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:25 PM

Posted 05 March 2012 - 10:18 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#11 tangomoon

tangomoon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 05 March 2012 - 12:15 PM

Ok, this is done.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:25 PM

Posted 12 March 2012 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users